Privacy Policy

This Privacy Policy explains how Letaria ("Letaria", "we", "us", or "our") collects, uses, discloses, and protects personal data in connection with: • The Letaria public website • Inquiry, discovery, and demo conversations • Pilot engagements and private Letaria deployments • Ongoing delivery, support, and commercial relationship management

Letaria is positioned as a solution-led service, not a broad public self-serve SaaS product. That means the personal data we handle often relates to business contacts, client representatives, authorized users in private environments, and materials shared for a specific engagement.

If a separate data processing agreement, statement of work, order form, or client contract applies to your engagement with Letaria, that document may add to or override parts of this Policy for the covered processing activity.

For website visitors, prospective clients, business contacts, and people who contact Letaria directly, Letaria generally acts as the controller of the relevant personal data.

For personal data contained in client materials, private workspaces, or client-directed processing, Letaria generally acts as a processor or service provider on behalf of the relevant client, unless a written agreement states otherwise.

**Contact Details:** Letaria Singapore

Privacy inquiries: privacy@letaria.app Data protection contact: dpo@letaria.app Legal inquiries: legal@letaria.app

We collect personal data in the following categories depending on how you interact with Letaria:

**3.1 Business Contact and Inquiry Data** • Name, work email, company, role, and contact details • Information you submit through forms, email, calendars, or messaging • Discovery notes, project requirements, and procurement or contracting details

**3.2 Access and Identity Data in Private Environments** • Business profile information made available through a client-selected identity provider • User IDs, role information, organization affiliation, and access events • Authentication and audit metadata needed to operate or secure a private deployment

**3.3 Client Materials and Project Data** • Documents, tickets, workflow inputs, prompts, comments, approvals, and annotations • AI-assisted outputs, reports, citations, review history, and delivery artifacts • Support materials and issue reports shared during delivery or maintenance

**3.4 Commercial and Billing Data** • Billing contact information • Invoice, payment status, and tax-related records • Payment method information where a payment processor is used

**3.5 Technical, Device, and Usage Data** • IP address, browser type, device and operating system details • Website pages viewed, referral information, timestamps, and interaction logs • Performance, diagnostic, error, and security telemetry • Cookie and consent preference signals

**3.6 Information from Third Parties** • Client-selected identity providers used for private access • Integrated systems or repositories that a client authorizes Letaria to connect to • Referral partners, public business sources, or procurement platforms used in a business relationship

We do not intentionally require sensitive personal data for ordinary website or engagement use. If you or your organization submit sensitive or regulated data, you are responsible for ensuring that Letaria is authorized to receive and process it for the relevant engagement.

We use personal data to: • Respond to inquiries, schedule demos, and evaluate potential engagements • Scope, deliver, support, and improve pilots, private deployments, and related services • Provision and administer access for authorized users • Process documents, tickets, workflow context, and instructions needed for delivery • Generate AI-assisted outputs, reports, and workflow artifacts • Operate support, troubleshooting, monitoring, and security functions • Manage invoices, contracts, legal obligations, and relationship administration • Send marketing or thought-leadership communications where permitted and appropriate

We may also use aggregated or de-identified usage information to understand service quality, capacity, and product direction, provided it is not used to identify you personally.

Where applicable law requires a legal basis, Letaria relies on one or more of the following:

**Contractual necessity or pre-contractual steps** • To respond to your request for a demo, pilot, proposal, or engagement • To deliver services, support, and agreed project work

**Legitimate interests** • To operate, secure, improve, and defend the Services • To manage business relationships and service quality • To prevent misuse, fraud, and security incidents

**Consent** • For optional cookies or analytics where required • For marketing communications where consent is required • For any other processing activity that we clearly present as consent-based

**Legal obligations** • To comply with tax, accounting, regulatory, court, or law-enforcement requirements • To investigate and respond to incidents or legal claims

Depending on the jurisdiction involved, these bases may map to obligations or permissions under laws such as the GDPR, Singapore PDPA, Japan APPI, the Australia Privacy Act, UAE PDPL, Saudi Arabia PDPL, or other applicable privacy laws.

Client materials and project data may be processed with AI and automation tools to produce outputs, summaries, workflow suggestions, reports, or other delivery artifacts.

AI-assisted results are intended to support human review and decision-making. Letaria does not represent that AI outputs are complete, accurate, or suitable for unattended operational use.

**AI TRAINING POLICY:** LETARIA WILL NOT USE CLIENT MATERIALS, OUTPUTS, OR PERSONAL DATA TO TRAIN, OR ALLOW ANY THIRD PARTY TO TRAIN, ANY AI OR MACHINE LEARNING MODEL UNLESS YOU OR YOUR ORGANIZATION HAVE EXPRESSLY AGREED TO THAT USE IN WRITING.

We may use service telemetry, quality signals, and de-identified operational data to secure, monitor, and improve the Services without using the underlying client content for model training.

