Skip to main content

Privacy Policy

Version 3.3
Last revised on: April 11th, 2026

Leto Technology, Inc. (the "Company") is committed to maintaining robust privacy protections for its users. Our Privacy Policy ("Privacy Policy") is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.

For purposes of this Agreement, "Site" refers to the Company's website, which can be accessed at helloleto.com. "Service" refers to the Company's services accessed via the Site, in which users can create and manage tasks, calendar events, and reminders related to their family and the organizations that serve them. The terms "we," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or our Service. By accessing our Site or our Service, you accept our Privacy Policy and Terms of Use (found here: Terms of Use), and you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Policy. For a plain-English overview, see our Data Use Policy.

I. Information We Collect

We collect "Non-Personal Information" and "Personal Information." Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your email address, first name, and last name, which you submit to us through the registration process at the Site.

1. Information Collection Sources

We collect information from multiple sources depending on your user type and how you interact with our Service:

a. Information You Provide Directly

  • Account registration information (email, name)
  • Family member names and details
  • Children's first names and grade levels
  • Organization names that serve your family
  • Phone number (if you opt in to SMS notifications)

b. Information from Parent-Teacher Associations (PTAs)

If your organization's PTA participates in an official partnership with Leto, we may receive:

  • Parent email addresses for one-time verification
  • Verification/whitelist status to confirm community eligibility

Important: Data flows one direction only—from PTAs to Leto. We share only aggregate, anonymized analytics with PTAs, never individual user data.

c. Information from Organization Signup Pages

If you sign up through a dedicated organization page (URLs like /join/your-school-pta):

  • Your email address is captured before authentication to track signup completion
  • Your IP address is recorded for security and abuse prevention
  • The organization you're joining is associated with your account upon signup completion

These pages require a valid security link distributed by your PTA. If you start signing up but don't finish, we keep your email for 30 days so we can help you complete the process. After 30 days, it's automatically deleted. You can request immediate deletion anytime at [email protected].

2. User Types and Data Collection

We have different user categories with varying data collection methods:

PTA-Verified Users

Parents at organizations with official Leto PTA partnerships. Verification occurs either through email whitelist matching or by signing up through your PTA's dedicated signup link (/join/your-school-pta).

Individual Users

Parents using Leto without an official PTA partnership, who subscribe to Premium for via direct email inbox connection.

3. Information Collected via Technology

To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do need to submit further Personal Information, which may include: the names of family members, the names of organizations that serve your family, and your phone number if you opt in to mobile notifications via SMS. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the "referring URL"), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user's browser from our servers and are stored on the user's computer hard drive. Sending a cookie to a user's browser enables us to collect Non-Personal information about that user and keep a record of the user's preferences when utilizing our services, both on an individual and aggregate basis.

4. Authentication and Google User Data

We use Auth0 as our authentication service provider, which allows you to sign in using your Google account. When you choose to authenticate with Google:

  • Information We Access: We only access your basic profile information provided by Google, including your email address, first name, and last name.
  • How We Use This Information: This information is used solely to create and maintain your Leto account, enable you to sign in, and personalize your experience.
  • Data Storage: Your Google profile information is stored securely in our database and is subject to the same protections as all other personal information.
  • Data Sharing: We do not share your Google user data with any third parties except Auth0, which processes the authentication on our behalf.
  • Limited Use: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Leto's access to your Google account at any time through your Google Account settings.

5. Email Inbox Connection & Sender Recognition

Premium users may optionally connect their email inbox (Gmail) through our secure integration with the Gmail API to enable automatic sender recognition and task extraction. This is an optional feature that requires explicit consent.

a. What We Access

When you connect your email inbox, we access:

  • Email metadata (past 45 days): Sender email addresses, subject lines, and date/time stamps to identify and map organization-related senders to organizations
  • Email content (past 14 days): We temporarily access email body content from recognized organization senders to extract tasks, events, and deadlines using AI

Important: Email body content is deleted immediately after successful processing (or within 24 hours if processing fails). We only retain the extracted tasks and events with task/event-specific context snippets, not the original email content.

