Legal Information
Contents
Information according to § 5 TMG and § 55 Abs. 2 RStV.
Dispute resolution: We are not obligated to participate in dispute resolution proceedings before a consumer arbitration board.
This Privacy Policy explains how personal data is collected, used, and protected when using the LAITTER mobile application ("the App"). LAITTER is an application that allows users to scan postal documents and generate simplified summaries, to-do lists, and translations using artificial intelligence — designed to help neurodivergent users and non-native speakers manage their mail.
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law.
The controller responsible for the processing of your personal data is:
When you create an account or sign in, we may process:
Authentication is handled by:
Passwords are managed entirely by the authentication provider and are never stored or seen by LAITTER.
When you scan a document, the following data may be processed and stored:
This data is stored on our server, encrypted at rest, and is linked to your user account.
Your chosen translation language and theme preference are stored locally on your device using the browser's local storage. This data does not leave your device.
The following information may be collected automatically to maintain service quality:
| Legal Basis | Processing Activity |
|---|---|
| Art. 6(1)(b) GDPR Contract performance |
All processing necessary to provide the services you requested — authentication, document scanning, AI processing, storage. |
| Art. 6(1)(f) GDPR Legitimate interests |
Processing diagnostic and technical data to maintain service stability, security, and fraud prevention. |
| Art. 6(1)(b) GDPR Contract performance |
Processing subscription and purchase data to fulfil paid plan entitlements. |
To generate document summaries, to-do lists, and translations, extracted document text is transmitted to OpenAI, L.L.C. ("ChatGPT/GPT-4o") via their API. OpenAI processes this text solely to return the requested AI output. The data is not used to train OpenAI's models under our API agreement.
OpenAI is located in the United States. Transfers are covered by Standard Contractual Clauses (SCCs) under Art. 46 GDPR.
LAITTER requests access to your device's camera and photo library solely to enable the document scanning feature:
Camera and photo access is requested only when you actively initiate a scan. Images are processed on-device for text extraction (OCR) and then transmitted to our server for AI processing. You can revoke these permissions at any time in iOS Settings → LAITTER.
LAITTER offers optional paid subscription plans (Monthly Pro, Annual Pro) which unlock higher scan limits.
All payments are processed by Apple through the App Store. LAITTER does not receive or store your payment card details. Subscription status and entitlements are managed by RevenueCat, Inc., which receives anonymised purchase receipts from Apple.
Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current subscription period. Payment is charged to your Apple ID account. You can manage and cancel subscriptions in iOS Settings → Apple ID → Subscriptions.
To enforce plan limits, we store a counter of how many documents you have scanned in the current calendar month. This counter resets on the first of each month and is linked to your user account on our server.
If a free trial is offered, it begins immediately on confirmation. Previous purchases can be restored at any time from the Settings tab using the "Restore Purchases" button.
Our backend API and database run on a dedicated server located in Germany, operated by Hetzner Online GmbH. Communication between the app and server is encrypted in transit using TLS 1.2/1.3 (HTTPS).
All document content stored on the server — including images, extracted text, and summaries — is encrypted at rest using AES-128 symmetric encryption (Fernet/cryptography library).
Firebase Authentication is operated by Google LLC and processes your authentication credentials. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, or misuse.
We do not sell, trade, or rent your personal data. Data is shared only with the following processors, strictly to operate the service:
| Provider | Purpose |
|---|---|
| Google LLC Firebase |
User authentication (email/password, Sign in with Apple, Google Sign-In). Located in the USA; transfers covered by SCCs. |
| OpenAI, L.L.C. ChatGPT / GPT-4o API |
AI processing of scanned document text to generate summaries, to-do lists, and translations. Located in the USA; transfers covered by SCCs. |
| RevenueCat, Inc. | Subscription management — receives anonymised purchase receipts from Apple to determine your plan status. Located in the USA; transfers covered by SCCs. |
| Apple Inc. | App distribution, in-app purchase processing (App Store), and push notification delivery. Located in the USA. |
| Hetzner Online GmbH | Hosting and infrastructure for the backend server. Located in Germany (EU). |
We do not share your data with advertisers, analytics platforms, or any other third parties beyond those listed above.
Some of our service providers (Google/Firebase, OpenAI, RevenueCat, Apple) are located in the United States, which is outside the European Economic Area (EEA). Transfers to these providers are carried out under appropriate safeguards pursuant to Art. 46 GDPR, specifically the EU Standard Contractual Clauses (SCCs) approved by the European Commission. You can request a copy of these clauses by contacting us at contact@laitter.app.
Personal data is stored only as long as necessary to provide the service or fulfil legal obligations:
You can delete your account and all associated data at any time from Settings → Delete Account within the app. Upon deletion, all documents, summaries, and your user record are immediately and permanently removed from our server. Your Firebase authentication account is also deleted simultaneously.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at contact@laitter.app. We will respond within 30 days.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Berlin is:
LAITTER is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe that a child has provided us with personal data, please contact us at contact@laitter.app and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in the app or applicable law. We will notify you of significant changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.
For any questions regarding this Privacy Policy, data protection, or to exercise your rights: