Privacy Policy

1. Who we are

This Privacy Policy explains how Latente Ltd. (“Latente”, “we”, “our”, “us”) collects, uses, stores, shares and protects personal data when you use latente.app, the Latente mobile and web applications, and related services.

Latente Ltd. is a company registered in England and Wales with company number 17137645 and registered office at 81 Eton Rise, London NW3 2DA, United Kingdom.

For the purposes of UK data protection law, Latente Ltd. is the data controller of the personal data described in this Policy, except where another party acts as an independent controller for its own services.

You can contact us at [email protected].

2. Scope

This Policy applies to personal data we process when you:

• visit our website;
• use our app or web app;
• request login access;
• create or use a roll;
• upload photographs or other content;
• request shipping, fulfilment, unlock or download;
• contact us for support; or
• otherwise interact with us.

3. Personal data we collect

Depending on how you use the Service, we may collect and process the following categories of personal data.

3.1 Account and identity data

• email address;
• account identifiers;
• login token and session-related records;
• consent records, including acceptance timestamps for terms, privacy and cookies.

3.2 Order and fulfilment data

• recipient full name;
• delivery address;
• city;
• state or county where applicable;
• postcode or ZIP code;
• country;
• redemption code and shipment status;
• roll information, order references and fulfilment history.

3.3 Uploaded content

• photographs and image files you upload;
• image metadata associated with uploaded files, which may include file details and, depending on your device settings, embedded metadata such as date, time and possible location information;
• digital gallery and download activity related to your roll.

3.4 Payment and transaction data

We do not store full payment card details. Payments are handled by our payment providers.

We may receive and store limited payment and transaction data such as:

• payment status;
• checkout session identifiers;
• payment intent or transaction identifiers;
• order amount, currency, quote and tax data; and
• limited fraud, billing or verification information made available to us by payment providers.

3.5 Technical, device and diagnostics data

When you use the Service, we may collect technical and operational data such as:

• IP address and network/request metadata;
• browser type and version;
• device type, model and operating system;
• app version and build number;
• request identifiers;
• timestamps and usage events relevant to the operation of the Service;
• error reports, diagnostics and troubleshooting context;
• upload failure information, including blob or upload identifiers where relevant.

3.6 Communications

• emails and messages you send to us;
• support requests and complaint handling records.

3.7 Legal and compliance data

• fraud prevention and abuse-prevention records;
• security and access logs;
• records relating to disputes, claims, legal requests, content moderation decisions and compliance actions.

4. How we collect personal data

We collect personal data:

• directly from you when you provide it;
• automatically when you use the website or app;
• from payment, email, fulfilment, hosting, storage and delivery providers involved in operating the Service;
• from device and browser interactions with the Service; and
• from lawful requests, reports or investigations related to fraud, abuse, safety or legal compliance.

5. How we use personal data

We use personal data to:

• provide, operate and improve the Service;
• authenticate users and maintain account access;
• create, manage and fulfil rolls and orders;
• store uploaded images temporarily;
• generate quotes and process payments;
• submit jobs for printing and fulfilment;
• arrange shipping and delivery;
• provide unlock, gallery and download functionality;
• send transactional communications such as login, order, fulfilment and unlock emails;
• provide customer support;
• investigate errors, failed uploads and technical issues;
• maintain the security, integrity and reliability of the Service;
• detect, prevent and investigate fraud, abuse, unauthorised access and prohibited content;
• enforce our Terms and protect our legal rights;
• comply with legal, regulatory, tax, accounting and law-enforcement obligations; and
• establish, exercise or defend legal claims.

6. Our lawful bases for processing

6.1 Contract

We process personal data where necessary to perform our contract with you or to take steps at your request before entering into a contract, including:

• account access;
• roll creation and management;
• image upload and temporary storage;
• quoting, checkout, payment confirmation;
• fulfilment, printing, delivery;
• unlock, gallery and download access; and
• customer support connected to your order or account.

6.2 Legitimate interests

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes:

• service administration and improvement;
• infrastructure, hosting and operational monitoring;
• diagnostics, troubleshooting and bug fixing;
• security, abuse prevention and fraud prevention;
• protection of users, suppliers and the public;
• enforcement of our Terms;
• handling complaints and disputes; and
• proportionate content review where reasonably necessary for safety, compliance or abuse handling.

6.3 Legal obligation

We process personal data where necessary to comply with legal obligations, including accounting, tax, consumer, regulatory, fraud-prevention, sanctions, court-order, law-enforcement and other compliance duties.

6.4 Consent

Where we rely on consent, we will ask for it separately and you may withdraw it at any time. At present, we do not use optional analytics or advertising cookies on latente.app. If that changes, we will update our notice and seek consent where required.

7. Photo content, sensitive information and AI

The Service is built around photo uploads. Images may contain personal data relating to you and to other people, including identifiable faces and incidental information visible in the image.

We do not intentionally ask you to provide special category data or highly sensitive information. Because photographs can reveal more than you intend, you should use care when uploading content and only upload material you have the right to use.

You are responsible for ensuring you have any permissions or consents required for the people, minors, places, artworks or other third-party material appearing in your content.

We do not use your uploaded images, gallery content or downloads to train generative AI or machine learning models.

8. Prohibited or unlawful content

We may process, review, retain and disclose relevant personal data, including uploaded content and account information, where reasonably necessary to:

• investigate suspected illegal, abusive or prohibited content;
• prevent harm, fraud or security incidents;
• enforce our Terms;
• respond to complaints or rights claims;
• comply with legal obligations or lawful requests; or
• cooperate with law enforcement, regulators, child-safety bodies, payment providers, hosting providers, fulfilment providers, carriers or rights holders.

