Last Updated: May 07, 2026 |
Effective Date: May 30, 2026 |
Applies To: sueletter.com & app.sueletter.com |
Contact: [email protected]
SueLetter Cookie Policy
Plain English Summary (so simple a 12-year-old gets it): Cookies are tiny files a website saves on your phone or computer. They help the site remember you and work properly. Some cookies are absolutely needed for the site to work — like the one that keeps you logged in. Others are optional — like the ones that help us count how many people visited today. This page tells you exactly which cookies SueLetter uses, why, and how to turn them off if you want.
1. What Are Cookies? (Simple Explanation)
A cookie is a small text file — usually less than 1 kilobyte — that a website stores on your device (computer, phone, or tablet) when you visit. Think of it as a sticky note the website writes to itself so it can remember things about your visit.
Cookies are stored locally in your browser (Chrome, Safari, Firefox, Edge). They are NOT viruses, NOT apps, and they cannot access personal files on your computer. They can only store information the website itself puts into them.
There are also similar tracking technologies that work like cookies:
- Local Storage / Session Storage — browser-side memory that works like cookies but is not sent to the server automatically
- Web Beacons / Pixels — invisible 1×1 images that can tell a server when a page or email was opened
- Fingerprinting — collecting browser/device settings to identify a user (SueLetter does NOT use this)
This policy covers all of the above technologies where applicable to SueLetter.
2. Why SueLetter Uses Cookies
We use cookies for three core purposes:
- To make the website work properly. Without essential cookies, you could not stay logged in, the demand letter generator would not function, and forms would not submit.
- To understand how people use our site. Analytics cookies tell us which pages are visited most, how long people stay, and where they come from. This helps us fix problems and improve the experience for everyone.
- To show relevant advertising. Google AdSense places advertising cookies so ads shown on our site are relevant to your interests. These ads keep SueLetter’s basic generator free for all users.
What we do NOT do with cookies: We never use cookies to build profiles of you for sale to data brokers. We never track you across other websites using our own tracking cookies. We never store your demand letter content in cookies.
3. Types of Cookies We Use — Full Breakdown
3.1 Strictly Necessary Cookies (Always Active — Cannot Be Disabled)
These cookies are essential for the website to function. Without them, the demand letter generator would not work. Because they are strictly necessary, we do not ask for your consent to set them under GDPR Article 6(1)(b) (contract performance) and the UK ePrivacy Regulations.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
__session |
SueLetter | Keeps you logged into your account during your visit | Session (deleted when browser closes) | HTTP Cookie |
auth_token |
Auth0 / SueLetter | Remembers your login for 30 days if you chose “Remember Me” | 30 days | HTTP Cookie |
csrf_token |
SueLetter | Security token that prevents cross-site request forgery attacks | Session | HTTP Cookie |
cookie_consent |
SueLetter | Stores your cookie preferences (Accept/Decline) so we don’t ask again | 12 months | HTTP Cookie |
sl_locale |
SueLetter | Remembers your country and language selection | 12 months | Local Storage |
3.2 Analytics & Performance Cookies (Optional — Consent Required)
These cookies help us understand how visitors use our site. All data collected is anonymized — we cannot identify you personally. You can decline these when the cookie banner appears, or opt out at any time.
Legal basis (GDPR): Consent — Article 6(1)(a). For UK users: Consent under UK GDPR and UK ePrivacy Regulations.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_ga |
Google Analytics | Counts unique visitors and distinguishes users (anonymized ID) | 2 years | HTTP Cookie |
_ga_XXXXXXXX |
Google Analytics | Stores and counts page views for a specific session | 2 years | HTTP Cookie |
_gid |
Google Analytics | Tracks session activity (pages per session, bounce rate) | 24 hours | HTTP Cookie |
_gat |
Google Analytics | Throttles request rate (limits data sent to Google Analytics) | 1 minute | HTTP Cookie |
We use IP anonymization in Google Analytics — your full IP address is never stored. Data is processed in accordance with Google’s Data Processing Amendment. Opt out of Google Analytics here.
3.3 Advertising Cookies (Optional — Consent Required)
SueLetter displays ads served by Google AdSense to keep our basic generator free for all users. Google uses cookies to personalize ads based on your interests and browsing history. We do not control which specific ads are shown — that is determined by Google’s algorithms.
