Privacy Policy

Last updated: March 2026

1. Data Controller

Legato Labs ("we", "our", "us"), Business ID 3574601-3, is the data controller responsible for your personal data. We are registered in Finland and operate under the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect only the data you voluntarily provide through our contact form:

  • Name
  • Email address
  • Company name (optional)
  • Budget range (optional)
  • Project description

We do not use tracking cookies, analytics, or any third-party advertising services. We do not collect data automatically beyond what is technically necessary for the website to function.

3. Legal Basis for Processing

Under Article 6(1) of the GDPR, we process your personal data based on:

  • Legitimate interest (Art. 6(1)(f)) — to respond to your inquiry and discuss potential collaboration.
  • Consent (Art. 6(1)(a)) — when you voluntarily submit the contact form, you consent to us processing the data you provide for the stated purpose.

4. How We Use Your Data

We use the information you provide solely to respond to your inquiry and discuss potential collaboration. We do not sell, rent, share, or distribute your personal data to third parties for marketing purposes.

5. Data Processors

Contact form submissions are processed through Formspree, Inc., a GDPR-compliant form processing service based in the United States. Formspree acts as a data processor on our behalf and processes data in accordance with their privacy policy. Data is transmitted securely via HTTPS and TLS encryption.

Our website is hosted on Amazon Web Services (AWS), which provides infrastructure services within the EU region.

6. Data Retention

We retain your contact form data only for as long as necessary to respond to your inquiry and for the duration of any resulting business relationship. If no business relationship is established, we delete your data within 12 months of your inquiry.

7. Your Rights Under GDPR

As a data subject in the EU, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Restriction — request limited processing of your data
  • Data portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, please contact us through our contact form.

8. Cookies

This website uses only essential, functional cookies required for the website to operate (such as storing your cookie consent preference). We do not use any tracking, analytics, or advertising cookies. No personal data is collected through cookies.

9. International Data Transfers

Some of our service providers (Formspree) may process data outside the EU/EEA. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data is protected to EU standards.

10. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local supervisory authority within the EU.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

12. Contact

For privacy-related inquiries, please use our contact form.