Lettr · Legal
Sub-processors
The third-party services Lettr engages to process Customer Personal Data on Lettr's behalf, in connection with the Services. This list is the authoritative current record referenced by the Lettr Data Processing Agreement (DPA), Annex 3 and §6.2.
Last updated: 6 May 2026
Notice of changes
Per DPA §6.3, Lettr provides at least 14 days notice before adding or replacing a sub-processor. Notice is given by updating this list and notifying Customers through the dashboard or by email. Customers may object on reasonable data-protection grounds within the notice period; if the objection cannot be resolved, the affected portion of the Services may be terminated with a refund of any prepaid unused term.
| Sub-processor | Service | Location | Transfer mechanism |
|---|---|---|---|
Supabase, Inc. Privacy policy ↗ | Managed PostgreSQL database, authentication primitives | United Kingdom (eu-west-2) | UK adequacy / SCCs as required |
Stripe Payments UK, Limited Privacy policy ↗ | Subscription billing, payment processing, invoicing | UK / Ireland / United States | UK IDTA + EU SCCs to US |
Resend, Inc. Privacy policy ↗ | Outbound transactional email | United States | UK IDTA |
Vercel, Inc. Privacy policy ↗ | Application hosting, edge cache, build pipeline | United States (multi-region) | UK IDTA |
Anthropic, PBC Privacy policy ↗ | AI-drafted reply suggestions Only when enabled by Customer (paid AI Agent plan). | United States | UK IDTA |
Google LLC Privacy policy ↗ | OAuth-based sign-in Only when used by an Authorised User to sign in. | United States | UK IDTA |
4os Limited (norse3 product line) Privacy policy ↗ | Aurora chat widget hosting and Aegis content moderation Only when bundled with the norse3 chat widget. | United Kingdom | n/a (intra-group) |