Privacy Policy

This Privacy Policy applies to individuals and organizations ("you") who use the Latinum AI agent service operated by Latinum IT Partners, an Ontario company. If you are using Latinum on behalf of an organization, this policy applies to both you and the organization.

We collect the following categories of information:

• Account information: Your name, email address, and business name, collected at signup.
• Payment information: Billing details processed by Stripe. We do not store full card numbers — Stripe holds payment data under PCI-DSS compliance.
• OAuth tokens: When you connect integrations (Gmail, Google Calendar, HubSpot, etc.), we store OAuth access and refresh tokens, encrypted at rest.
• Agent conversation history: Your messages to the agent and the agent's responses, stored to provide continuity across sessions.
• Action logs: Records of actions the agent takes on your behalf (emails sent, calendar events created, CRM updates, etc.) for your review and audit purposes.
• Technical data: IP address, browser/client type, and session data for security and debugging purposes.

We use your data solely to provide and improve the Service:

• To provision and operate your AI agent
• To process payments and manage your subscription
• To authenticate and authorize your connected integrations
• To respond to your support requests
• To detect and prevent abuse or security incidents

We do not sell your personal information. We do not share your data with third parties for marketing or advertising purposes. We do not use your data to train AI models.

All data you generate through the Service — including conversation history, action logs, OAuth tokens, and account information — is stored on OVH Canada infrastructure located in Beauharnois, Quebec. No data leaves Canada.

The sole exception is payment data, which is processed by Stripe. Stripe operates under its own privacy policy and complies with PCI-DSS. We do not pass personal data beyond what Stripe needs to process payment (your name, email, and billing address).

When you connect Gmail, HubSpot, Google Calendar, or other services, you authorize us to access those services on your behalf through OAuth. We store your OAuth tokens encrypted at rest and access third-party services only as directed by your agent instructions.

We do not read, store, or analyze the content of your third-party accounts beyond what is necessary to carry out the specific actions you direct the agent to perform. For example, if you ask the agent to summarize your inbox, it will retrieve emails, generate a summary, and return it to you — but we do not retain those emails in our own database.

Your account data and agent history are retained for as long as your subscription is active, plus 90 days after termination. During the post-termination window, you can request an export of your data.

Agent action logs are retained for 90 days from the time the action occurred, then automatically deleted.

You may request deletion of your data at any time by emailing kevin@latinum.ca. Deletion requests are processed within 30 days.

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the right to:

• Know what personal information we hold about you
• Request access to your personal information
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent to our collection or use of your information

To exercise any of these rights, contact us at kevin@latinum.ca. We will respond within 30 days.

We take security seriously. Measures we have in place include:

• Encryption of data at rest and in transit (TLS 1.2+)
• OAuth tokens stored with application-level encryption
• SSH key-only server access; no password authentication
• Hardened Ubuntu servers with automatic security updates
• Least-privilege access controls across all internal services
• Audit logging of agent actions and administrative access

In the event of a security breach that may have exposed your personal information, we will notify affected users within 72 hours of becoming aware of the breach, consistent with our obligations under PIPEDA and the Breach of Security Safeguards Regulations.

Breach notifications will be sent to the email address on file for your account and will describe what happened, what data was involved, and what steps we are taking.

Our website uses minimal cookies for session management and to remember your language preference. We do not use third-party advertising cookies or tracking pixels. We do not use Google Analytics or similar services that send your data to US servers.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 14 days before the change takes effect. The updated policy will be posted at latinum.ca/legal/privacy.

Privacy questions and data requests: kevin@latinum.ca

Latinum IT Partners · Ontario, Canada