Security and Trust

You are uploading sensitive financial documents and tenant data to Lettly. Here is exactly how we keep it safe.

Data stored in

EU (Ireland)

AWS eu-west-1

Encryption

AES-256

At rest and in transit

Data sold to third parties

Never

No advertising, ever

🔐

Encryption everywhere

All data transmitted between your browser and Lettly is encrypted using TLS 1.3. All data stored in our database is encrypted at rest using AES-256. Your documents never travel unencrypted.

🇬🇧

UK GDPR compliant

Lettly is designed from the ground up for UK GDPR compliance. You own your data, you can export it, and you can delete it permanently at any time. We have a full Privacy Policy and respond to data requests within 30 days.

🏦

Bank-grade authentication

Authentication is handled by Clerk, which uses the same security standards as enterprise financial applications. We never store your password. We support multi-factor authentication.

🚫

No advertising. No data selling.

Lettly makes money from subscriptions only. We never sell your data, never share it with advertisers, and never use it for any purpose outside of providing the Lettly service.

🤖

AI processing is transient

When you upload a document for AI extraction, the file is sent to Anthropic for processing and then discarded. Anthropic does not retain your documents or use them for model training under our API agreement.

👤

Row-level security

Every piece of data in Lettly is locked to your account using row-level security in our database. It is technically impossible for another user to access your portfolio data, even if they tried.

Infrastructure providers

We use best-in-class providers trusted by thousands of enterprise companies.

Supabase

Database and storage

AWS eu-west-1, Ireland

SOC 2 Type II

Vercel

Application hosting

Edge network, EU preference

SOC 2 Type II

Clerk

Authentication

EU data centres

SOC 2 Type II

Anthropic

AI document processing

API : data not retained

Enterprise API agreement

Stripe

Payment processing

EU data centres

PCI DSS Level 1

Resend

Email delivery

EU data centres

SOC 2

Responsible disclosure

If you discover a security vulnerability in Lettly, please report it responsibly by emailing security@lettly.co. Do not publish or share the vulnerability until we have had a chance to fix it. We take all security reports seriously and will respond within 48 hours.

Common questions

What happens to my data if I cancel my account?

Your data remains accessible for 30 days after cancellation in case you change your mind. After 30 days, all your personal data is permanently and irreversibly deleted from our systems.

Can Lettly employees see my property data?

Access to production data is strictly limited to essential technical operations only, and only when required to resolve a support issue with your explicit consent. All access is logged.

Are my uploaded documents stored permanently?

No. Documents you upload are processed by our AI and the key data extracted. The raw document files are not stored on our servers after processing.

Is Lettly ICO registered?

Yes. Lettly Ltd is registered with the Information Commissioner's Office (ICO) as a data controller, as required for any UK company processing personal data.

What happens if there is a data breach?

In the unlikely event of a data breach, we will notify affected users and the ICO within 72 hours as required by UK GDPR. We will publish a transparent post-incident report.

Questions about security?

Email us at security@lettly.co. We respond to all security enquiries within 48 hours.