Skip to main content

Privacy Policy

Last updated: May 7, 2026

TL;DR

  • We process your letters using Mistral AI, a French company. Inference happens in EU data centres.
  • Before your letter reaches the AI, we automatically redact personal identifiers (PESEL, NIP, IBAN, German Steuer-ID, email, phone, postal codes, etc.). The AI sees placeholders, not the originals.
  • For images, we use Mistral's dedicated OCR endpoint to extract text. The extracted text is then redacted before any reasoning model sees it. Pixels stay within Mistral and are not used for training.
  • We do not store the original files. We hold the AI's explanation in our database, with the PII-bearing fields encrypted at rest (AES-256-GCM).
  • Mistral does not train on your data — this is contractually guaranteed under our paid plan.
  • Standard GDPR rights apply: access, correction, deletion, export, objection, restriction.

Who is the data controller

For the purposes of the EU General Data Protection Regulation (GDPR), the controller of your personal data is:

Halfmage — Gerrit Halfmann

Barbary Kostrzewskiej 39

Wrocław, Poland

Email: halfmage@gmail.com

What we collect

Account data

  • Email address (for sign-in and account management)
  • Name (if provided by your sign-in provider)
  • Authentication tokens and session cookies
  • Credit balance and purchase history

Letter / document data

  • The text content of letters you submit (pasted text, extracted PDF text, or text recognized from uploaded images)
  • The AI-generated title, summary, detailed summary, and action items for each analysis (encrypted at rest — see below)
  • Document metadata: filename, type (PDF / text / image), file size, and timestamps
  • We do not retain the original uploaded file. PDFs and images are processed in memory and discarded.

Usage data

  • Pages visited and basic navigation events
  • Approximate location (derived from IP address)
  • Browser type, operating system, and device type
  • Aggregate counts of features used and credits spent

How we use it

  • Provide the service: process your letters and return explanations
  • Account management: authenticate you, track your credit balance, send transactional emails (sign-in links, receipts)
  • Improve the service:aggregate usage analytics (we don't use letter content for this)
  • Legal compliance: respond to lawful requests, prevent fraud and abuse, enforce our Terms

We do not sell your data, share it with advertisers, or use letter content for product improvement or training.

How AI processing works

ExplainMyLetter uses Mistral AI, a French AI company, to generate the explanations of your letters. Mistral runs its inference in EU data centres.

Pipeline for a single letter

  1. You submit a letter as text, PDF, or image upload to our server.
  2. Text extraction:PDFs are parsed locally on our server — raw PDF bytes are not forwarded externally. Images are sent to Mistral's dedicated OCR endpoint (a separate, purpose-built service) to extract text.
  3. PII redaction runs on the extracted text — see the next section for details.
  4. The redacted text is sent to Mistral over an encrypted (TLS) connection. Mistral returns a structured explanation.
  5. Our server restores the original PII into the user-facing output (e.g. so the displayed action items contain your real phone number, not a placeholder). The AI itself never saw the originals.
  6. The AI's output (title, summary, detailed summary, action items) is encrypted and saved to your account history. The original file is discarded.

Mistral does not train on your data

We use Mistral on a paid (Scale) plan whose terms of service state that API requests are not used to train Mistral's models. See the Mistral Terms of Service and Mistral Privacy Policy.

Image-only PDFs and low-quality scans

If Mistral's OCR cannot extract usable text (handwritten content, extremely low-quality image, etc.), the system falls back to Mistral's vision model (Pixtral) for holistic analysis. This fallback is rare. The no-training contract applies in both cases.

Important: AI output is not professional advice

ExplainMyLetter is an informational tool. AI-generated explanations may contain errors. They are not legal, tax, financial, or medical advice. Always verify critical details (deadlines, amounts) against your original letter, and consult a qualified professional for important matters.