Legal basis (GDPR): Consent — Article 6(1)(a). These cookies are only set after you click “Accept” on our cookie banner. EU, UK, and California users will NOT see personalized ads if they decline.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
IDE |
Google DoubleClick | Used to show personalized ads and measure ad performance | 13 months | HTTP Cookie |
NID |
Registers a unique user ID to customize Google ads | 6 months | HTTP Cookie | |
test_cookie |
Google DoubleClick | Checks whether the browser supports cookies (one-time test) | 15 minutes | HTTP Cookie |
DSID |
Identifies logged-in Google users for ad targeting across devices | 2 weeks | HTTP Cookie |
To opt out of Google’s personalized advertising globally, visit adssettings.google.com or install the Google Opt-Out Browser Plugin.
3.4 Functional / Preference Cookies (Optional)
These cookies remember your preferences to improve your experience on future visits. They are optional and can be declined without affecting core features.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
sl_theme |
SueLetter | Remembers your UI preference (light or dark mode) | 12 months | Local Storage |
sl_last_letter_type |
SueLetter | Remembers the last type of demand letter you generated | 30 days | Local Storage |
4. Third-Party Cookies (Google, Stripe, Auth0)
Some cookies on SueLetter are set by third-party services we use. We do not control these cookies — they are governed by each company’s own privacy and cookie policies.
| Third Party | What They Do on Our Site | Their Cookie / Privacy Policy | GDPR Compliant? |
|---|---|---|---|
| Google Analytics | Website usage analytics | Google Privacy Policy | ✅ Yes (EU SCCs) |
| Google AdSense | Display advertising | Google Ad Policy | ✅ Yes (consent-gated for EU/UK) |
| Stripe | Payment processing (Pro users only) | Stripe Privacy Policy | ✅ Yes (PCI DSS + GDPR) |
| Auth0 | Secure login / authentication | Auth0 Privacy Policy | ✅ Yes (SOC 2 Type II) |
| Vercel | Website hosting & edge delivery | Vercel Privacy Policy | ✅ Yes |
Note for EU & UK Users: Third-party advertising cookies (Google AdSense) are only activated after you explicitly consent via our cookie banner. If you decline, you will still see ads on SueLetter — they just won’t be personalized to you.
5. Your Cookie Consent — How We Ask & Record It
When you first visit SueLetter, a cookie consent banner appears at the bottom of your screen. It gives you a clear choice:
- “Accept All” — enables all cookies (essential + analytics + advertising + functional)
- “Decline Optional” — enables only strictly necessary cookies; no analytics, no ad-targeting cookies
- “Manage Preferences” — lets you choose category by category
We record your choice in a cookie_consent cookie that expires after 12 months. After 12 months, we ask again. You can change your choice at any time — see Section 6 below.
GDPR Legal Basis for Consent: Our consent mechanism complies with GDPR Recital 32 — it is freely given, specific, informed, and unambiguous. Pre-ticked boxes are never used. “Accept All” and “Decline” options are displayed with equal visual prominence.
UK ePrivacy Regulations (PECR): For UK users, our consent mechanism complies with the Privacy and Electronic Communications Regulations 2003 (as amended). No non-essential cookies are placed without prior consent.
Germany — TTDSG: For users in Germany, we comply with the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) § 25, which requires prior informed consent for all cookies that are not strictly necessary.
Spain — LSSI-CE: For users in Spain, we comply with the Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico regarding cookie consent requirements.
Canada — CASL / PIPEDA: For users in Canada, non-essential cookies require express or implied consent consistent with the Canadian Anti-Spam Legislation and PIPEDA.
6. How to Control or Delete Cookies
You are always in control. Here are all the ways to manage cookies on SueLetter:
Option A — Use Our Cookie Preference Center
Click the “Cookie Preferences” link in our website footer at any time to open your preferences panel and change your settings.
Option B — Use Your Browser Settings
Every browser lets you see, block, and delete cookies. Here’s how for the most popular browsers:
| Browser | How to Manage Cookies |
|---|---|
| Google Chrome | Settings → Privacy and Security → Cookies and other site data → Open Settings |
| Mozilla Firefox | Settings → Privacy & Security → Cookies and Site Data → Firefox Guide |
| Apple Safari (Mac) | Preferences → Privacy → Manage Website Data → Safari Guide |
| Apple Safari (iPhone/iPad) | Settings → Safari → Privacy & Security → Block All Cookies |
| Microsoft Edge | Settings → Cookies and site permissions → Cookies and site data → Edge Guide |
| Opera | Settings → Advanced → Privacy & Security → Site Settings → Cookies |
⚠️ Heads up: Blocking all cookies will prevent the SueLetter generator from working correctly. The login system, form submissions, and letter generation all require essential cookies. We recommend only blocking optional (analytics and advertising) cookies.
