top of page

Professional Letter Writing Service in the UK

Privacy Policy
 

Effective Date: March 2026

LetterLab is committed to protecting your privacy and handling your personal data responsibly, transparently, and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, and what rights you have in relation to it. Please read this policy carefully. By using our website or placing an order with LetterLab, you confirm that you have read and understood how we handle your personal information.

If you have any questions about this policy or how your data is used, please contact us using the details at the bottom of this page.

 

1. Who We Are

LetterLab is a professional UK letter writing service. For the purposes of UK GDPR, LetterLab is the data controller in respect of the personal information you provide when using our website and services.

Registered address: Wessex House, Methuen Close, BH8 8BY Email: info@letterlab.shop Telephone: 07356 275700

 

2. What Personal Data We Collect

We collect personal data in the following ways and categories:

Information you provide directly

  • Your name and email address when you make an enquiry or place an order

  • Your contact details, including telephone number if provided

  • The content, context, and supporting information you share with us for the purpose of writing your letter, which may include sensitive personal details depending on the nature of your request (for example, medical information, legal circumstances, financial details, employment history, or family situations)

  • Any feedback, correspondence, or communications you send to us

Information collected automatically

  • Basic website usage data including your IP address, browser type, device type, and pages visited, collected via cookies and similar tracking technologies

  • Information about how you navigate and interact with our website

Payment information

  • Payment transactions are handled entirely by Stripe, our third-party payment provider. LetterLab does not collect, store, or have access to your full payment card details at any point.

 

3. Special Category Data

Some clients share information with us that falls under the definition of special category data under UK GDPR. This includes details relating to health, medical conditions, criminal proceedings, immigration status, financial hardship, family circumstances, or other sensitive personal matters.

 

This type of information is shared voluntarily by clients as part of their letter brief and is used solely for the purpose of writing their letter. We handle all such information with the highest level of confidentiality and care.

By submitting information of this nature, you give your explicit consent for us to use it solely for the purpose of completing your order. This data is never shared with third parties, never used for marketing purposes, and is subject to the same retention and deletion rules as all other personal data we hold.

4. Lawful Basis for Processing

Under UK GDPR, we are required to identify a lawful basis for processing your personal data. LetterLab relies on the following lawful bases:

 

Contract performance: The majority of the data we collect and use is processed because it is necessary to fulfil the service you have purchased from us. Without this information, we cannot complete your order.

 

Legitimate interests: We process certain data, such as website usage analytics and service improvement data, on the basis of our legitimate interest in understanding how our website is used and improving the quality of our service. We ensure this does not override your rights or interests.

Legal obligation: In limited circumstances, we may be required to process or retain data to comply with a legal or regulatory obligation.

 

Consent: Where we request your permission to use anonymised examples of your letter for portfolio or marketing purposes, we do so only on the basis of your explicit consent. You can withdraw this consent at any time by contacting us.

 

5. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To provide, manage, and deliver our letter writing services in accordance with your order

  • To communicate with you about your order, including sending drafts, responding to revision requests, and answering queries

  • To process your payment securely via Stripe

  • To maintain records of completed orders for legitimate business and legal purposes

  • To improve the quality, functionality, and user experience of our website and services

  • To comply with any legal, regulatory, or tax obligations that apply to us

  • To respond to complaints or disputes

We do not sell, rent, share, or trade your personal information to third parties for commercial purposes under any circumstances.

 

6. Automated Processing and AI-Assisted Tools

LetterLab uses professional writing tools, and some elements of our service may incorporate AI-assisted technology to support drafting, structure, and quality review. The following applies to the use of any such tools:

  • Any AI or automated tool used in the production of your letter is used solely to assist the writing process and is always subject to human review and oversight before delivery.

  • Personal data and letter content submitted by clients is not used to train external AI models.

  • We do not use automated decision-making processes that produce legal or similarly significant effects on clients.

  • Where third-party AI tools are used, we take reasonable steps to ensure those tools operate within appropriate data handling standards. Personal data is not intentionally shared with external AI platforms beyond what is strictly necessary for service delivery.

 

7. Confidentiality of Your Letters and Brief

All information you share with LetterLab for the purpose of your order is treated as strictly confidential.

  • The content of your letter and the details of your brief will never be shared with third parties for any purpose other than completing your order.

  • In exceptional circumstances where we are required to disclose information by law, regulation, or court order, we will do so only to the extent legally required.

  • With your explicit prior permission, we may use an anonymised and unidentifiable version of your letter as an example in our portfolio or marketing materials. We will always ask before doing this and will never identify you in connection with any example used.