b. How We Use This Information

  • AI classification identifies family-relevant senders across categories such as schools, sports leagues, camps, tutoring programs, clubs, community organizations, daycare and childcare providers, religious organizations, and other organizations that serve your family
  • Sender mappings connect email addresses to organizations (schools, PTAs, sports leagues)
  • Recent emails from recognized senders are processed to extract tasks and events

c. Data Storage and Encryption

  • All sender email addresses are encrypted using AES-256-GCM encryption
  • Email body content is deleted immediately after successful processing (or within 24 hours if processing fails)
  • Lookups use blind indexing (salted cryptographic hashes), never plaintext searches
  • Sender Mappings and Email Fingerprints (Organizational Data): When you delete your account, we remove everything personal to you. The only data we retain is organization-level sender mappings (which email addresses belong to which school or organization) and email fingerprints (cryptographic hashes used to prevent duplicate processing). This data helps other families at your organization and cannot be traced back to you. Organizations cannot view or export this data.
  • How Fingerprints Work: We create SHA-256 cryptographic hashes of email content (subject line and body text). Before hashing, we normalize content to detect duplicates (e.g., removing formatting and common boilerplate). These fingerprints cannot be reversed to recover email content. Purpose limitation: Fingerprints are used solely to (1) prevent duplicate task creation across families, (2) reduce redundant AI processing costs, and (3) detect abuse. They are not used for marketing, profiling, or any other purpose.

d. What We Do NOT Do

  • We never permanently store email body content — it is deleted immediately after successful processing (or within 24 hours if processing fails).
  • We never share sender data with third parties / other organizations
  • We never sell or monetize your email data
  • We never use your data for advertising purposes

e. Complete Content Extraction

For emails from approved senders, Leto processes all available content sources to maximize task and event extraction:

  • Email body text: Processed as described above.
  • Linked web pages: When an email contains links to external web pages (such as online newsletters, school event pages, or signup forms), Leto follows those links and fetches the page content to extract task and event information. This fetching is performed directly by Leto's own servers — no third-party web scraping service receives your data. Fetched web page content is processed in memory and deleted after extraction.
  • PDF attachments: Text content is extracted from PDF files. If a PDF is image-based (scanned or graphical), the original PDF file is sent to Anthropic's Claude AI for visual analysis. PDFs are deleted after extraction.
  • Images (inline and attached): Images embedded in or attached to emails are analyzed by Anthropic's Claude AI to extract text content such as event dates, deadlines, and announcements. Images are deleted after extraction.

PII in binary content: Images and PDF documents may contain names, contact information, or other personally identifiable information that cannot be identified and redacted before they are sent to Anthropic for visual analysis. This is a necessary limitation of image and document processing. We minimize personal information shared with Anthropic where technically feasible.

Transient storage: All binary content (PDF attachments, images, and fetched web page content) is encrypted at rest using AES-256-GCM and automatically deleted after successful extraction. If processing fails, content is deleted within 24 hours.

We do not read drafts or sent mail. We do not access email content older than 14 days.

f. Data Deletion

  • When you disconnect your email, we immediately stop accessing your inbox, delete your connection credentials and sync history. Your extracted tasks and events remain in your account.
  • You can disconnect at any time through your account settings
  • Sender mappings and email fingerprints are organizational data maintained at the organization level; they are not deleted when you disconnect or delete your account (see above for details)

g. Gmail API Compliance

Our use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum permissions necessary to provide the sender recognition feature.

6. Session Cookies

We use session cookies to:

  • Maintain your authenticated session when you log in
  • Remember your authentication status as you navigate through our application
  • Process account invitations
  • Ensure your session remains secure while using our service

Our session cookies are set to expire after 30 minutes of inactivity to protect your security. As we use Auth0 for authentication, the following information may be stored in cookies:

  • Your authentication status
  • Your email address
  • Your first and last name (as provided during authentication)
  • Session security tokens

The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. We do not store any persistent cookies at this time.

7. Children's Privacy and COPPA Compliance

Children Never Have Direct Access: The Site and Service are designed for parent use only. Children never create accounts, log in, or directly interact with our Service. We are committed to protecting children's privacy in accordance with the Children's Online Privacy Protection Act (COPPA).

Information About Children: While children don't use our Service directly, parents may enter limited information about their children:

  • First names
  • Grade levels
  • Organization-related tasks and activities

No Direct Collection: We never knowingly collect information directly from anyone under 13. All children's information is provided by parents or through PTA partnerships with parental awareness.

Parental Control: Parents have complete control over their children's information and can update or delete it at any time through their account settings or by contacting [email protected].

8. Educational Records (FERPA)

We are aware of the Family Educational Rights and Privacy Act (FERPA) and its importance in protecting student educational records. Leto is designed to process logistical information (dates, times, events) rather than educational records as defined by FERPA.

