BlueLetter

Privacy Policy

Effective date: 22 May 2026 · Last updated: 22 May 2026

BlueLetter is a mobile application that scans Dutch government letters and returns a translation, a plain-language summary, and extracted deadlines. This privacy policy explains what data we collect, why we collect it, how we share it, and what rights you have over it under the EU General Data Protection Regulation (GDPR) and the EU AI Act.

This document is written in plain English. If anything is unclear, please contact us at the address below — we'll explain in writing.

1. Who we are

BlueLetter ("we," "us," "our") is operated by Marco Santini, a sole proprietor based in the Netherlands. We are the data controller for the personal data described below.

Contact: privacy@tryblueletter.com

We are not legally required to appoint a Data Protection Officer because our core activities do not involve large-scale systematic monitoring or large-scale processing of special-category data. You can address any privacy question to the contact above and we will respond personally.

2. What data we collect

2.1 Letter photos and extracted content

When you scan a letter inside BlueLetter:

The photos you take of the letter are downscaled on your device and sent to our backend for processing.
Our backend forwards the photos to Anthropic's Claude AI service, which extracts the Dutch text, translates it into your chosen language, summarizes it, and identifies any deadlines.
The extracted text (Dutch original and your translation), the summary, and the deadline metadata are returned to your device and stored locally.

Important — Article 9 GDPR. Letters from Dutch government agencies (IND, UWV, Belastingdienst, DUO, CJIB, Gemeente, KvK) may contain special categories of data, including information about your immigration status, health (e.g. UWV illness allowances), or financial position. By scanning a letter you give us your explicit consent to process this data for the limited purpose of translation, summarization, and deadline extraction. You can withdraw your consent at any time by deleting your data and uninstalling the app.

2.2 Onboarding answers

During onboarding we ask you for the following information, stored only on your device:

The user persona(s) that describe you (e.g., freelancer, student).
Your chosen translation language.
Your answers to two qualifying questions about prior letter handling.
Your selected subscription plan and billing cycle.

2.3 Account information (stub at the time of writing)

We currently offer a stub authentication interface (Apple Sign In and email). In the current version of the app, no real account is created on a backend server. When real authentication is enabled in a future release, we will collect either your Apple-relayed email and identifier (via Sign in with Apple) or the email address you provide.

2.4 Subscription information

If you purchase a subscription through the App Store, the purchase is processed entirely by Apple. We receive a confirmation that your subscription is active and at which tier; we do not receive your payment card details or any billing address. Apple's privacy policy governs that data: apple.com/legal/privacy.

2.5 Technical data

Our backend logs the minimum needed to operate: the timestamp of each scan request, the HTTP status code returned, and (in case of failure) a generic error message. We do not log your photos, IP address, or letter content in our backend logs. Our hosting provider (Vercel) records standard edge metadata.

3. Why we collect this data and the legal basis

Data	Purpose	Legal basis (GDPR)
Letter photos and extracted content	To translate, summarize, and extract deadlines from your letters.	Art. 6(1)(b) (contract performance) + Art. 9(2)(a) (explicit consent for special categories).
Onboarding answers	To personalize the in-app experience.	Art. 6(1)(a) (consent).
Subscription information	To grant access to paid features.	Art. 6(1)(b) (contract).
Technical logs	To debug failures and operate the service.	Art. 6(1)(f) (legitimate interest).

4. Who we share data with

We share data only with the processors strictly necessary to deliver the service. Each is bound by a Data Processing Agreement (DPA) where required.

Processor	Purpose	Country
Anthropic (Claude AI)	Extracts text from your letter photos and produces the translation, summary, and deadlines.	United States
Vercel	Hosts the backend service that forwards requests to Anthropic.	United States (with EU edge locations)
Apple	Distributes the app, handles in-app purchases, and provides push notification and calendar APIs.	Ireland / United States

We do not share data with advertising networks, analytics providers, data brokers, or any other third parties beyond the three listed above.

We do not sell your personal data. We do not allow our service providers to use your letter content to train AI models. Anthropic's commercial API terms (under which we operate) explicitly exclude API inputs and outputs from training data unless the customer opts in — we have not opted in.

