1. Scope of Processing
This Data Processing Agreement ("DPA") governs the processing of personal data by Letterly ("Processor") in connection with the provision of the Letterly voice note application ("Services").
Subject matter: Recording, transcription, and text processing of user voice notes.
Duration: For the duration of the User's use of the Services.
Categories of data subjects: Users of the Letterly application.
Categories of personal data: Account data (name, email); voice recordings; transcribed text; technical metadata (IP address, device type, OS, language).
Purpose: Provision of the Services as described above.
2. Processor Obligations
2.1. The Processor shall process personal data only on documented instructions from the User, unless required by applicable law.
2.2. The Processor shall ensure that all persons authorized to process personal data are bound by appropriate confidentiality obligations.
2.3. The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, and regular security testing.
2.4. The Processor shall assist the User in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) by appropriate technical and organizational measures.
2.5. The Processor shall assist the User in ensuring compliance with obligations relating to security of processing, breach notification, and data protection impact assessments, taking into account the nature of processing and information available to the Processor.
2.6. The Processor shall notify the User without undue delay after becoming aware of a personal data breach.
2.7. Users may delete their voice recordings and transcriptions at any time through the application. Upon termination of the Services, the Processor shall delete all personal data unless retention is required by applicable law.
2.8. The Processor shall make available to the User all information necessary to demonstrate compliance with this DPA and allow for audits upon reasonable prior notice.
3. Sub-Processors
3.1. The User provides general authorization for the Processor (Letterly, operated by Anton Lebedev, Autónomo registered in Spain, contact: hi@letterly.app) to engage the sub-processors listed below. The Processor shall impose data protection obligations no less protective than this DPA on each sub-processor and remain liable for their performance.
3.2. The Processor shall notify the User of changes to sub-processors via the Letterly website or application. The User may object within 14 days on reasonable data protection grounds.
| Sub-processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Microsoft Azure | Transcription; text processing | Audio; text | EU |
| ElevenLabs | Transcription and voice processing | Audio | US / EU |
| Google LLC (Gemini) | AI text processing | Text | US / EU |
| Google Cloud Platform | Cloud infrastructure | All categories | EU |
| Stripe | Payment processing | Account data; subscription data | US / EU |
| Adapty | Subscription management | Account data; subscription data | US / EU |
| Amplitude | Product analytics | Account and usage data | US / EU |
| Apple Inc. (App Store) | App distribution; in-app purchases | Transaction data | US |
| Google LLC (Google Play) | App distribution; in-app purchases | Transaction data | US |
4. International Transfers
Where personal data is transferred outside the EEA, the Processor shall ensure appropriate safeguards are in place, including Standard Contractual Clauses or an adequacy decision by the European Commission.
Last updated: March 24, 2026