We may share personal data only where reasonably necessary for the purposes described in this Policy, including with:

**Infrastructure and delivery providers** • Hosting, storage, logging, monitoring, communications, and collaboration vendors

**AI and automation providers** • Technology providers that process client materials or prompts to support agreed service delivery

**Identity and access providers** • Customer-selected identity providers used in private deployments

**Professional advisers and transaction counterparties** • Lawyers, accountants, auditors, insurers, and financing or acquisition counterparties

**Authorities and legal recipients** • Regulators, courts, law enforcement, or other recipients where disclosure is required or appropriate by law

**Clients and their administrators** • Where access, activity, or support information needs to be shared with the client that sponsors a private deployment

We do not sell personal data. If we share data with a service provider, we require that provider to protect the data appropriately and use it only for the permitted purpose.

Letaria and its service providers may process data in Singapore, the United States, the client-selected deployment region, or other jurisdictions relevant to delivery and support.

Where required, Letaria uses contractual commitments, access restrictions, organizational controls, and other transfer safeguards to support lawful international processing. If your organization needs specific residency, localization, or transfer restrictions, those requirements should be agreed in writing as part of the engagement.

Letaria uses reasonable technical and organizational safeguards designed to protect personal data, including measures such as: • Encryption in transit and, where appropriate, at rest • Role-based access controls and authentication controls • Logging, monitoring, and incident-response procedures • Vendor assessment and least-privilege operational practices

No system is completely secure. Where a client controls the identity provider, endpoint devices, or connected systems, that client also remains responsible for the security of those components and the lawfulness of access granted through them.

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including to deliver services, maintain security, comply with law, and resolve disputes.

Retention periods vary by context. For example: • Inquiry and business development records may be retained while a potential relationship is active and for a reasonable period afterward • Commercial, tax, and invoicing records may be retained for the period required by law • Client materials, private-deployment data, and related outputs are typically retained according to the applicable contract, statement of work, or data processing agreement • Security, audit, and diagnostic logs may be retained for a limited period needed for troubleshooting, compliance, and incident response

Where deletion is required, we may first archive data in backups or restricted systems for a limited time before it is fully purged.

Depending on where you are located and the role Letaria plays in the processing, you may have rights to: • Access personal data we hold about you • Correct inaccurate or incomplete data • Request deletion of data in certain circumstances • Restrict or object to certain processing • Withdraw consent where processing depends on consent • Request data portability where applicable • Lodge a complaint with a relevant supervisory authority

If Letaria processes your data on behalf of a client, you may need to direct your request to that client first because they control the purpose of the processing. We will assist our clients with such requests where appropriate.

To exercise a rights request, contact privacy@letaria.app and include enough information for us to verify the request and determine the relevant engagement or deployment context.

The Letaria website and, where relevant, private deployments may use cookies and similar technologies for: • Essential site and session functionality • Security and abuse prevention • Preference storage • Analytics or performance measurement where permitted

Where required by law, we ask for consent before using non-essential cookies. You can also manage certain cookie settings through your browser or our consent tools. See our Cookie Policy for additional detail.

Letaria may send business updates, insights, case studies, event invitations, or service announcements where permitted by law and consistent with the nature of the relationship.

Where consent is required, we will seek it before sending marketing communications. You can opt out at any time by using the unsubscribe link in the message or contacting marketing@letaria.app.

We may still send non-marketing communications that are necessary to respond to an inquiry, administer an engagement, provide security notices, or comply with legal obligations.

Letaria's Services are intended for business and professional use. They are not directed to children, and we do not knowingly collect personal data from children through the ordinary operation of the website or our client engagements.

If you believe a child has provided personal data to Letaria without appropriate authorization, contact privacy@letaria.app so we can review and take appropriate action.

Letaria uses AI and automation to assist with analysis, routing, reporting, and workflow generation. These tools are designed to support human teams, not replace them.

Letaria does not ordinarily use solely automated processing to make legal or similarly significant decisions about individuals in connection with the Services. Where AI-assisted results are used, clients and authorized users remain responsible for human review, approval, and downstream implementation decisions.

We may update this Privacy Policy from time to time to reflect changes in delivery practices, legal requirements, technology providers, or the Services themselves.

When we make a material change, we will update the effective date on this page and may also provide notice through email, a private deployment, or another reasonable channel where appropriate. Continued use of the Services after the updated Policy takes effect means you accept the revised Policy.

If you have questions, concerns, or requests about this Privacy Policy or our handling of personal data, contact:

Privacy: privacy@letaria.app Data protection contact: dpo@letaria.app Legal: legal@letaria.app Support: support@letaria.app

Letaria Singapore

If applicable law gives you the right to complain to a supervisory authority, you may also contact the authority responsible for privacy or data protection in your jurisdiction.