This Privacy Notice explains how Latend Inc. (“Latend”, “we”, “us”, “our”) collects, uses, and shares personal data when you visit our websites at latend.com and decisionformula.com (together, the “Sites”) or are otherwise in contact with us. It should be read together with our Cookie Statement.
This Notice covers the Sites only. Use of the Decision Formula platform is available exclusively under a signed agreement between Latend and an enterprise customer; processing of personal data in the platform is governed by that agreement and not by this Notice.
What Personal Data Do We Collect?
Information you provide to us. When you contact us, request a demo, subscribe to a newsletter, apply for a role, or otherwise communicate with us, we collect the information you give us — typically name, business email, company, job title, phone number (optional), message content, and, for career applications, your résumé and cover letter.
Information we collect automatically. When you browse the Sites, we collect device and technical data (IP address, browser type and version, operating system, language, time zone, screen size, referring URL) through server logs. With your consent via the cookie-consent banner, we also collect usage data (pages viewed, click events, form interactions, session metadata) through our analytics provider.
Sources of personal data we obtain from third parties. For business-development purposes, we may obtain limited publicly available business-contact information (such as name, role, and company) from sources including professional-networking platforms (for example, LinkedIn), business directories, and publicly available corporate registries, in line with applicable law. This paragraph addresses the disclosure required by Article 14 GDPR.
Special categories and sensitive personal information. We do not intentionally collect special categories of personal data within the meaning of Article 9 GDPR or “sensitive personal information” within the meaning of the California Privacy Rights Act. We do not use sensitive personal information for any purpose beyond what is reasonably necessary to operate the Sites.
Children. The Sites are not directed to individuals under 16, and we do not knowingly collect personal data from them. If you believe we have, contact privacy@latend.com and we will delete the data.
Providing data is voluntary. You are not required by law or contract to provide personal data through the Sites. If you choose not to provide data requested in a form (for example, in a demo request), we may not be able to respond to your inquiry.
How Do We Use Personal Data?
We use personal data for the following purposes and on the following legal bases under the EU and UK GDPR:
- Respond to your inquiries and schedule demos — legitimate interests (Art. 6(1)(f)) and pre-contract steps at your request (Art. 6(1)(b));
- Process career applications — pre-contract steps at your request and legitimate interests;
- Send marketing communications where permitted — your consent (Art. 6(1)(a)) or legitimate interests on a B2B soft-opt-in basis where applicable law allows;
- Operate, secure, and monitor the Sites — legitimate interests and legal obligations (Art. 6(1)(c));
- Measure and improve how the Sites are used — your consent (obtained via the cookie-consent banner);
- Comply with law and respond to legal process — legal obligations;
- Defend or pursue legal claims — legitimate interests.
We do not sell personal data, as “sell” is defined under the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and similar US state laws. We do not share personal data with third parties for cross-context behavioral advertising purposes. We have not sold or shared personal data for these purposes in the preceding twelve (12) months.
We do not make solely automated decisions that produce legal or similarly significant effects on you within the meaning of Article 22 GDPR.
Who Do We Share Personal Data With?
We share personal data only with the service providers we need to operate the Sites. Each acts as our data processor under a written contract that includes GDPR Article 28 obligations and, where applicable, Standard Contractual Clauses:
- Vercel, Inc. — hosting, content delivery, and edge-network security for the Sites
- PostHog, Inc. — website analytics (set only after you consent via the cookie-consent banner)
- Resend, Inc. — transactional email delivery (demo confirmations, newsletter receipts); EU region
We give at least thirty (30) days’ advance notice before engaging any new sub-processor that will process personal data collected through the Sites, by updating this Notice.
We may also disclose personal data in connection with a merger, acquisition, financing, or similar transaction; where required by law, valid legal process, or regulatory request; or to protect our rights, property, or safety, or that of others.
International transfers. Personal data may be transferred to and processed in the United States or other countries. Where transfers take place from the European Economic Area, United Kingdom, or Switzerland to a country not covered by an adequacy decision, we rely, in order of preference, on: (i) a current European Commission adequacy decision; (ii) the EU-U.S. Data Privacy Framework (and UK and Swiss extensions) where the receiving party is certified; (iii) the 2021 EU Standard Contractual Clauses (supplemented by the UK IDTA or Swiss addendum where applicable); (iv) supplementary technical and organizational measures identified by our Transfer Impact Assessment; and (v) Article 49 GDPR derogations in narrow, documented circumstances. A copy of the SCCs applicable to a specific transfer can be requested at privacy@latend.com.
How Long Do We Keep Personal Data?
- Contact-form and demo-request data: 24 months from the last interaction, then deleted unless an active business relationship has been established.
- Career applications: 12 months from the last contact, longer where local law requires or where we need to retain to defend legal claims.
- Marketing opt-ins: until you opt out; after opt-out, your email is retained on a suppression list to honor your choice.
- Website analytics (PostHog): 12 months (PostHog default).
- Server and security logs (Vercel): 30 days.
After the applicable retention period, personal data is deleted or anonymized. Aggregated, anonymized data that cannot be attributed to an individual may be retained indefinitely.
What Are Your Rights?
Depending on where you live, you may have the following rights over your personal data:
- Right to know / access what personal data we hold and how we use it
- Right to rectification / correction of inaccurate data
- Right to erasure / deletion, subject to legal exceptions
- Right to restrict processing in certain circumstances
- Right to data portability in a structured, machine-readable format
- Right to object to processing based on legitimate interests, and to opt out of direct marketing at any time
- Right to withdraw consent where processing is based on consent
- Right to opt out of sale or sharing of personal data for cross-context behavioral advertising — we do not sell or share
- Right to opt out of profiling producing legal or similarly significant effects — we do not engage in such profiling
- Right to limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary
- Right to non-discrimination for exercising any of these rights
- Right to lodge a complaint with your local data-protection supervisory authority (EU/UK residents) or attorney general (US residents)
How to exercise. Email privacy@latend.com. You may designate an authorized agent where applicable under local law. We will verify your identity before responding.
Response timing. We will respond within the timeframe required by the applicable law — typically 30 days under GDPR (extendable by two months for complex requests) or 45 days under US state laws (extendable by 45 days with notice).
Appeal. If we decline a request and the applicable state law provides an appeal right (for example, VCDPA, CPA, CTDPA, or UCPA), you may appeal by contacting privacy@latend.com with “Privacy Appeal” in the subject line.
Supervisory authority. If you are in the EU, UK, or Switzerland, you have the right to lodge a complaint with your local data-protection authority. A list of EU supervisory authorities is available at edpb.europa.eu; the UK authority is the ICO at ico.org.uk. If you are in the U.S., you may also contact your state attorney general.
How Do We Protect Personal Data?
We implement administrative, physical, and technical safeguards designed to protect personal data against unauthorized access, use, or disclosure, including: HTTPS/TLS for all Site traffic, least-privilege access controls for Latend personnel, secure software-development practices, continuous security monitoring, and breach-response procedures. If a breach affects your personal data, we will notify you and applicable supervisory authorities as required by law.
When Do We Update This Notice?
We may update this Notice from time to time to reflect changes in our processing or for operational, legal, or regulatory reasons. Material changes will be reflected by an updated “Last updated” date and, where required, advance notice. We encourage you to review this Notice periodically.
Where Can I Get Further Information?
Email: privacy@latend.com
Postal: Latend Inc., 311 Elm Street, Ste 270-1390, Cincinnati, OH 45202, United States, Attn: Privacy.
Data Protection Officer: Latend has not appointed a DPO because our core processing activities do not meet the Article 37 GDPR thresholds. Privacy questions should be directed to privacy@latend.com.