The important distinction
Lettari controls information used for our own website, enquiries, updates, business relationships, security, and service administration. If you make a booking with a business that uses Lettari, that business is normally the controller and its own privacy notice applies.
1. Who we are
Lettari is booking software for businesses that manage services, appointments, activities, events, resources, customers, participants, payments, and communications. In this notice, “Lettari”, “we”, “us”, and “our” mean Lettari.
Lettari is based in Leicestershire, United Kingdom. For privacy questions or rights requests, email contact@lettari.co.uk.
2. Our role and your booking provider
When Lettari is the controller
We decide why and how personal information is used when you visit our corporate website, request a demo, contact us, join product updates, manage a direct business relationship with us, or when we use information for our own billing, platform security, legal compliance, and service administration.
When Lettari is a processor
A business using Lettari normally decides what it needs from its customers, participants, and website visitors. That business is the controller and Lettari generally processes the information on its documented instructions to provide the platform.
If your question is about a booking, participant profile, enquiry, payment, or message handled for a particular business, contact that business first. Its privacy notice should explain its purposes, lawful bases, and retention choices. We will support the business in responding where our contract and data-protection law require it.
The role can vary for a business-user account. The relevant business normally controls the staff profile, access, and work records it asks Lettari to host, while Lettari independently controls the limited account, billing, security, and administration information we need for our own purposes.
3. Information we use
The information involved depends on how you interact with Lettari and which features a business has configured.
| Category | Examples |
|---|---|
| Enquiries and updates | Name, business name, work email, optional phone and industry, requirements, enquiry intent, signup status, consent version, and source page. |
| Business users | Name, email, phone, login and verification details, roles and permissions, workspace, support correspondence, and account activity. |
| Customers and participants | Names, contact details, dates of birth, booking and attendance details, customer or participant profiles, notes, configured form answers, and uploaded files. This is usually operator-controlled information. |
| Bookings and finance | Chosen service or event, date and time, participants, prices, fees, status, cancellation and refund information, billing contact details, and payment-provider identifiers. Lettari does not store full payment-card numbers. |
| Device and service use | IP address, browser and device information, session identifiers, page or screen activity, referring page, approximate viewport type, error and security logs, and aggregate visit counts. |
| Support and AI content | Messages, files, screenshots, page context, assistant prompts and responses, tool results, citations, action drafts, and support history where those features are used. |
Where information comes from
- directly from you when you submit a form, create or use an account, make a booking, contact support, or communicate with us;
- from the business using Lettari, including when its staff create records or configure forms and booking journeys;
- from your browser, device, and interactions with the service;
- from integrations you or the relevant business choose to use, such as payment, sign-in, email, mapping, or communication providers; and
- from another person who is authorised to provide details for a participant or customer.
What you need to provide
Fields marked optional are voluntary. Other fields are required where the interface, booking journey, or contract identifies them as necessary. If required information is not provided, we or the relevant business may be unable to answer an enquiry, create or secure an account, complete a booking or payment, or deliver the requested feature. A business using Lettari decides which customer and participant details it genuinely needs for its own services.
4. Purposes and lawful bases
When Lettari is the controller, we rely on one or more of the following UK GDPR lawful bases. A business acting as controller may rely on different bases for its booking customers.
Provide and administer the service
To deliver our direct business relationship, provide support, maintain our records, and respond to service requests. We rely on contract, steps requested before a contract, and our legitimate interests in operating the service. Where a customer controls the underlying staff or booking data, we process it on that customer’s instructions instead.
Respond to enquiries and demo requests
To understand your requirements, reply, arrange a demonstration, and keep a record of the conversation. We rely on steps requested before a contract and our legitimate interests in managing relevant business enquiries.
Send product updates
To send the occasional updates you asked to receive. We rely on consent. You can unsubscribe at any time; this does not affect processing that occurred before withdrawal.
Security, reliability, and misuse prevention
To authenticate users, maintain audit trails, investigate errors, protect workspaces, prevent fraud or abuse, and keep the service available. We rely on legitimate interests and, where applicable, legal obligations.
Payments, accounting, and legal administration
To administer charges, refunds, invoices, business records, disputes, and legal requests. We rely on contract, legitimate interests, and legal obligations.
Understand and improve Lettari
To measure aggregate use, diagnose problems, assess feature performance, and improve usability. We rely on legitimate interests for proportionate service analytics and consent where non-essential device storage or access requires it.
Where we rely on legitimate interests, those interests include running a secure and useful booking platform, supporting customers, improving the service, and managing genuine business relationships. We consider the necessity and the effect on individuals, and you may object as explained below.
6. AI features
Some Lettari workspaces may enable an AI assistant. When used, Lettari stores conversation messages, responses, page context, citations, tool output, and proposed actions. A workspace may also provide documents for search and retrieval. Depending on the request, tool output can include booking, customer, or participant information that the user is authorised to access.
We send the information needed to answer the request to the OpenAI API. When configured, response state and uploaded documents may also be retained by OpenAI so the assistant and document-search features work. OpenAI states that API data is not used to train its models by default unless an organisation chooses to opt in. See OpenAI API data controls.
