BlitzLetter

Privacy Policy

Last updated: April 2026 · UK GDPR compliant

What we collect

  • Account data: your email address and encrypted password, stored by Supabase Auth.
  • Plan and billing data: your subscription plan and Stripe customer ID. We never see or store card numbers — Stripe handles all payment data.
  • Generated letters: on Pro and Pro+ plans, the text of letters you generate is stored so you can access your history. Free users' letters are not stored.
  • Usage data: a count of letters generated this month, used only to enforce plan limits.

What we do NOT store

  • Your CV text — sent to Anthropic's Claude API for generation only. Not persisted after the request completes.
  • Job descriptions — same as above.
  • Your Q&A answers — used for voice extraction during the request only. Not stored.

Third parties we use

  • Anthropic: receives your CV and JD text to generate the letter. Their privacy policy applies to this data.
  • Supabase: stores your account and letter data. Infrastructure hosted in the EU.
  • Stripe: handles all payments. We pass your email to create a customer. Stripe stores card details — we never see them.
  • Resend: sends transactional emails (verification, receipts). Your email address only.

We do not sell your data. We do not use it for advertising.

Your rights under UK GDPR

As a UK-based service, we comply with UK GDPR. You have the right to:

  • Access all personal data we hold about you
  • Request deletion of your account and all associated data
  • Restrict or object to processing of your data
  • Data portability — export your letter history
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any right, use the “Delete my account” option in your account settings, or email privacy@blitzletter.com. We will respond within 30 days.

Data retention

Account data is retained while your account is active. Saved letters are retained until you delete them or your account. All data is permanently deleted within 30 days of account deletion.

Cookies

We use session cookies managed by Supabase Auth to keep you signed in. We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

ICO registration

BlitzLetter is registered with the Information Commissioner's Office (ICO) as required for UK organisations that process personal data commercially. For complaints: ico.org.uk.

Contact

Privacy questions: privacy@blitzletter.com