We do not promise to proactively monitor all content, but we reserve the right to do so where reasonably necessary for service operation, safety, legal compliance or abuse handling.

9. Who we share personal data with

We share personal data only where reasonably necessary for the purposes described above.

Depending on the Service and your order, recipients may include:

9.1 Infrastructure, hosting and storage providers

Including providers that host the application, store image files and support network delivery, security and performance.

9.2 Payment providers

Including Stripe and related payment service providers, for payment processing, fraud detection, authentication, compliance and transaction management.

9.3 Print and fulfilment providers

Including Prodigi and its fulfilment network, so that your order can be quoted, printed, packed and fulfilled.

9.4 Delivery providers

Postal and courier providers involved in transporting orders to the delivery address you provide.

9.5 Email and communications providers

Including Resend and other providers used to send transactional emails such as login links, order confirmations and service notices.

9.6 Professional advisers and authorities

Lawyers, accountants, auditors, insurers, regulators, courts, law-enforcement authorities and other parties where necessary for legal compliance, fraud prevention, rights protection or dispute handling.

9.7 Corporate transactions

If we are involved in a merger, acquisition, investment, reorganisation, financing, sale of assets or similar transaction, personal data may be disclosed subject to appropriate confidentiality and legal safeguards.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

10. International transfers

Because we use service providers and infrastructure that may operate in the UK, the United States and other countries, your personal data may be processed outside your country of residence and outside the UK.

Where personal data is transferred outside the UK, we take steps intended to ensure appropriate protection, which may include:

• UK adequacy regulations;
• approved contractual safeguards;
• recognised data transfer frameworks; or
• other lawful transfer mechanisms appropriate to the circumstances.

11. Data retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including legal, accounting, fraud-prevention, dispute and security purposes.

Our current retention approach is as follows:

11.1 Photos, gallery files and downloads

We aim to delete uploaded image files, gallery assets and downloadable files from active systems within 60 days after digital access is first made available, such as when a roll is validly unlocked.

If a roll is shipped but never unlocked, we may delete uploaded image files and related gallery assets around 120 days after shipment.

You should download and store any images you wish to keep before that period ends.

11.2 Order, payment, shipping and accounting records

We may keep order, fulfilment, payment, shipping, invoice, quote, tax and related business records for 6 years or longer where required by law, legal process or legitimate dispute-handling needs.

11.3 Account records

We may retain core account records for as long as your account remains active and, where appropriate, for a reasonable period afterwards in order to handle support, disputes, fraud prevention, security and legal obligations.

11.4 Security and access logs

We generally retain security and access logs for up to 12 months, unless a longer period is needed for an active security matter, fraud investigation or legal obligation.

11.5 Diagnostics and error records

Technical diagnostics, upload error records and troubleshooting logs are generally retained for up to 90 days, unless longer retention is reasonably necessary for an active incident, abuse investigation or legal matter.

11.6 Support communications

Support messages and related correspondence may be kept for up to 24 months after the matter is closed, unless longer retention is needed for legal, fraud, complaint or operational reasons.

11.7 Backups

Residual copies of personal data may remain in secure backups for a limited period and are typically overwritten on a rolling basis within 90 days, unless retention is required by law or incident response needs.

12. Security

We use technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access and misuse.

These measures may include access controls, encryption in transit, secure storage, logging, provider security controls, environment segregation and restricted internal access on a need-to-know basis.

No system is completely secure, and we cannot guarantee absolute security.

13. Your rights

Depending on the law that applies to you, you may have rights including:

• access to your personal data;
• correction of inaccurate or incomplete data;
• erasure of data in certain circumstances;
• restriction of processing;
• objection to certain processing;
• data portability;
• withdrawal of consent where processing is based on consent; and
• complaint to a supervisory authority.

If you are in the UK, you may complain to the Information Commissioner’s Office (ICO).

If you are a resident of a U.S. state with applicable privacy rights, you may also have additional rights under state law, subject to verification and applicable exceptions. We do not sell personal information or share it for targeted advertising.

To exercise your rights, contact [email protected]. We may need to verify your identity before responding.

14. Account deletion and erasure

You may request deletion of your account and personal data by contacting us or using any deletion tools we make available.

We may still retain certain data after deletion where necessary for:

• legal obligations;
• tax and accounting records;
• fraud prevention and security;
• dispute resolution;
• enforcement of our agreements; or
• the establishment, exercise or defence of legal claims.

15. Children

The Service is not directed to individuals under the age of 18, and we do not knowingly offer accounts to minors.

If we learn that we have collected account data directly from a person under 18 in breach of our Terms, we may suspend the account and take reasonable steps to delete the relevant data, subject to legal and safety obligations.

16. Cookies and similar technologies

We use cookies and similar technologies only as described in our Cookies Policy.

At present, we use strictly necessary cookies or similar technologies only. This may include security-related cookies and local storage used to keep the Service working, such as authentication state in the web app.

17. Third-party services and links

Our website or app may contain links to third-party sites or services. Those third parties have their own privacy practices, and we are not responsible for them except as required by law.

18. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this Policy shows when it was last revised.

Where required by law, we will take appropriate steps to notify you of material changes.

19. Contact

For privacy questions, rights requests or complaints, contact:

Latente Ltd.
81 Eton Rise, London NW3 2DA
United Kingdom
[email protected]