Option C — Use Opt-Out Tools
- Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
- Google Ad Personalization: adssettings.google.com
- Network Advertising Initiative (NAI) Opt-Out: networkadvertising.org/choices
- Digital Advertising Alliance (DAA) Opt-Out: aboutads.info/choices
- European Interactive Digital Advertising Alliance (EDAA): youronlinechoices.eu
7. GDPR, UK GDPR & ePrivacy Directive Compliance
SueLetter takes compliance with EU and UK data protection law seriously. Here is how our cookie practices align with the key legal frameworks:
| Legal Framework | Applies To | How SueLetter Complies |
|---|---|---|
| GDPR (EU) 2016/679 | All EU/EEA users | Consent-first for non-essential cookies; lawful basis documented; data minimization applied; DPAs in place with all processors |
| UK GDPR + Data Protection Act 2018 | UK users | Separate UK-specific consent mechanism; ICO guidance followed; standard contractual clauses for UK-US transfers |
| ePrivacy Directive 2009/136/EC | EU/EEA users | No non-essential cookies placed before consent; banner presented on first visit; consent granularity by category |
| TTDSG (Germany) | Users in Germany | Prior consent required for all non-essential cookies per § 25 TTDSG; no pre-checked boxes |
| LSSI-CE (Spain) | Users in Spain | Cookie categories clearly labeled; consent banner with “Accept/Decline” equally prominent |
| Loi Informatique et Libertés (France) | Users in France | CNIL guidelines followed; analytics cookies require opt-in; data minimization applied |
If you are an EU or UK user and believe our cookie practices violate your rights, you have the right to lodge a complaint with your national Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu. UK users may contact the Information Commissioner’s Office (ICO) at ico.org.uk.
8. US State Privacy Laws & Cookies
Several US states have enacted comprehensive privacy laws that affect how we use tracking technologies. SueLetter honors these rights for all US residents regardless of state:
| State Law | State | Key Right Relevant to Cookies | How to Exercise |
|---|---|---|---|
| CCPA / CPRA | California | Right to opt out of “sale” or “sharing” of personal data (includes cross-context behavioral advertising) | Email us or use cookie preference center |
| VCDPA | Virginia | Right to opt out of targeted advertising | Email us or decline cookies on banner |
| CPA | Colorado | Right to opt out of profiling for advertising | Email us or decline cookies on banner |
| CTDPA | Connecticut | Right to opt out of targeted advertising and profiling | Email us or decline cookies on banner |
| TDPSA | Texas | Right to opt out of sale of personal data and targeted advertising | Email us or decline cookies on banner |
| UCPA | Utah | Right to opt out of sale of personal data and targeted advertising | Email us or decline cookies on banner |
Global Privacy Control (GPC): If your browser sends a Global Privacy Control signal, SueLetter will treat it as a request to opt out of the sale/sharing of personal data for California users, consistent with the CPRA. We are working to honor GPC signals for all US state laws that recognize it.
Do Not Track (DNT): Some browsers send a “Do Not Track” signal. At present, there is no universal standard for DNT signals on the web. SueLetter does not currently respond to DNT signals — please use our Cookie Preference Center or the opt-out tools in Section 6 instead.
9. Canada — PIPEDA & Anti-Spam Law (CASL)
For users in Canada, SueLetter complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).
- Non-essential cookies require your express or implied consent before being set
- We identify ourselves clearly in the cookie consent banner
- You can withdraw consent at any time using the Cookie Preference Center or by emailing us
- We do not use cookies to send you commercial electronic messages without consent
For questions about your rights under Canadian law, contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.
10. Do Not Sell or Share My Personal Information
SueLetter does not sell your personal information to data brokers or third parties for money.
However, under the California CPRA and similar laws, the use of Google AdSense advertising cookies may qualify as “sharing” personal data for cross-context behavioral advertising purposes. California residents and users under similar state laws have the right to opt out of this sharing.
To opt out of sharing your data for advertising purposes:
- Click “Decline Optional” on our cookie consent banner
- Click “Cookie Preferences” in our footer and turn off Advertising Cookies
- Email [email protected] with subject line “Do Not Sell or Share My Data”
- Use the Global Privacy Control browser setting (honored for California users)
Opting out will not affect the price you pay or the features you can access on SueLetter — it only affects whether ads shown to you are personalized.
