Privacy Policy

Introduction

Latence LLC, doing business as Latence AI ("Latence AI", "we", "our", or "us"), a Wyoming Limited Liability Company, operates latence.ai and its associated APIs (collectively, the "Service"). This Privacy Policy describes how we collect, use, and share information when you use our Service.

Our Service is designed for business and professional use (B2B). We are committed to transparency about how we handle your data and to processing the minimum data necessary to operate the Service.

Our Core Data Principles

Information We Collect

Account Information

• Email address
• Name (optional)
• Profile information from OAuth providers (Google, GitHub) if you choose social login
• Organization name

Usage Metadata

• API request metadata: service name, endpoint, HTTP method, status code, latency
• Usage costs and billing history
• API key identifiers (not the keys themselves)
• Token counts, page counts, and other operational metrics

Usage metadata never includes the content of your documents, text inputs, or API response payloads.

Payment Information

• Billing details are processed and stored exclusively by Paddle (our Merchant of Record), which supports credit/debit cards, PayPal, Apple Pay, and Google Pay
• We do not store credit card numbers, PayPal account details, bank account details, or payment credentials
• We receive only transaction confirmations (amounts, timestamps, transaction IDs)

Technical Data

• Geographic location at country level only (derived from IP address via Cloudflare; we do not store full IP addresses)
• Browser type and device information (via Sentry for error tracking)
• Page performance metrics

How We Use Your Information

We process your information for the following purposes and legal bases:

• To provide the Service (contractual necessity): Process your API requests, manage your account, handle billing
• To send transactional communications (contractual necessity): Usage alerts, billing notifications, team invitations
• To monitor and improve the Service (legitimate interest): Detect errors, monitor performance, analyze usage patterns
• To prevent fraud and ensure security (legitimate interest): Detect abuse, enforce rate limits, protect infrastructure
• To comply with legal obligations (legal obligation): Tax reporting, responding to lawful requests

We do not send marketing emails. All communications are transactional.

Third-Party Services

We use the following third-party services to operate our platform. These services process data as described below and in their respective privacy policies. None of these sub-processors retain the content of your API payloads.

Data Retention

• Document Content: Not retained. Processing is ephemeral; content is discarded immediately after the API response
• Account Data: Retained while your account is active and for 90 days after account deletion
• Usage Metadata: Retained for billing and audit purposes in accordance with tax and legal requirements
• Cloudflare Analytics: 90 days
• Async Job Results: Automatically deleted within 48 hours
• Billing Records: Retained for 7 years for tax and compliance purposes (by Paddle)
• Error Logs (Sentry): 90 days

Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and session management (Supabase auth). These cannot be disabled.
• Analytics Cookies: Privacy-focused web analytics via Vercel Analytics. These do not track you across other websites.
• Referral Cookie: If you sign up via a referral link, a temporary cookie (referral_code) is stored for up to 7 days to attribute the referral. It is deleted after processing.

We do not use advertising, marketing, or cross-site tracking cookies.

Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) for all connections
• Encryption at rest for stored data
• API key authentication and validation via Unkey
• Row-level security (RLS) in our database ensuring users can only access their own data
• HMAC-SHA256 webhook signature verification
• Regular security monitoring

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Your Rights

Regardless of your location, you have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Receive your data in a portable format

To exercise these rights, contact us at admin@latence.ai. We will respond within 30 days.

European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Data Controller

Latence LLC (d/b/a Latence AI) is the data controller for the personal data processed through the Service. For payment-related data, Paddle acts as an independent data controller.

Latence LLC
30 N Gould St, STE R
Sheridan, WY 82801, USA
admin@latence.ai

Legal Bases for Processing

• Performance of Contract: Processing necessary to provide the Service you requested (account management, API processing, billing)
• Legitimate Interests: Service improvement, security, fraud prevention, and analytics, where these interests are not overridden by your rights
• Legal Obligation: Tax reporting and compliance with applicable laws

Your GDPR Rights

In addition to the rights listed above, you have the right to:

• Restriction of Processing: Request that we limit how we use your data
• Object to Processing: Object to processing based on legitimate interests
• Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format
• Lodge a Complaint: File a complaint with your local data protection supervisory authority

International Data Transfers

Your data is processed in the United States. Our sub-processors (Supabase, Paddle, Vercel, Sentry, Cloudflare, Fly.io, and others) maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) where applicable. Since we do not store document content, the primary personal data transferred internationally is limited to account information and usage metadata.

Contact for EU Inquiries

European users may contact us for any data protection inquiries at admin@latence.ai. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to deletion
• Right to non-discrimination for exercising your rights

Canada (PIPEDA)

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information and challenge its accuracy. Contact admin@latence.ai for inquiries.

Children's Privacy

Our Service is designed for business use and is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will also notify you by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: