Privacy Policy

Last updated: January 2026

1. Introduction

At Laterly, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our service.

2. Information We Collect

We collect the following types of information:

  • Account information: email address and password (hashed)
  • Message content: encrypted and stored securely
  • Recipient information: email addresses you provide
  • Usage data: login times, check-ins, and service interactions

3. How We Use Your Information

We use your information to:

  • Provide and maintain the service
  • Send check-in reminders and notifications
  • Deliver your messages to recipients when triggered
  • Improve our service and develop new features

4. Encryption

All message content is encrypted using AES-256-GCM encryption before storage. We cannot read your messages. Only you (and your recipients when a message is delivered) can access the content.

5. Information Sharing

We do not sell your personal information. We only share data with third parties as necessary to provide the service (e.g., email delivery providers) or when required by law. All third-party providers are bound by strict confidentiality agreements.

6. Data Retention

We retain your data as long as your account is active. When you delete your account, we remove your personal data within 30 days, except for data we are legally required to retain. Sent messages are stored for 90 days for reference.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a portable format

8. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract execution (Art. 6.1.b GDPR): to provide the service
  • Consent (Art. 6.1.a GDPR): for analytics cookies
  • Legal obligation (Art. 6.1.c GDPR): retention of billing data
  • Legitimate interest (Art. 6.1.f GDPR): security and fraud prevention

9. Data Protection Officer

For any questions regarding your personal data, please contact our Data Protection Officer:

hello@laterly.io

10. International Transfers

Your data may be transferred to third countries (United States) through our service providers:

  • Stripe (payments): Standard Contractual Clauses approved by the European Commission
  • Resend (emails): Standard Contractual Clauses
  • Google Analytics: Privacy Shield invalidated, using Standard Contractual Clauses

These transfers are governed by appropriate safeguards compliant with GDPR.

11. Detailed Data Retention

  • Account data: Account lifetime + 30 days after deletion
  • Billing data: 10 years (legal accounting obligation)
  • Sent messages: 90 days after sending
  • Security logs: 12 months
  • Analytics cookies: Maximum 13 months

12. Data Breach

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will inform you as soon as possible and, if necessary, notify the CNIL within 72 hours.

13. Automated Decision-Making

We do not use automated profiling or automated decision-making regarding your personal data.

14. Processing Register

We maintain a processing activities register compliant with Article 30 of GDPR, available upon request from our DPO.

15. Contact

For privacy-related inquiries, please contact us at Contact