Privacy Policy

Last updated: March 2026

Who we are

Lattify (“we”, “us”, “our”) is a UK-based technology company that provides AI-powered training guide software for businesses. Our platform converts video content into interactive, step-by-step training guides and tracks how effectively those guides transfer skills to staff.

This policy explains how we collect, use, and protect personal data - both from the businesses that use Lattify (“Creators”) and from the team members who complete training through the platform (“Learners”).

Data Controller: Lattify Ltd
Contact: privacy@lattify.co

Data we collect

1. Account and business information

When a Creator signs up for our waitlist, creates an account, or subscribes to Lattify, we collect:

  • Name
  • Email address
  • Company name
  • Job title (if provided)
  • Industry sector (if provided)
  • Password (encrypted, never stored in plain text)

Legal basis: Consent (Article 6(1)(a) GDPR) for the waitlist; performance of a contract (Article 6(1)(b) GDPR) for active accounts.

2. Video content and training guides

Creators upload videos which our platform processes into structured training guides. We collect and store:

  • Original video files uploaded by the Creator
  • AI-extracted guide content including steps, instructions, tools and materials lists, safety warnings, and estimated durations
  • Any edits the Creator makes to generated guides
  • Photo verification images uploaded by Learners as proof of completed work

Videos and guides are the Creator’s property. We process them solely to deliver the Lattify service. We do not use Creator or Learner content to train our AI models, share it with other customers, or repurpose it for any other purpose.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR).

3. Learner session telemetry

When a Learner works through a training guide, we automatically log structured behavioural events to measure guide effectiveness and identify areas for improvement. These events include:

  • Step interactions: each time a Learner opens a step, leaves a step, marks a step complete, goes back to a previous step, or skips forward past a step
  • Help interactions: each time a Learner opens the help feature or submits a help request
  • Safety acknowledgements: each time a Learner clicks through a safety warning
  • Session outcomes: whether a session was completed, abandoned, or timed out
  • Timing data: timestamps for all events, from which we derive time spent on each step and overall session duration

Every event is logged with the following identifiers:

  • A pseudonymous user ID (not the Learner’s name or email)
  • Guide ID and step ID
  • Session ID
  • Timestamp
  • Device information (operating system and browser, where available)

Important: Learner telemetry is collected using pseudonymous identifiers. We do not directly identify individual Learners by name within our analytics systems. However, because the Creator (the Learner’s employer) assigns access to guides, the Creator may be able to associate a pseudonymous user ID with a specific team member. Responsibility for informing Learners about this data collection rests with the Creator as the data controller of their employees’ data. See “Data controller responsibilities” below.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in providing analytics that help Creators improve training quality and measure effectiveness.

4. Learner feedback

Learners can optionally submit feedback on individual steps within a guide. This feedback is structured into three categories:

  • Issue reports - categorised as: tool problem, wrong measurement, unclear instruction, or safety concern
  • Different approach reports - categorised as: tool substitution, added extra step, or different technique
  • Tips - short free-text contributions (maximum 100 characters)

Feedback is stored with the Learner’s pseudonymous user ID, the relevant guide and step, and a timestamp. At MVP, tips are stored for internal review and are not surfaced to other Learners in the product.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in improving guide quality.

5. Aggregated analytics and computed scores

We process raw telemetry and feedback into aggregated analytics at the guide and step level. These include:

  • Guide-level metrics: total sessions, completion rate, abandonment rate, help request rate, and feedback counts by category
  • Step-level metrics: total views, completion count, average time spent, backtrack rate, help rate, feedback counts by category, and a hotspot flag indicating steps where Learners frequently struggle
  • Guide Value Index (GVI): a composite effectiveness score (0.0–5.0) computed from completion rates, behavioural success signals, friction indicators, and a structural difficulty index derived from guide properties (step count, duration, tool/material count, safety warning presence, and workflow complexity)

Aggregated analytics are computed nightly and are available to Creators across 7-day, 30-day, and lifetime time windows. GVI scores are only computed for guides with five or more training sessions.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in providing Creators with actionable insight into training effectiveness.

