Legal

Privacy Policy

Last updated: March 1, 2025  ·  Effective: March 1, 2025

Individual Entrepreneur Heorhi Paulau ("Letrica," "we," "us," or "our") operates the website letrica.io (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Information you provide directly:

  • Email address — collected at checkout to deliver your Report and send order-related communications.
  • Instagram handle — the public username you submit for analysis.
  • Payment information — processed entirely by our third-party payment provider. We never receive or store your full card details.

Information collected automatically:

  • Usage data — anonymized page views, session events, and navigation patterns collected via PostHog Analytics.
  • Session identifiers — a temporary, anonymous session token stored in a browser cookie to associate your order with your browser session. It does not identify you personally.
  • IP address and browser headers — collected by our server infrastructure for security and abuse prevention; not linked to your identity.

Instagram profile data:

  • We retrieve publicly available information from the Instagram profile you submit (e.g., bio, post metadata, follower counts). We do not access private accounts, passwords, or any data beyond what is publicly visible.

2. How We Use Your Information

We use the information we collect to:

  • Generate and deliver your personalized Instagram Audit Report.
  • Process and confirm your payment.
  • Send you transactional emails (order confirmation, report delivery).
  • Improve the reliability and quality of the Service.
  • Detect and prevent fraud, abuse, or violations of our Terms of Service.
  • Comply with legal obligations.

We do not sell your email address to third parties. We do not use your data for behavioral advertising or build marketing profiles based on your activity.

3. Legal Bases for Processing (US Residents)

We process your information based on the following legal grounds:

  • Contract performance — processing your order and delivering the Report you purchased.
  • Legitimate interests — preventing fraud, improving service quality, and maintaining service security.
  • Legal compliance — meeting our obligations under applicable law.

4. Data Sharing and Third Parties

We share your data only as necessary to operate the Service:

  • Payment processors and resellers — third-party services that act as payment providers and Merchants of Record. They receive your email and payment details to process transactions. Their own terms and privacy policies apply to data they collect, and will be presented to you at checkout.
  • PostHog Analytics — product analytics platform for understanding how users interact with our service. See PostHog's privacy policy for details.
  • Hosting and infrastructure providers — cloud services used to run and store the Service (e.g., Vercel, cloud database providers). These providers are bound by data processing agreements.
  • AI model providers — anonymized profile data may be sent to an AI service to generate report insights. No personally identifiable information is included in these requests.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Retention

We retain your email address and order information for up to 2 years to support customer service requests and legal compliance. Your generated Report is stored and accessible via the Service for up to 90 days from the date of creation.

Instagram profile data retrieved for analysis is used solely to generate your Report and is not retained beyond that purpose.

You may request deletion of your data at any time by contacting us (see Section 8).

6. Cookies and Tracking

We use a single, strictly necessary session cookie to maintain your order state during checkout. This cookie is temporary, contains no personal information, and is deleted when you close your browser.

We do not use advertising cookies or third-party behavioral analytics. PostHog may use cookies for session and usage analytics.

7. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know — the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at privacy@letrica.io. We will respond within 45 days as required by law.

8. Your Rights and Choices

Regardless of your location, you may:

  • Request access to the personal data we hold about you.
  • Request correction or deletion of your personal data.
  • Opt out of receiving transactional emails (note: this may affect your ability to receive your Report).

To submit a request, email us at privacy@letrica.io with the subject line "Privacy Request." We may need to verify your identity before processing your request.

9. Children's Privacy

The Service is not directed to individuals under the age of 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly. If you believe a child has submitted data, contact us at privacy@letrica.io.

10. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), access controls, and secure data storage practices.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the US, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: