PostRight - Professional Complaint Letters

Privacy Policy

Last updated: 11 March 2026

1. Who We Are

PostRight Ltd (“PostRight”, “we”, “us”, or “our”) is the data controller responsible for your personal data. We operate the PostRight website and letter-posting service at postright.co.uk.

Registered Office:
PostRight Ltd
3rd Floor, 86-90 Paul Street
London, England
EC2A 4NE
Registered in England & Wales.

Contact: info@postright.co.uk

2. What Personal Data We Collect

When you use our service, we collect the following categories of personal data:

  • Identity data: your full name
  • Contact data: your email address and postal address (sender address)
  • Recipient data: the name and postal address of the recipient of your letter
  • Letter content: the text or uploaded document you submit as your letter
  • Payment data: billing details processed by Stripe (we do not store full card numbers)
  • Account data: email address and password hash if you create an account
  • Usage data: IP address, browser type, pages visited, and other diagnostic data collected via cookies and analytics tools
  • Marketing preferences: whether you have opted in to receive emails from us

3. Why We Collect It — Legal Basis

We collect and process your personal data for the following purposes and on the following legal bases under UK GDPR:

  • To fulfil the letter-posting service (contract performance — Article 6(1)(b)): We need your name, sender address, recipient address, and letter content to print and post your letter via our printing partner.
  • To process payment (contract performance — Article 6(1)(b)): We share necessary billing data with Stripe to process your payment securely.
  • To send order confirmation and service emails (contract performance — Article 6(1)(b)): We use your email address to send you order confirmations, dispatch notifications, and support replies.
  • To comply with legal obligations (legal obligation — Article 6(1)(c)): We retain order records for 6 years in accordance with UK tax and legal requirements.
  • To send marketing and re-engagement emails (consent — Article 6(1)(a)): Only where you have explicitly opted in. You may withdraw consent at any time by clicking the unsubscribe link in any email.
  • To improve our service (legitimate interests — Article 6(1)(f)): We use anonymised analytics data to understand how users interact with our website.

4. Who We Share Your Data With

We share your personal data only with the following categories of third-party service providers, and only to the extent necessary to deliver our service:

  • Printing and postal fulfilment — we share your sender name, sender address, recipient name, recipient address, and letter content with our printing and postal partner solely for the purpose of printing and posting your letter.
  • Payment processing — we share billing information with our payment processor to process your payment securely. Our payment processor is PCI-DSS compliant. We do not store your full card details.
  • Transactional email delivery — we share your email address and order details with our email delivery provider to send order confirmations, dispatch notifications, and support replies.
  • Cloud database and authentication — your personal data (order details, account data, drafts) is stored securely with our cloud infrastructure provider, hosted in the EU.
  • AI letter generation — where you use our AI-assisted letter writing feature, your letter content and relevant context may be processed by our AI provider solely for the purpose of generating your letter. We do not permit our AI provider to use your data for training purposes.

We do not sell your personal data to any third party. We do not share your data with third parties for their own marketing purposes.

5. How Long We Retain Your Data

  • Order data (including sender and recipient details and letter content): retained for 6 years from the date of the order, in accordance with UK tax and legal requirements.
  • Incomplete checkout records (pending orders where no payment was completed): retained for 48 hours and then deleted or anonymised.
  • Saved drafts: retained until deleted by you, or until the associated order is completed, at which point the draft is automatically deleted.
  • Account data: retained for the duration of your account. If you request account deletion, your personal data will be anonymised or deleted within 30 days, subject to our legal retention obligations.
  • Marketing opt-in records: retained for the duration of your account and for 6 years after account deletion, in accordance with UK legal requirements.
  • Support tickets: retained for 2 years from the date of resolution.

6. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure (“right to be forgotten”): You have the right to request that we delete your personal data, subject to our legal retention obligations.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to withdraw consent: Where we process your data on the basis of consent (e.g. marketing emails), you have the right to withdraw that consent at any time.

7. How to Exercise Your Rights

To exercise any of your rights, or if you have any questions about how we handle your personal data, please contact us at: info@postright.co.uk

We will respond to all requests within one calendar month. We may need to verify your identity before processing your request.

8. Right to Lodge a Complaint with the ICO

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

9. Security of Your Data

We take the security of your personal data seriously. We use industry-standard measures including SSL/TLS encryption for data in transit, encrypted storage, and access controls to protect your data. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Cookie Policy

Our website uses cookies and similar tracking technologies to improve your experience and analyse site traffic.

What are cookies?

Cookies are small text files placed on your device by a website. They are widely used to make websites work, or work more efficiently, and to provide information to the website owner.

Cookies we use

  • Essential cookies: Required for the website to function correctly (e.g. session management, basket state). These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website (e.g. pages visited, time on site). We use these only with your consent.
  • Preference cookies: Used to remember your choices (e.g. cookie consent preference).

Managing cookies

When you first visit our website, you will be shown a cookie consent banner. You may accept or decline non-essential cookies at that point. You can also manage or delete cookies through your browser settings at any time. Please note that disabling cookies may affect the functionality of our website.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page and updating the “last updated” date at the top. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

PostRight Ltd
3rd Floor, 86-90 Paul Street
London, England
EC2A 4NE
Email: info@postright.co.uk