While parents may connect their email inbox to our Service:

  • We extract only task and event information (dates, times, activities)
  • We do not intentionally process or retain grades, academic performance data, or disciplinary records
  • We do not access student information systems or official educational records

Inadvertent Educational Content: Organization emails may occasionally contain information that could constitute educational records under FERPA (such as IEP meeting notices, academic progress updates, or report card notifications). If such content is inadvertently processed:

  • We extract only the logistical details (date, time, event type)
  • The original email content is deleted immediately after processing
  • We do not store, index, or make searchable any academic performance data
  • You may request immediate deletion of any specific email-derived data by contacting [email protected]

Our Service is designed to help parents manage organization-related logistics and activities. We recommend parents review extracted tasks and events for accuracy and delete any they do not wish to retain.

Children's Data: We do not collect educational records, grades, or personal data about children. Names and grades are optional and parent-controlled.

9. Premium Subscription Data

If you subscribe to Leto Premium (including free trials and Pioneer Program):

a. Information We Collect

  • Your subscription status and plan type
  • Billing history (dates, amounts, plan changes)
  • Trial start and end dates (if applicable)
  • Pioneer program enrollment date and participating organizations (if applicable)

b. Payment Information

  • Payment card information is collected and stored by our payment processor, Stripe
  • We receive only a tokenized reference and the last 4 digits of your card
  • We do not store complete credit card numbers on our servers
  • Stripe may collect device information and IP addresses for fraud prevention purposes per their Privacy Policy

c. Subscription Events

We log subscription lifecycle events including:

  • Trial started, converted, or cancelled
  • Subscription renewals and plan changes
  • Payment successes and failures (without card details)

These logs are used for billing support and service improvement.

10. Subscription Consent Records

When you start a free trial or subscribe to Leto Premium, we record your consent to automatic renewal charges as required by California's Automatic Renewal Law (CA Business & Professions Code §17602) and similar consumer protection regulations.

a. What Consent Data We Retain

  • Timestamp of when you agreed to the automatic renewal terms
  • The exact consent and disclosure text shown to you at the time of signup
  • Your subscription plan and pricing at signup
  • The cancellation URL shown to you
  • A privacy-preserving hash of your IP address (for verification purposes)

Important: We do not store your raw IP address. We use a one-way cryptographic hash that allows verification if legally required but cannot be reversed to identify you.

b. Retention Period

Per California law, we retain consent records for the longer of:

  • Three (3) years from the date you gave consent, OR
  • One (1) year after your subscription ends

After this retention period expires, consent records are automatically deleted.

c. Handling During Account Deletion

  • CCPA Deletion Requests (California): Your consent records are retained per the retention period above, as required by California law for legal compliance. The link between your account and the consent record is preserved for audit purposes.
  • GDPR Erasure Requests (EU "Right to Be Forgotten"): The link between your account and consent records is deleted immediately. However, we retain the anonymized consent record (without any link to you) for the retention period as permitted under GDPR Article 17(3)(e) for legal defense purposes.

11. Marketing Communications

During account creation, you may choose to receive occasional product updates and new feature announcements by opting in to our email list.

  • You can unsubscribe at any time using the "unsubscribe" link at the bottom of any marketing email
  • Unsubscribing from marketing emails will not affect transactional emails (such as billing confirmations, security alerts, or task notifications)
  • We use Mailchimp to manage our email communications
  • We will not share your email address with third parties for their marketing purposes

12. Premium Usage Metrics

We collect aggregated metrics about Premium feature usage to improve our service:

  • Daily counts of trial starts, conversions, and cancellations
  • Aggregate email sync statistics
  • Feature adoption rates

These metrics are aggregated and designed to reduce re-identification risk. We do not share metrics for groups with fewer than 10 users, and we may further withhold metrics if the cohort is small or the metric is sensitive.

II. How We Use and Share Information

Personal Information

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company, such as the servers for our email communications who are provided access to user's email address for purposes of sending emails from us. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.

In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.

