Updated over a week ago

Privacy and Security

We take your privacy and data security very seriously.

Here is a brief on our Data Security and GDPR measures, as well as a link to our Privacy Policy. For any specific questions you might have, get in touch with us.

Data Security

Our encrypted database uses a hardened key management systems including strict key access controls and auditing. Each record uses 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Communication with our platform or API uses Transport Layer Security to encrypt in transit.

All data is stored and processed in the United States in a Google Cloud data centre. If you have any data requirements or concerns, please contact us.


Our system requires some key details in order to personalize and send a letter to your recipients. We take GDPR and privacy seriously and the only place your contact details will be is on your secure account.

  • How long do you keep my data?
  • We keep your customer data to provide you with a report of your past campaigns and allow you to track the status of an ongoing campaign. If you would rather have your data removed from our servers, please email contact@scribeless.co.

  • Can you delete my data?
  • Scribeless follow the guidance under GDPR such that we keep personal data for no longer than is necessary for the purposes for which it was processed.
  • Recipient data (names and addresses) are held until a campaign or recipient is deleted. This allows you to keep track of who you have sent letters to and when.
  • If either your recipient wishes for us to delete all data on them, or you would like us to remove all of your information, please email contact@scribeless.co.

  • Will you ever sell my data to third parties?
  • Scribeless is committed to protecting all data that we store including customer data that you provide, your account information and all the data collected in relation to your use of our website or platform. We will never share your data without your explicit consent.

  • I think my account has been hacked. What do I do now?
  • If you think your account has been hacked or taken over, there are actions you can take to secure your Scribeless account.

  • Check your email account for a message from Scribeless
  • If you received an email from Scribeless letting you know that your email address was changed, you may be able to undo this by using the revert this change option in that message. If additional information was also changed (example: your password), and you are unable to change back your email address, please report the account to us as soon as possible.

Report the account to our Support Team

To report a hacked account on Scribeless you need to:

  1. Contact our support team
  2. Provide your email address, billing address, and full name.
  3. Be ready to answer a couple of security questions to validate you are the account holder
  4. Change your password after we send you a reset link.

Security tips

Here are some things you can do to help keep your account safe:

  • Pick a strong password. Use a combination of at least six characters consisting of numbers, letters, and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.
  • Change your password regularly.
  • Never give your password to someone you don't know and trust.
  • Make sure your email account is secure. Anyone who can read your email can probably also access your Scribeless account. Change the passwords for all of your email accounts and make sure that no two are the same.
  • Log out of Scribeless when you use a computer or phone you share with other people. Don't check the "Remember Me" box when logging in from a public computer, as this will keep you logged in even after you close the browser window.
  • Think before you authorize any third-party app.