2. Information We Collect

2.1  Information You Provide Directly

We collect personal information you voluntarily provide when you fill out a contact form, request a quote, or communicate with us, including:

•       Full name and email address

•       Company name and job title

•       Project details and service requirements

2.2  Information Collected Automatically via Framer Analytics

Our website is built and hosted on Framer.com. Framer includes built-in, privacy-preserving analytics that automatically collect limited technical data about site visits. Specifically:

•       Unique visitor counts — derived by hashing the visitor's IP address and user agent with a daily rotating secret key (salt) that is permanently deleted every 24 hours

•       Page view counts and top pages visited

•       Traffic sources (referrer categories)

ℹ FRAMER HOSTING — Framer Analytics does NOT use cookies, does NOT generate persistent identifiers, and does NOT retain raw IP addresses. No personal data is stored by Framer Analytics. This is why no cookie consent banner is required for this analytics tool. For more information, see framer.com/help/articles/gdpr-and-cookies.

2.3  Information Collected via Third-Party Services

If our website integrates any third-party services (such as Google Analytics, Meta Pixel, YouTube video embeds, or similar), those services may collect personal data including cookies and persistent identifiers. We will disclose any such integrations in our Cookie Policy and will obtain your consent before those services are activated.

3. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process personal data on the following legal bases:

•       Contractual necessity (Article 6(1)(b)): to respond to enquiries and deliver agreed services

•       Legitimate interests (Article 6(1)(f)): to understand how our website is used and improve our services, where our interests are not overridden by your rights

•       Legal obligation (Article 6(1)(c)): to comply with applicable laws and regulations

•       Consent (Article 6(1)(a)): for marketing communications and any non-essential cookies, which may be withdrawn at any time.

4. How We Use Your Information

We use personal information for the following specific purposes:

•       To respond to enquiries and deliver requested services

•       To manage client projects and send project-related communications

•       To analyse website traffic and improve our website using Framer's privacy-preserving analytics

•       To send marketing communications where you have provided consent or where permitted by applicable law

•       To comply with legal obligations, resolve disputes, and enforce our agreements

5. Website Hosting, Infrastructure & International Data Transfers

Our website is hosted by Framer.com (operated by Framer B.V., a Dutch company, and Framer Inc., a US entity). Framer acts as our data processor under a Data Processing Addendum (DPA) compliant with GDPR Article 28.

Framer's infrastructure is hosted on Amazon Web Services (AWS) in the United States. Website content is distributed globally via the AWS CloudFront content delivery network (CDN), which means your data may be processed on servers located outside the European Economic Area.

Framer relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism for personal data transferred from the EEA to the United States. Framer's DPA is available at: framer.com/legal/data-processing-addendum.

6. Information Sharing & Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

•       Framer (Hosting & Infrastructure): Our website is hosted on Framer.com, which processes technical data as described in Section 5. Framer's privacy statement is available at framer.com/legal/privacy-statement.

•       Service Providers: We may share data with other trusted third-party vendors (e.g., email platforms, project management tools) who process data on our behalf under contractual data processing agreements.

•       Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Latch Design or others.

•       Business Transfers: In the event of a merger, acquisition, or asset sale, personal information may be transferred. We will provide prior notice before your data becomes subject to a different privacy policy.

•       With Your Consent: We may share information for other purposes with your explicit consent.

7. Cookies & Tracking Technologies

7.1  Framer Built-In Analytics

Framer's built-in analytics tool does not use cookies and does not generate any persistent identifiers. It counts unique visitors using a daily-rotating hash of the IP address and user agent that is permanently deleted after 24 hours. No personal data is stored, and no cookie consent is required for this feature.

7.2  Third-Party Cookies

If our website includes any third-party services that use non-essential cookies (such as analytics, marketing, or embedded media services), we will:

•       Disclose each service and its purpose in a separate Cookie Policy

•       Implement a compliant cookie consent banner that auto-blocks non-essential cookies until you provide active consent

•       Offer granular opt-in/opt-out controls and a link to our Cookie Policy

You may manage cookie preferences at any time through our cookie preference centre (if applicable) or your browser settings.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information. These measures include:

•       SSL/TLS encryption for all data transmitted between your browser and our website

•       Framer's ISO 27001–certified infrastructure hosted on AWS, with AES-256 encryption at rest

•       AWS Key Management Service (KMS) for encryption key management

•       Redundant data storage across multiple AWS availability zones

•       Access controls limiting personal data access to authorised personnel only

No method of internet transmission or electronic storage is completely secure. While we strive to protect your information using industry-standard safeguards, we cannot guarantee absolute security

9. Your Privacy Rights

9.1  Rights Under GDPR (EEA & UK Residents)

If you are in the European Economic Area or the United Kingdom, you have the following rights:

•       Right of Access (Article 15): Obtain a copy of the personal data we hold about you

•       Right to Rectification (Article 16): Request correction of inaccurate or incomplete data

•       Right to Erasure (Article 17): Request deletion of your data in certain circumstances

•       Right to Restrict Processing (Article 18): Request that we limit how we use your data

•       Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format

•       Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing

•       Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing

•       Right to Lodge a Complaint: Contact your national data protection supervisory authority

9.2  Rights Under CCPA / CPRA (California Residents)

If you are a California resident, you have the right to: (i) know what personal information we collect and how it is used; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of your personal information (we do not sell personal information); and (iv) non-discrimination for exercising these rights.

To exercise any of the above rights, contact us at: hello@latchdesignstudio.com

10. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at hello@latchdesign.co and we will promptly delete such information.

11. Third-Party Links

Our website may contain links to third-party websites not operated by Latch Design or Framer. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised policy with an updated effective date. For material changes, we will provide additional notice such as an email notification to existing contacts. Continued use of our website after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us: hello@latchdesignstudio.com