Third-Party Data Processors

We use the following third-party services to provide our Service:

  • Auth0: Authentication and identity management. See Auth0's Privacy Policy.
  • Google Gmail API: Email inbox integration (accesses email metadata and content directly via Google's Gmail API with read-only scope through Leto's own Google Cloud Platform project — no third-party intermediary)
  • Anthropic: AI-powered task and event extraction. Email content, images, and PDF documents from approved senders are processed by Anthropic's Claude AI to extract tasks and events. Anthropic does not retain your content or use it for model training. For text content, we redact family member names before processing to minimize personal information shared. For images and PDF documents, name redaction is not technically feasible prior to processing — such content may contain names or contact information that is sent to Anthropic as part of visual analysis. We review Anthropic's data handling practices regularly and will notify you of any material changes that affect how your data is processed. See Anthropic's Privacy Policy for details.
  • Resend: Transactional email delivery. We use Resend to send account-related emails such as billing confirmations, security alerts, and task notifications. See Resend's Privacy Policy.
  • Twilio: SMS notifications (if opted in). See Twilio's Privacy Policy.
  • Stripe: Payment processing for Premium subscriptions. Stripe collects and processes payment information (credit card numbers, billing addresses) on our behalf. We do not store complete payment card information on our servers. Stripe may collect device information and IP addresses for fraud prevention purposes. See Stripe's Privacy Policy.
  • Mailchimp: Email communications and marketing. If you opt in during registration, we use Mailchimp to send product updates and promotional content. You may unsubscribe from marketing emails at any time using the unsubscribe link in any email. See Mailchimp's Privacy Policy.
  • PostHog: Product analytics. We use PostHog to understand how users interact with our service and to improve the user experience. We configure PostHog to avoid capturing sensitive content such as email bodies or personal messages. Analytics data is used in aggregate form. See PostHog's Privacy Policy.
  • Rollbar: Error monitoring and application stability. Rollbar helps us identify and fix technical issues. We configure Rollbar to minimize capture of sensitive data. Error reports may include technical context to help us resolve issues but are not intended to capture email content or personal messages. See Rollbar's Privacy Policy.
  • Infrastructure Providers: We use additional service providers for hosting, content delivery, cloud storage, and security (such as Amazon Web Services, Heroku, and Cloudflare). These providers process data as necessary to operate our service and are bound by their respective privacy policies.

All third-party processors are contractually bound to handle your data in accordance with our Privacy Policy and applicable data protection laws.

Content Processing: Email content, images, PDF attachments, and linked web page content are processed by Anthropic's Claude AI to extract tasks and events. Web page content is fetched directly by Leto's servers — no third-party scraping or data processing service receives this content. No user data is shared with any third parties beyond those listed above.

Sharing with PTAs

For PTA-verified users, we may share aggregate, anonymized analytics with participating PTAs such as:

  • Overall parent engagement rates
  • Aggregate task completion statistics
  • General usage patterns

We never share individual user data, personal information, or specific user activities with PTAs.

Family Account Data Sharing

If you have a linked family account with another parent/guardian:

  • Both parents can access shared children's information
  • Each parent maintains independent account control
  • Family accounts can be unlinked by contacting support
  • In cases of separation/divorce, each parent retains access to their own account

We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

Non-Personal Information

In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. We may share aggregated, non-identifying usage data with service providers who help us improve Leto. We never share Non-Personal Information with advertisers or data brokers.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.

III. Data Ownership and Usage Rights

Raw Data Ownership

Leto does not claim ownership over content from users' connected email inboxes. This includes emails, attachments, and metadata accessed via inbox integrations. Users may disconnect their inboxes at any time; disconnecting deletes connection credentials and sync history. Organization-level sender mappings and email fingerprints are retained as described in Section I above.

Transformed Data Ownership

Leto retains intellectual property rights over the structured format and system-generated metadata of transformed data (including tasks, events, sender mappings, and engagement metadata), not the underlying content. This applies solely when:

  • (a) The original email was sent to a Leto inbox; or
  • (b) The email was sent to a Leto-provided organization address via a PTA partnership.

Use of Transformed Data

Transformed data is used to provide and improve the Leto service. For PTA-supported families, task and event data may be shared across verified family accounts to support coordination (e.g., both parents seeing the same signup task). No personal content is shared outside the family unit unless explicitly authorized.

Limitation on Private Emails

Leto does not process or retain direct one-on-one communications between families and organizations unless a user connects their inbox. Such content is treated as private and subject to deletion on request.

Requesting Deletion or Export

Families can request deletion or export of both raw and transformed data associated with their account at any time by contacting [email protected].

AI Processing Consent

By using email extraction features, you consent to the use of artificial intelligence (AI) to analyze email content, PDF attachments, images, and linked web page content for task and event identification, including visual analysis of images and documents. Leto uses Anthropic's Claude AI for this purpose under a binding data processing agreement.

Data Portability

Users may request an export of extracted task and event data and sender mappings in human-readable format (e.g., CSV or JSON). We do not retain or export raw email content after deletion.