5. International transfers

Anthropic and Vercel are based in the United States. When your data is sent to them, it leaves the European Union. Transfers are covered by the Standard Contractual Clauses (SCCs) as adopted by the European Commission, included in each provider's standard Data Processing Agreement.

6. How long we keep data

Data	Where	Retention
Letter photos and extracted content	Your device	Until you delete the letter or uninstall the app.
Letter photos transit	Anthropic / Vercel	Anthropic retains inputs for up to 30 days for trust & safety review, then deletes them. Vercel does not persist them at all.
Onboarding answers	Your device	Until you reset onboarding or uninstall the app.
Subscription information	Apple	Governed by Apple.
Technical logs	Vercel	~30 days, then automatically rotated out.

7. Your rights under GDPR

You have the following rights regarding your personal data. To exercise any of them, contact us at privacy@tryblueletter.com — we will respond within 30 days.

Right of access (Art. 15) — request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data. Note that AI-generated translations and summaries are best-effort; you can correct the urgency of a letter directly in the app.
Right to erasure (Art. 17) — delete a single letter inside the app, or uninstall the app to remove all locally stored data. We do not persist your letter data on our backend.
Right to restriction (Art. 18) — ask us to limit processing in specific circumstances.
Right to portability (Art. 20) — request your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interest.
Right to withdraw consent — withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint — file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. AI-generated content; automated decision-making

BlueLetter uses Anthropic's Claude AI to translate and summarize your letters. AI translations can contain errors, missing nuance, or factual mistakes — especially for complex legal language. For decisions with significant financial or legal consequences, always verify against the original Dutch text and consult a qualified professional.

BlueLetter is a translation and summarization tool. It is not legal advice, tax advice, immigration advice, financial advice, or any other form of professional advice. See sections 6, 8, and 9 of our Terms of Service for the full scope of these limitations.

8.1 GDPR Article 22 — no qualifying automated decisions

BlueLetter does not make automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22 GDPR. The AI generates a translation and summary; you remain the decision-maker for any subsequent action. We do not score, rank, or profile users based on AI output.

8.2 EU AI Act

BlueLetter operates under the EU AI Act (Regulation (EU) 2024/1689). The translation system used is a general-purpose AI model accessed through a commercial API. BlueLetter is not classified as a high-risk AI system under Annex III. We follow the transparency obligations applicable to AI-generated text: every translation and summary is clearly identified as AI-generated inside the app and in any exported document.

9. Security

We protect your data using:

Encryption in transit: all network traffic between your device, our backend, and Anthropic uses TLS 1.2 or higher.
Encryption at rest: data stored on your device is protected by iOS file-level encryption tied to your device passcode. Anthropic and Vercel encrypt data at rest in their infrastructure under their standard security programmes.
Access control: our backend rejects requests without the correct API key. Internal access to our infrastructure is limited to the operator.
Data minimisation: we collect only what we need, downscale images before transmission, and process most data on-device.
No persistent storage on our backend: your letter images are processed in memory by a Vercel serverless function and are not written to our disks or databases.

In the unlikely event of a personal data breach affecting your rights and freedoms, we will notify the Dutch Data Protection Authority within 72 hours of becoming aware of it and, where required, notify you directly.

10. Children

BlueLetter is not directed at children under 17 years of age. We do not knowingly collect personal data from anyone under 17. If we learn that we have inadvertently collected personal data from a person under 17, we will delete that data without undue delay. Parents and guardians who believe their child has used BlueLetter without consent can contact privacy@tryblueletter.com.

11. Cookies and tracking

BlueLetter is a native iOS app and does not use cookies or web tracking technologies. The app contains no advertising and no analytics SDKs.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will note the new effective date at the top of this page, provide at least thirty (30) days' notice via in-app notice or push notification, and where the change broadens the categories of data processed or the purposes of processing, ask you to re-consent inside the app. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions, requests, or complaints: privacy@tryblueletter.com

If you are not satisfied with our response, you may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
https://autoriteitpersoonsgegevens.nl/