 

8. Third Parties We Work With

LetterLab uses a small number of trusted third-party services to operate our website and deliver our service. These are:

Stripe for secure payment processing. Stripe operates under its own Privacy Policy and is fully compliant with UK financial regulations and PCI-DSS standards. LetterLab does not store or have access to your payment card information.

Google Analytics (or equivalent analytics tools) to collect anonymised data about how visitors use our website. This data does not identify you personally and is used only to help us understand and improve website performance.

Email and communication platforms used to correspond with you about your order. These are used in accordance with applicable data protection standards.

Website hosting and platform providers who host our website and store data on our behalf. These providers are required to handle data securely and in compliance with UK GDPR.

We do not authorise any third party to use your personal data for their own purposes. Where third parties process data on our behalf, they do so only under our instruction and in accordance with applicable data protection law.

 

9. Payments

  • All payments are processed securely by Stripe, a third-party payment provider that is fully compliant with UK financial regulations and PCI-DSS (Payment Card Industry Data Security Standard).

  • LetterLab does not store, view, or have access to your full card number, CVV, or any other sensitive payment information.

  • Stripe operates under its own privacy policy, which is available at stripe.com.

 

10. Cookies

Our website uses cookies and similar tracking technologies to improve your experience and help us understand how the site is used.

 

Essential cookies are required for the site to function correctly. These cannot be disabled without affecting core functionality.

Analytics cookies, such as those set by Google Analytics, help us understand how visitors interact with our website. This data is collected in anonymised form and is used only for internal analysis and improvement.

Preference cookies remember your settings and choices during a browsing session.

You can manage, restrict, or delete cookies at any time through your browser settings. Please be aware that disabling certain cookies may affect how the website functions. If we introduce new types of cookies or tracking tools, this policy will be updated accordingly.

 

11. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.

  • Order-related data, including your brief, correspondence, and completed letter, is typically retained for up to 12 months following project completion to allow for any queries, disputes, or follow-up requests.

  • After this period, personal data is securely deleted or anonymised unless we are legally required to retain it for longer.

  • If you would like your data deleted sooner, you can make a request at any time using the contact details below. We will process deletion requests within 30 days, subject to any legal retention obligations.

  • Anonymised data that cannot be linked back to you may be retained for longer for analytical and quality improvement purposes.

 

12. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure, or misuse.

These measures include encrypted data transmission, restricted access to personal information on a need-to-know basis, and secure hosting environments.

While we follow industry best practices, it is important to note that no method of online transmission or storage is entirely secure. LetterLab cannot guarantee absolute security but will always act promptly and in accordance with our legal obligations in the event of a data breach.

 

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, and we will notify affected individuals without undue delay where required.

 

13. Your Rights Under UK GDPR

You have the following rights in relation to the personal data we hold about you:

 

Right of access: You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

 

Right to rectification: You can ask us to correct any personal data that is inaccurate or incomplete.

 

Right to erasure: You can ask us to delete your personal data where there is no longer a legitimate reason for us to hold it. This is sometimes called the right to be forgotten.

 

Right to restrict processing: You can ask us to limit how we use your data in certain circumstances, for example while a complaint is being investigated.

 

Right to data portability: You can request that we provide your personal data in a structured, commonly used, machine-readable format so that it can be transferred to another provider.

Right to object: You can object to the processing of your personal data where we rely on legitimate interests as our lawful basis.

 

Right to withdraw consent: Where processing is based on your consent, you can withdraw that consent at any time without affecting the lawfulness of processing that took place before withdrawal.

To exercise any of these rights, please contact us at info@letterlab.shop. We will respond to all requests within one calendar month. In complex cases, we may extend this by a further two months, in which case we will notify you of the extension and the reason for it.

 

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully. The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.

14. Children's Data

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 18. If you believe a child has submitted personal data to us, please contact us immediately so that we can take appropriate action.

15. International Data Transfers

LetterLab is based in the United Kingdom. In the event that any of our third-party service providers process data outside the UK or European Economic Area, we will ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, such as adequacy decisions or standard contractual clauses.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The effective date at the top of this page will always reflect the most recent version. Where changes are significant, we will take reasonable steps to notify you. Continued use of our website or services following any update constitutes your acceptance of the revised policy.

17. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how your information has been handled, please contact us:

Email: info@letterlab.shop Telephone: 07356 275700 Address: Unit 157185, PO Box 7169, Poole, BH15 9EL

You are not asking for too much

You just need help putting it into words

bottom of page