At Latentrix, we take a human-centered and pragmatic approach to everything we do, including how we handle your data. This Privacy Policy explains how we collect, use, and protect information when you visit our website or use our services.
1. Who We Are (Data Controller)
Latentrix EOOD (“Latentrix”, “we”, “us”) is an AI consultancy and product builder based in Sofia, Bulgaria.
- We act as a Data Controller when handling website, marketing, and communication data.
- We act as a Data Processor when processing client-provided data for AI development, ML training, or integration work under a contractual agreement.
Contact: hristo@latentrix.ai
2. Data We Collect
We collect personal data in the following categories:
A. Information You Provide
This may include:
- Name
- Email address
- Company details
- Project information or requirements
- Any messages sent via our website or email
B. Automatically Collected Data
When you visit our website, we may collect technical data such as:
- IP address
- Browser type
- Device information
- Pages visited
- Interaction patterns
This information may be collected via cookies or analytics tools.
C. Cookies & Analytics
We may use cookies for:
- Functional operation of the site (strictly necessary)
- Analytics and performance measurement
Where required by EU law, non-essential cookies are only set with your consent via a cookie banner or preference mechanism.
3. Legal Bases for Processing
We process personal data under the following legal bases (Art. 6 GDPR):
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries / contact requests | Legitimate interest (Art. 6(1)(f)) |
| Providing consulting or product access | Contract performance (Art. 6(1)(b)) |
| Sending product updates & marketing emails | Consent (Art. 6(1)(a)) |
| Website analytics & optimization | Consent (Art. 6(1)(a)) |
| Security / fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
You may withdraw consent at any time.
4. How We Use Your Data
We process data for purposes including:
- Service Delivery: Providing AI consulting, feasibility studies, agent development, and product access
- Communication: Responding to inquiries and providing updates
- Improvement: Analyzing usage patterns and improving our systems
- Security: Detecting harmful activity and protecting infrastructure
Client-specific data used for AI development is handled under separate Data Processing Agreements (DPAs).
5. AI & Data Processing
As an AI-focused company, we prioritize security and data integrity:
- We do not use client data to train general models without explicit permission
- For enterprise projects, we sign DPAs and follow customer instructions
- We may integrate with trusted third-party AI or cloud providers (e.g., model APIs, GPU hosts) who act as sub-processors
A list of current sub-processors is available upon request.
6. Data Sharing & International Transfers
We may share personal data with:
- Cloud hosting providers
- Analytics providers
- Communication tools
- AI infrastructure providers
Some providers may be located outside the EU (e.g., the United States). Where data is transferred internationally, we rely on:
- Adequacy decisions, or
- Standard Contractual Clauses (SCCs)
to ensure appropriate safeguards under GDPR.
We do not sell personal data.
7. Data Retention
We retain personal data only as long as needed for its purpose or to comply with legal duties.
Typical retention periods:
- Contact inquiries: up to 12 months
- Contract/project data: up to 5 years (accounting & legal requirements)
- Analytics data: as per cookie settings or anonymized
- DPA-governed processing: as defined in client agreements
After expiration, data is securely deleted or anonymized.
8. Your Rights Under GDPR
As an EU-based organization, you have the right to:
- Access your data
- Correct inaccurate data
- Delete your data (“right to be forgotten”)
- Restrict processing
- Object to processing (including marketing)
- Port your data to another service
- Withdraw consent where processing is consent-based
To exercise these rights, contact: hristo@latentrix.ai
You also have the right to lodge a complaint with the Bulgarian supervisory authority:
Commission for Personal Data Protection (CPDP)
9. Security Measures
We use industry-standard encryption, secure development practices, and access controls to prevent unauthorized access, alteration, or disclosure of data.
For enterprise engagements, enhanced security requirements may be embedded in DPAs.
10. Changes to This Policy
We may update this policy to reflect changes in our services or legal requirements. The latest version will always be posted with the revision date above.