Overview
Letters CVA (“we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our medical letter generation platform.
By accessing or using Letters CVA, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform immediately.
Letters CVA processes sensitive health-related data. We comply with applicable data protection regulations, including GDPR and local healthcare privacy standards.
Information We Collect
We collect information in the following categories:
- Account Information: Name, email address, professional title, and credentials provided during registration.
- Patient & Clinical Data: Patient names, medical histories, diagnoses, and other clinical details entered into letter templates.
- Usage Data: Log data including IP addresses, browser type, pages visited, time spent, and feature interactions.
- Device Information: Device identifiers, operating system, and screen resolution used to optimise your experience.
- Communication Data: Emails sent through the platform, including To and Cc recipients and message content.
How We Use Your Information
Your information is used to:
Data Sharing
We do not sell, rent, or trade your personal information. We may share data in limited circumstances:
- Service Providers: Trusted third-party vendors (e.g., cloud hosting, email delivery) who process data solely on our instructions.
- Legal Requirements: When required by law, court order, or governmental authority to disclose information.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections in place.
- With Your Consent: If you explicitly authorise us to share data with a specific third party.
Data Security
We implement industry-standard security measures to protect your data, including:
- TLS/SSL encryption for all data in transit
- Encrypted data storage at rest
- HTTP-only, expiring authentication cookies
- Role-based access control for staff
- Regular security audits and vulnerability assessments
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Request deletion of your data where no legal basis exists for retention.
Restriction
Ask us to restrict processing of your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, please contact us at privacy@letterscva.com.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Account data is retained for the duration of your active account and up to 90 days following account closure.
- Clinical letter data is retained in accordance with applicable medical record-keeping regulations.
- Log and usage data is retained for up to 12 months for security and performance purposes.
Policy Changes
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will notify registered users via email or a prominent notice within the platform. Continued use of Letters CVA after any update constitutes your acceptance of the revised policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to our privacy team: