1. Introduction

LetsText (“we,” “us,” “our,” or the “Company”) operates the LetsText platform (the “Platform,” “Service”), a software-as-a-service application that enables digital content creators to manage fan conversations, sell pay-per-view digital content, and process payments through iMessage.

This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use our Platform, visit our website, or otherwise interact with us. This Privacy Policy applies to all users of the Platform, including Creators, team members (Typers, Managers, Admins), and Fans/Buyers.

By using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Full name, email address, password (encrypted), profile photo/avatar, role and permissions.

Creator Profile Information: Creator/display name, username/handle, bio/description, WhatsApp number, social media links, subscription pricing, watermark preferences, avatar/profile images.

Content and Media: Photos, videos, and other digital media uploaded to the vault, content metadata, PPV pricing information, message templates.

Communication Data: Messages sent and received through the Platform (via LetsText API), message content, timestamps, read receipts, delivery status, fan phone numbers, conversation notes and tags, mass text messages.

Payment Information: Transaction amounts and currency, payment descriptions, transaction status and history, checkout URLs. We do NOT directly collect or store credit card numbers, bank account details, or other sensitive financial information — this is handled entirely by our private, PCI-compliant payment processor.

2.2 Information Collected Automatically

Usage and Analytics Data: Pages visited and features used, click patterns, time spent on the Platform, search queries, feature usage frequency.

Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language/locale settings, time zone.

Log Data: Server access logs, error logs, API request logs, authentication events, activity logs.

2.3 Information from Third Parties

We may receive information from: our private, PCI-compliant payment processor (payment processing), a third-party service provider that manages real iPhone devices for iMessage delivery (messaging infrastructure), and traffic sources (referring social platforms). LetsText does not directly manage or operate the iPhone devices used for iMessage delivery; this infrastructure is entirely managed by a third-party provider.

3. How We Use Your Information

• Providing and operating the Platform (account management, messaging, content delivery, team management)
• Payment processing (transactions, refunds, revenue reports, fraud detection)
• Analytics and reporting (revenue dashboards, team performance, traffic source analysis)
• Communication (notifications, billing alerts, service announcements, marketing with consent)
• Safety, security, and compliance (fraud detection, Terms enforcement, content moderation, audit logs)
• Platform improvement and development

4. How We Share Your Information

We do not sell your personal information to third parties. We share information with:

• Service Providers: a third-party iMessage service provider (messaging infrastructure), our private, PCI-compliant payment processor (payments), hosting/database providers
• Creator-Fan Sharing: Creators and team members can see fan phone numbers, messages, purchase history. Fans can see creator display names and messages.
• Within Your Organization: Based on role-based access (Super Admin, Admin, Manager, Typer)
• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In case of merger, acquisition, or sale of assets

5. Data Retention

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Secure password hashing using industry-standard algorithms
• Secure, time-limited authentication tokens
• Role-based access control (RBAC) to limit data access to authorized personnel
• Authenticated API access and webhook verification
• Strict input validation and sanitization at all system boundaries
• Security headers to protect against common web vulnerabilities
• Cross-origin request restrictions to authorized domains only

Payment card data is processed exclusively by our PCI DSS-compliant third-party payment processor. LetsText does not store, process, or transmit payment card data on its own systems.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

• Access & Portability: Access your personal information, request portable copies (JSON/CSV)
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Restriction & Objection: Object to processing, opt out of marketing
• Withdrawal of Consent: Withdraw consent at any time

8. Cookies and Tracking

We use strictly necessary cookies (session, authentication, security), functional cookies (preferences), and analytics cookies (usage, performance). You can manage cookies through your browser settings.

9. U.S. State Privacy Rights (CCPA/CPRA)

California residents have additional rights: Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing (we do not sell personal information), Right to Limit Use of Sensitive Information, and Right to Non-Discrimination.

10. European Economic Area (GDPR)

If located in the EEA or UK, GDPR applies. Legal bases include: performance of contract, legitimate interest, legal obligation, and consent. You have rights to lodge complaints, object to processing, restrict processing, and data portability.

11. Children's Privacy (COPPA Compliance)

The Platform is intended exclusively for users who are at least 18 years of age. In compliance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13, or under 18 given the adult nature of the Platform. If we learn that we have collected personal information from a minor, we will take immediate steps to delete such information. If you believe a minor has provided us with personal information, please contact us at admin@letstext.app.

12. Data Breach Notification

In the event of a data breach that affects your personal information, LetsText will:

• Notify affected users within 72 hours of becoming aware of the breach, as required by GDPR Article 33
• Notify the relevant supervisory authority (for EEA/UK users) within 72 hours where feasible
• Provide a clear description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach
• Notify the California Attorney General if more than 500 California residents are affected, in compliance with CCPA
• Document all breaches in an internal breach register, regardless of whether notification to individuals is required
• Provide affected users with guidance on steps they can take to protect themselves

13. Federal and State Legal Compliance

LetsText is committed to compliance with applicable federal and state laws governing data privacy and electronic communications, including but not limited to:

• Electronic Communications Privacy Act (ECPA) / Stored Communications Act (18 U.S.C. §§ 2510–2523, 2701–2712): We protect the privacy of stored electronic communications and will not disclose the contents of user communications to third parties except as required by law, valid court order, or with the user’s consent.
• CAN-SPAM Act (15 U.S.C. § 7701 et seq.): All commercial electronic messages sent by or through the Platform comply with CAN-SPAM requirements, including accurate header information, clear identification as advertising where applicable, and a functioning opt-out mechanism.
• COPPA (15 U.S.C. §§ 6501–6506): The Platform is strictly for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 13, or under the age of 18 given the nature of our Platform.
• FTC Act Section 5 (15 U.S.C. § 45): We are committed to fair and transparent data practices and do not engage in unfair or deceptive acts in connection with the collection, use, or disclosure of personal information.
• PCI DSS Compliance: Payment card data is handled exclusively by our PCI DSS-compliant third-party payment processor. LetsText does not store, process, or have access to payment card numbers.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

15. Contact Us

For questions about this Privacy Policy, to exercise your privacy rights, or to submit a data request, contact our privacy team at: admin@letstext.app

We will respond to verifiable requests within 45 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.