Privacy Policy

Letters From Rosy is a subscription service that delivers monthly, personally written letters by postal mail. We are operated by RIO Media Group, LLC, doing business as Letters From Rosy (“we,” “us,” or “our”). You can reach us at hello@lettersfromrosy.com.

This Privacy Policy explains what personal information we collect, how we use it, and your rights with respect to it. By using our website or subscribing to our service, you agree to the practices described here.

• To deliver your letters. Your name and mailing address are used to address and send your physical letter each month.
• To personalize your letters. Your quiz answers, messages to Rosy, and accumulated “subscriber memory” are used to make each letter feel written specifically for you.
• To manage your subscription. Your email and Stripe customer ID are used to send receipts, manage billing, and communicate changes to your plan.
• To send transactional emails. We send emails for events like: your letter is on its way, magic sign-in links, and subscription status updates. We do not send unsolicited marketing email.
• To power your reading and sharing features. Saved highlights are used to populate your dashboard and create shareable quote links when you choose to share a line from a letter.
• To improve the service. Aggregated, anonymized usage data helps us understand how the service is used.

The central experience of Letters From Rosy is that each letter feels personally written for you. To deliver this, we use the information you share — your quiz answers, your messages to Rosy, and patterns we observe in your responses over time — to generate personalized letter content.

This content generation is assisted by artificial intelligence, specifically the OpenAI API. Relevant portions of your subscriber profile and messages may be transmitted to OpenAI to generate your letter. OpenAI processes this data as a service provider on our behalf. We do not use your data to train AI models, and OpenAI’s API terms prohibit them from using API inputs for model training without consent.

The “subscriber memory” we build from your messages — summaries of themes, feelings, and life moments you have shared — is stored in our database and used exclusively to make your letters more meaningful over time. You may request deletion of this memory at any time (see Section 8).

We do not sell your personal information. We share it only with the following service providers who help us operate:

• Stripe — payment processing and subscription management ( stripe.com/privacy)
• Supabase — database and authentication hosting ( supabase.com/privacy)
• OpenAI — AI-assisted letter content generation ( openai.com/policies/privacy-policy)
• Resend — transactional email delivery ( resend.com/privacy)
• Vercel — website hosting ( vercel.com/legal/privacy-policy)

We may disclose your information if required by law or to protect our rights, property, or the safety of our users.

Your mailing address is used solely to send your monthly letter. We do not share your address with third-party marketers. If we use a print-on-demand or fulfillment partner to produce and mail your letter, your name and address will be shared with that partner for the sole purpose of delivery.

We retain your account information and subscriber memory for as long as your subscription is active, and for up to 12 months after cancellation in case you choose to return. Payment records may be retained longer as required by law.

Browser localStorage data for reading-state preferences is stored on your device and persists until you clear your browser data. Saved letter highlights stored in your account remain available until you delete them or request account deletion.

Depending on where you live, you may have the following rights regarding your personal information. To exercise any of these, email us at hello@lettersfromrosy.com with the subject line “Privacy Request.”

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to correct inaccurate information.
• Deletion. Request deletion of your account and all associated data, including subscriber memory. Note: deleting your account cancels your subscription and does not entitle you to a refund.
• Portability. Receive a machine-readable copy of your data.
• Objection. Object to certain processing, including the use of your messages for letter personalization. (Note: opting out of personalization significantly reduces the core value of the service.)

California residents have additional rights under the CCPA, including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

Canadian residents have rights under PIPEDA, including the right to access and correct personal information held about them.

Letters From Rosy is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at hello@lettersfromrosy.com and we will delete it promptly.

We use industry-standard measures to protect your information, including encrypted connections (HTTPS), access-controlled databases, and row-level security policies. No method of transmission or storage is 100% secure. We will notify you promptly if a breach occurs that affects your personal data.

We may update this Privacy Policy from time to time. When we do, we will post the updated policy at https://lettersfromrosy.com/privacy and update the effective date above. Material changes will be communicated by email before they take effect.

Questions about this policy or your data? Write to us at hello@lettersfromrosy.com. We aim to respond within 5 business days.