Actions that change Lettari records are presented for human approval before execution. Lettari does not use the assistant to make solely automated decisions about people that have legal or similarly significant effects. Users should avoid including unnecessary sensitive information in prompts or documents.
Our controller or processor role follows the underlying information. For example, we normally process a business’s booking information on its instructions, while we control technical usage records needed to secure and administer the AI feature.
8. International transfers
Some providers operate in, support from, or make data available from countries outside the United Kingdom. This means personal information may be transferred internationally even where the main service is hosted in the UK.
The safeguard depends on the provider, destination, and processing. It may include UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to approved standard contractual clauses, and any required transfer-risk assessment. You can ask us for information about the safeguard relevant to your data.
9. How long we keep information
We keep personal information only for as long as needed for the purpose collected, the relevant customer’s documented instructions, security and recovery, and applicable legal, accounting, dispute, or regulatory requirements. We consider the amount and sensitivity of the information, the risk from continued retention, and whether we can achieve the purpose another way.
| Record | Retention approach |
|---|---|
| Enquiries and demos | While we respond and follow up, then only while reasonably needed to manage the relationship, prevent misuse, resolve complaints, or establish and defend legal claims. Records that become part of a customer contract follow the contractual record period. |
| Product updates | Until you unsubscribe. We may keep the minimum suppression and consent history needed to honour your choice and demonstrate compliance rather than adding you again. |
| Accounts, contracts, and finance | For the active relationship and the contractual or statutory record period that applies afterwards, taking account of UK tax, accounting, limitation, and dispute requirements. |
| Operator-controlled data | Bookings, profiles, participant details, configured fields, files, forms, and related messages are retained according to the relevant business’s instructions and contract with Lettari, subject to legal and technical recovery requirements. |
| Temporary operational data | Abandoned checkout records are scheduled for removal after 30 days. Unconsumed temporary uploads expire after about 60 minutes. Generated export files expire after 7 days; the related export-history record is scheduled for removal 30 days after its expiry date. |
| Service analytics | Detailed aggregate service-visit buckets are removed once they are more than one year old. Event-visit buckets are removed after the event has been ended for more than one year. De-identified lifetime aggregate counts may remain to report overall activity. |
| AI records | Conversation and document retention follows the applicable workspace instructions and contract. Technical AI usage logs are scheduled for removal after 365 days. Failure logs, and action records that remain in draft or rejected status without an execution, are scheduled for removal after 90 days. Provider-held service state follows the feature configuration and provider terms. |
| Security logs and recovery copies | For the operational cycle needed to investigate incidents, secure the service, and recover from failure. Deleted information can remain in restricted recovery copies until those copies are overwritten. |
We may preserve specific information for longer where a dispute, legal hold, regulatory request, fraud investigation, or other lawful exception requires it. We may keep information that has been irreversibly anonymised because it no longer identifies an individual.
10. Children and sensitive information
Lettari’s corporate website and business administration service are not directed at children. A business may, however, use Lettari for an activity involving a child and may collect a date of birth, guardian contact, participation details, or other relevant information. That business is responsible for explaining the processing, establishing an appropriate lawful basis, and obtaining parental or guardian authority where required. Lettari normally handles that data as its processor.
Configurable fields and uploads can also be used by a business to collect health, disability, allergy, safeguarding, or other sensitive information. The business must decide whether collection is necessary, identify both a UK GDPR lawful basis and any required special-category condition, restrict access, and choose an appropriate retention period. Users should not place sensitive information into free-text fields, files, or AI prompts unless it is genuinely necessary and authorised.
11. Your rights
Depending on the circumstances, UK data-protection law may give you the right to:
- access your personal information;
- correct inaccurate or incomplete information;
- ask for erasure;
- restrict how information is used;
- object to processing based on legitimate interests;
- receive or transfer information in a portable format;
- withdraw consent at any time; and
- complain to a data-protection regulator.
These rights are not absolute. We may need enough information to confirm your identity and locate the relevant records, and we will explain if an exemption applies. We normally respond within one month, although the law permits an extension for complex or numerous requests.
For information controlled by a business using Lettari, contact that business first. For information Lettari controls, email contact@lettari.co.uk. You can stop product-update emails through the unsubscribe link in an update.
You may complain to the UK Information Commissioner’s Office. We would appreciate the opportunity to address the issue first, but this does not limit your right to contact the ICO. Visit the ICO complaints page.
12. Security
We use technical and organisational measures designed to protect personal information, including encrypted connections, authentication and role-based access, tenant separation, audit and security logging, controlled infrastructure access, and service monitoring. We expect providers and business customers to protect the information within their control as well.
No online service can guarantee absolute security. When we act as a processor, we notify the relevant controller without undue delay after becoming aware of a personal-data breach. When Lettari is the controller, we notify the ICO and affected people when the applicable legal thresholds and notification requirements are met.
13. Contact and changes
Questions about this notice or Lettari-controlled information can be sent to contact@lettari.co.uk. You can also use our contact page for general enquiries.
We may update this notice when the service, providers, or legal requirements change. The current version will appear on this page with a revised date. If a change materially affects how we use information, we will take reasonable steps to bring it to the attention of affected people.