How Secure Is My Data at AutoLetter?

Data security and data protection are top priorities at AutoLetter. Here you will learn what measures we take to protect your data and your customers' data.

GDPR Compliance

AutoLetter is fully GDPR compliant. During registration, you agree to the privacy policy, which describes exactly what data is collected and how it is processed.

Consent and Transparency

• Registration: GDPR consent is obtained when creating an account.
• Data processing: Only the data necessary for letter delivery is processed (recipient addresses, order data for personalization).
• Data processing agreements: Data processing agreements are in place for collaboration with third-party providers (e.g., DHL for delivery).

Payment Data at Stripe

AutoLetter does not store payment data such as credit card numbers or bank details. All payment information is managed exclusively by Stripe -- one of the world's leading payment service providers with PCI DSS Level 1 certification.

This means:

• Your credit card data is transmitted directly to Stripe and stored there in encrypted form.
• AutoLetter has no access to complete payment data.
• Billing runs entirely through the Stripe infrastructure.

QR Code Tracking

When you use QR codes in your letters, tracking is anonymized:

• No device information of the scanning person is captured.
• No location of the scanning device is stored.
• Only the fact that a QR code was scanned and when is recorded -- not by whom or where.

This gives you valuable campaign insights without intruding on recipients' privacy.

Data Separation Between Workspaces

AutoLetter operates with a workspace model. Each workspace is strictly separated from others:

• Customer data of one workspace is not visible to other workspaces.
• Templates, campaigns, and integrations are workspace-specific.
• Users only see the data of the workspace they have been invited to.

This separation ensures that when using multiple clients or teams, no data is mixed or accessed without authorization.

Summary