GDPR
Latitude is built with European data protection expectations in mind. Hosted Latitude stores and processes customer data and runs Latitude-managed inference in AWS eu-central-1 in Frankfurt, Germany. SDK and internal safeguards reduce PII exposure in telemetry. Latitude’s GDPR readiness review is in progress and is expected to be completed by the end of May 2026.GDPR is a regulatory framework, not a point-in-time certification like ISO 27001 or a SOC II audit report. Latitude’s GDPR work covers documentation, operational practices, data handling, and customer-facing process readiness.
Status
| Area | Status |
|---|---|
| GDPR readiness review | In progress |
| Expected completion | End of May 2026 |
Data protection approach
Latitude’s GDPR readiness work centers on:- AWS eu-central-1 boundary for hosted customer data and Latitude-managed inference
- organization and project scoping for customer data
- SDK redaction for common security-sensitive fields
- configurable redaction for customer-specific PII patterns
- internal controls that minimize unnecessary sensitive-data exposure
Customer responsibilities
Customers control what telemetry they send to Latitude. To support GDPR-aligned usage, customers should:- avoid sending unnecessary personal data in prompts, tool outputs, metadata, or annotations
- configure custom redaction for application-specific PII
- scope agents and products into separate projects when their data should not mix
- maintain an internal legal basis and retention policy for the telemetry they collect