IV. Data Retention and Account Transitions

General Data Retention

  • Active account data: Retained for the duration of your account
  • Deleted account data: Removed within 30 days of deletion request
  • Backup data: Retained for up to 90 days in our backup systems
  • Legal holds: Data may be retained longer if required by law or legal proceedings
  • Anonymized data: May be retained indefinitely for analytics and service improvement

PTA Partnership Transitions

If your PTA partnership with Leto ends:

  • You will receive 30 days advance notice via email
  • You will be given the option to continue using the Service
  • Your account may be deactivated if you do not opt to continue
  • PTA-provided verification data will be retained only if you opt to continue
  • You may subscribe to Premium to continue using the Service

Google User Data Retention

  • We retain your basic Google profile information (email address, first name, last name) for as long as you maintain an active account with Leto
  • This information is essential for authentication and account management purposes
  • When you delete your Leto account, we will delete your Google profile information from our systems within 30 days, except where we are required to retain certain information for legal or compliance purposes
  • Authentication logs may be retained for up to 90 days for security and troubleshooting purposes

V. How We Protect Information

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.

NIST Compliance: We follow security practices aligned with NIST (National Institute of Standards and Technology) guidelines, including:

  • Encryption of all Personally Identifiable Information (PII) at rest and in transit
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Incident response procedures
  • Regular security training for personnel with data access

Security Logging: We maintain security logging practices aligned with industry standards and compliance requirements. Logs are retained as needed for security monitoring, incident investigation, and regulatory compliance.

VI. Your Rights Regarding Personal Information

Marketing Communications

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail. You can also indicate that you do not wish to receive marketing communications from us in the Settings section of the Site, or through unsubscribe links in our marketing emails. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the Settings section of the Site, or through unsubscribe links in our marketing emails, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.

Data Rights (Including Google Data)

In accordance with data protection laws, including GDPR where applicable, you have the following rights regarding your personal information, including any data obtained through Google authentication or PTA partnerships:

  1. Right to Access (Data Portability)
    • You can request a copy of all personal information we hold about you
    • This includes data from Google, PTAs, and information you've provided
    • We will provide this information in a commonly used, machine-readable format (such as JSON or CSV)
    • You can access most of your data directly through your account settings
  2. Right to Rectification
    • You can update your profile information at any time through your account settings
    • You can update your children's information directly in the app
    • If your Google account information changes, you can re-authenticate to update it
  3. Right to Erasure ("Right to be Forgotten")
    • You can request deletion of your account and all associated personal data
    • To delete your account, contact us at [email protected]
    • We will process deletion requests within 30 days
    • Note: Some information may be retained where we have a legal obligation to do so
  4. Right to Restrict Processing
    • You can request that we limit how we use your personal information
    • For example, you can opt out of marketing while maintaining your account
  5. Right to Object
    • You can object to certain types of processing, such as direct marketing
    • You can object to email inbox connection and request manual task entry instead
  6. Right to Data Portability
    • You can request your data in a format that allows you to transfer it to another service
    • This includes all data you've provided to us, including children's information
  7. Right to Withdraw Consent
    • Where we rely on consent for processing, you can withdraw it at any time
    • You can revoke Leto's access to your Google account through your Google Account settings
    • You can disconnect your email inbox at any time through your account settings
    • Note: Withdrawing consent for authentication will prevent you from accessing your Leto account

How to Exercise Your Rights

  • Email: [email protected]
  • Include "Data Rights Request" in the subject line
  • We will verify your identity before processing any requests
  • We aim to respond to all requests within 30 days

Family Account Rights

  • Both parents in linked accounts maintain independent data rights
  • Either parent can request unlinking of family accounts via support
  • Each parent can independently manage their account and access rights

Google-Specific Rights

  • You can manage Leto's access to your Google account at: myaccount.google.com/permissions
  • Revoking access through Google will immediately prevent new logins but won't delete existing account data
  • To fully delete your data, please submit a deletion request to us directly

VII. State-Specific Privacy Rights

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

New York Residents

New York residents have specific rights regarding the collection and use of personal information, particularly regarding minors' data. We comply with all applicable New York privacy laws.

VIII. Links to Other Websites

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

IX. Changes to Our Privacy Policy

The Company reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

X. Contact Us

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to [email protected].

For privacy-specific inquiries or to exercise your data rights, please email [email protected] with "Privacy Request" or "Data Rights Request" in the subject line.

You may also contact us by mail at:
Leto Technology, Inc.
444 E 82nd St #17F
New York, New York 10028