privacy policy

Last updated: February 2026

Latent Patterns is operated from Australia. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy describes what personal information we collect, why we collect it, and how we handle it.

1. information we collect

We collect only what is necessary to provide the service:

• Email address — provided when you sign in via magic link. Used for authentication and account communications.
• Payment information — processed entirely by Stripe. We store a Stripe customer ID and subscription status. We never see or store your card number.
• Course progress — which lessons you have marked as completed, stored against your account.
• Session cookie — a single httpOnly cookie that keeps you signed in for up to 30 days. It cannot be read by JavaScript and contains no personal information.

2. how we use your information

• To authenticate you and maintain your session
• To manage your subscription and process payments via Stripe
• To track your learning progress across courses
• To send you transactional emails (login links). We do not send marketing emails.

3. disclosure to third parties

We share personal information only with:

• Stripe — for payment processing. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy.
• SMTP provider — for delivering magic link emails. The provider receives your email address and the login link. We do not send marketing or promotional emails.

We do not sell your personal information. We do not use third-party analytics, advertising trackers, or social media pixels.

4. data storage and security

• Your data is stored in a local SQLite database accessible only to the application process.
• Sessions use cryptographically random identifiers.
• Magic link tokens expire after 15 minutes and can only be used once.
• All connections are served over HTTPS.

5. data retention

• Account data is retained for as long as your account exists.
• Session records expire after 30 days.
• Used magic link tokens are retained for audit purposes and periodically purged.
• If you delete your account, all associated data (progress, sessions, subscription records) is permanently removed.

6. your rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct any information that is inaccurate or out of date
• Request deletion of your account and all associated data
• Complain to the Office of the Australian Information Commissioner if you believe we have breached the APPs

To exercise any of these rights, email privacy@latentpatterns.com.

7. cookies

We use two essential cookies:

• session — user authentication. httpOnly, Secure, SameSite=Lax. Expires after 30 days.
• admin_session — admin authentication (admin users only). httpOnly, Secure, SameSite=Strict. Expires after 4 hours.

We do not use tracking cookies, analytics cookies, or any third-party cookies. There is no cookie banner because there is nothing to consent to beyond essential session cookies.

8. changes to this policy

We may update this policy from time to time. Material changes will be noted at the top of this page with an updated date. Continued use of the service after changes constitutes acceptance.

9. contact

For privacy inquiries: privacy@latentpatterns.com