PII redaction

Before any letter content reaches an external AI provider, our server runs an automated redaction step. The following identifiers are detected and replaced with placeholder tokens (e.g. [PESEL_1], [IBAN_1]):

  • Polish PESEL numbers (with checksum validation)
  • Polish NIP and REGON tax identifiers
  • German Steuer-ID / Identifikationsnummer
  • IBANs (any country, mod-97 validated)
  • Email addresses
  • International phone numbers
  • Polish and German postal codes
  • Credit card numbers (Luhn-validated)
  • IP addresses

The Mistral model only ever sees the redacted version. After inference, our server swaps the original values back so that you see your real phone, email, IBAN, etc. in the explanation. The placeholder/value mapping is held in memory for the duration of one request and never written to disk or the database.

Limitations: redaction is regex-based and pattern- anchored. It does not detect free-form names, street addresses, or other unstructured personal data. We list everything we redact above; treat it as best-effort, not a guarantee.

Encryption at rest

The PII-bearing fields of an explanation — title, summary, detailed summary, and action items — are encrypted at rest in our database using AES-256-GCM. The master key lives in our application environment, separate from the database itself.

All connections between your browser and our service use TLS. Our connection to Mistral is also TLS-encrypted.

EU data residency

  • AI inference: Mistral AI, France (EU)
  • Database & application hosting: Vercel, EU regions when configured (production deployments are EU-hosted)
  • Email delivery: Resend, used for sign-in links and transactional emails
  • Payment processing: Polar, who acts as Merchant of Record and handles VAT for EU customers
  • Analytics: Simple Analytics, EU-hosted, no cookies, no personal profiles

Storage and retention

  • Original files: not retained. Files are processed in memory and discarded.
  • Explanations: retained in your account history until you delete them or close your account.
  • Account data: retained while your account is active; deleted within 30 days of account closure (with exceptions for legal records like invoices, which we retain for the period required by Polish/EU tax law).
  • Backups: encrypted, retained for up to 30 days for disaster recovery.

You can delete any individual explanation at any time from your History page. You can request full account deletion by emailing us.

Cookies and analytics

We use a small set of cookies that are strictly necessary to operate the service:

  • Authentication / session cookies (so you stay signed in)
  • Theme preference (light/dark mode)

For aggregate usage analytics we use Simple Analytics, which is cookie-free and does not collect personal data or build user profiles.

Your rights (GDPR)

If you are in the EU, EEA, UK, or Switzerland you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure ("right to be forgotten"): request deletion of your account and associated data
  • Portability: request your data in a portable, machine-readable format
  • Objection: object to certain types of processing
  • Restriction: ask us to limit how we process your data in certain circumstances
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time
  • Complain: you have the right to lodge a complaint with your supervisory authority. In Poland this is the UODO.

To exercise any of these rights, email us at halfmage@gmail.com. We will respond within 30 days.

Third-party services

We use the following processors. Each operates under a Data Processing Agreement (DPA) where applicable:

  • Mistral AI (France) — AI inference for letter explanation. Privacy policy
  • Polar — payment processing and Merchant of Record for EU sales. Privacy policy
  • Resend — transactional email (sign-in links). Privacy policy
  • Vercel — application hosting and database. Privacy policy
  • Simple Analytics — privacy-friendly aggregate analytics (no cookies, no personal profiles). Privacy policy

What not to upload

Although we redact common personal identifiers and use a paid AI tier with no training, no AI service is appropriate for the most sensitive material. Please do not upload:

  • Passwords, PINs, recovery phrases, or security credentials
  • Detailed medical records or psychotherapy notes
  • Documents under strict confidentiality / NDA where third-party processing is forbidden
  • Trade secrets or classified material
  • Documents you do not have the right to share

By submitting a letter you confirm you have the right to share its content with our processors as described in this policy.

Changes to this policy

We may update this Privacy Policy when we add new features, change providers, or to reflect changes in law. When we do:

  • We update the "Last updated" date at the top
  • For material changes we notify active users by email or a prominent notice on the site
  • Continued use of the service after a change constitutes acceptance of the updated policy

Contact

For privacy questions, data requests, or to lodge a complaint:

Controller:

Halfmage — Gerrit Halfmann

Address:

Barbary Kostrzewskiej 39, Wrocław, Poland

Email:

halfmage@gmail.com

Response time:

Within 48 hours for support, within 30 days for formal data requests