11. Updates to This Cookie Policy
We review and update this Cookie Policy whenever:
- We add or remove a cookie or tracking technology
- A new law or regulatory guidance affects our cookie practices
- A third-party partner changes their cookie behavior
When we make significant changes, we will:
- Update the “Last Updated” date at the top of this page
- Re-display the cookie consent banner to ask for your consent again (for EU/UK users)
- Send an email notification to registered users for major changes
We encourage you to check this page periodically. Continued use of SueLetter after changes are posted means you accept the updated Cookie Policy.
12. Contact Us — Cookie Questions
Have a question about our cookies that is not answered here? Want to exercise your rights? Here is how to reach us:
- 📧 Email: [email protected]
- 🌐 Contact Form: sueletter.com/contact-us
- ⏱ Response Time: Within 30 days (usually much faster)
- 🏢 Operated by: SueLetter | United States
We respond to all legitimate cookie rights requests, including access, deletion, and opt-out requests, within 30 days at no cost to you.
13. Frequently Asked Questions About Cookies on SueLetter
Q: Do I have to accept cookies to use SueLetter?
A: No. You only have to accept strictly necessary cookies — these make the site work and cannot be turned off. All other cookies (analytics, advertising, functional) are optional. Declining optional cookies does not block access to the demand letter generator.
Q: Will my demand letter content be stored in cookies?
A: No. Your demand letter text and dispute details are never stored in cookies. Cookies on SueLetter contain only session identifiers, your preferences, and anonymized analytics IDs — never the content of your letters.
Q: Does SueLetter track me across other websites?
A: No. SueLetter does not use its own cross-site tracking cookies. However, Google AdSense cookies (IDE, NID) are set by Google and may track your activity across sites that use Google advertising. You can opt out of this via adssettings.google.com.
Q: I cleared my cookies. What happens to my SueLetter account?
A: Clearing cookies will log you out of your SueLetter account and reset your cookie preference. Your account data (letter history, settings) is stored securely in our database — not in cookies — so it will still be there when you log back in.
Q: I am in Germany. Do I need to give extra consent?
A: Yes. Under Germany’s TTDSG § 25, we require explicit, prior consent for all cookies that are not strictly necessary, including analytics cookies. Our cookie banner for German users is set up to collect this consent before any optional cookies are placed.
Q: I am in California. Can I stop SueLetter from sharing my data with Google for ads?
A: Yes. Under CPRA, you have the right to opt out of sharing personal data for cross-context behavioral advertising. Use our cookie preference center to turn off advertising cookies, or email us at [email protected] with the subject “Do Not Share My Data.”
Q: How long do cookies last on my device?
A: It depends on the cookie. Session cookies disappear when you close your browser. Persistent cookies last from 15 minutes (Google test cookies) up to 2 years (Google Analytics). The full table in Section 3 shows the exact duration for every cookie we use.
Q: What is the difference between first-party and third-party cookies?
A: First-party cookies are set by SueLetter itself (like your login session). Third-party cookies are set by other companies whose services we use (like Google Analytics or Google AdSense). Third-party cookies are governed by those companies’ own privacy policies.
Q: Are cookies dangerous or viruses?
A: No. Cookies are simple text files — they cannot run programs or carry viruses. They can only store small amounts of text that the website itself put into them. They cannot read or modify any files on your computer.
Q: I declined cookies but I am still seeing ads. Is that normal?
A: Yes, that is normal. Declining cookies means you will see non-personalized ads instead of personalized ones. SueLetter displays Google AdSense ads to keep the basic generator free — ads will appear regardless of your cookie choice, but without cookies, the ads are generic rather than targeted to you.
Quick Summary: SueLetter uses four categories of cookies: (1) Essential cookies that keep the site working — always on, no consent needed; (2) Analytics cookies from Google Analytics — optional, anonymized, consent required; (3) Advertising cookies from Google AdSense — optional, consent required, supports free access to our generator; (4) Functional cookies that remember your preferences — optional. You can change your cookie choices at any time using the Cookie Preferences link in our footer. We never sell your personal information. Questions? Email [email protected].
Legal Disclaimer: SueLetter is an AI-powered self-help writing tool, not a law firm. It does not provide legal advice, and no attorney-client relationship is formed by using this Service. Demand letters generated are for informational and self-help purposes only. For legal advice specific to your situation, consult a licensed attorney in your jurisdiction.