6. Payment information

Billing is processed securely through Stripe. We do not store credit card numbers or bank details on our servers. Stripe collects and manages payment data in accordance with their own privacy policy.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR).

7. Website usage data

When you visit lattify.co, we may collect:

  • IP address (anonymised)
  • Browser type and version
  • Pages visited and time spent
  • Referring website

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in understanding how visitors use our website.

Data controller responsibilities

Lattify operates as a data processor on behalf of Creator organisations when handling Learner data. The Creator organisation is the data controller for their employees’ training data.

This means:

  • Creators are responsible for informing their Learners (employees) that behavioural data is collected during training sessions, what data is collected, and how it is used
  • Creators are responsible for having a lawful basis under GDPR for processing their employees’ training data through Lattify
  • Lattify processes Learner data only in accordance with the Creator’s instructions and for the purpose of delivering the service

We provide a Data Processing Agreement (DPA) to all Creator organisations. If you are a Creator and have not received a DPA, contact privacy@lattify.co.

How we use personal data

We use the data described above to:

  • Provide, maintain, and improve the Lattify platform
  • Process uploaded videos and generate training guides
  • Log and aggregate Learner session data to power analytics and effectiveness scoring
  • Identify steps where Learners struggle and surface this information to Creators
  • Communicate with Creators about their account, product updates, and relevant information
  • Respond to enquiries and provide support
  • Comply with legal obligations

We will never sell personal data to third parties. We do not use Learner behavioural data or Creator content for advertising purposes.

Who we share data with

We share personal data only with the following categories of service providers, each bound by data processing agreements:

  • Cloud hosting: to store and process data securely
  • AI processing providers: to power video-to-guide extraction
  • Payment processing: Stripe, for billing
  • Email communications: for account-related and product communications
  • Analytics infrastructure: for processing and storing telemetry and aggregated metrics

We do not transfer personal data outside the UK or EEA unless adequate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

How long we keep data

Data typeRetention period
Waitlist dataUntil removal is requested, or 24 months after collection if the individual does not become a customer
Creator account dataDuration of subscription plus 12 months
Uploaded videosDuration of subscription; deleted within 30 days of account closure
Learner session telemetryDuration of the Creator’s subscription; deleted within 30 days of account closure
Learner feedbackDuration of the Creator’s subscription; deleted within 30 days of account closure
Aggregated analyticsDuration of the Creator’s subscription; anonymised aggregates may be retained for product improvement
Photo verification uploadsDuration of the Creator’s subscription; deleted within 30 days of account closure
Billing records7 years, as required by UK tax law
Website analytics26 months (anonymised)

Your rights

Under UK GDPR, both Creators and Learners have the right to:

  • Access personal data we hold about you and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (subject to legal retention requirements)
  • Restrict processing in certain circumstances
  • Data portability - receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time where processing is based on consent

For Creators: contact privacy@lattify.co directly.

For Learners: because your employer is the data controller for your training data, requests related to session telemetry and feedback should be directed to your employer in the first instance. If you contact us directly, we will work with your employer to fulfil your request.

We will respond to all valid requests within 30 days.

Data exports

Creators can export their guide data, Learner feedback, and aggregated analytics in CSV or JSON format at any time through the Lattify platform.

Cookies

Our website uses essential cookies required for the site to function. We may also use analytics cookies to understand how visitors interact with our website. You can manage cookie preferences through your browser settings.

Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest
  • Pseudonymisation of Learner identifiers in telemetry and analytics systems
  • Role-based access controls
  • Regular security reviews
  • Isolated data storage per Creator organisation (multi-tenant architecture with logical separation)

Children

Lattify is a business product and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. The “last updated” date at the top of this page indicates when the policy was last revised.

Contact and complaints

For any questions about this policy or your personal data:

General privacy enquiries: privacy@lattify.co
Data Processing Agreements: privacy@lattify.co

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
ico.org.uk
Helpline: 0303 123 1113