Channel AscentCHANNELASCENT
← Back to Home

Data Protection Policy

Last Updated: December 2024

This Data Protection Policy outlines how Latent Ventures LLC, operating as ChannelAscent ("we," "us," or "our") protects personal data in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

This policy supplements our Privacy Policy with specific information about data protection practices, rights, and procedures.

1. Data Controller Information

Data Controller: Latent Ventures LLC (dba ChannelAscent)

Contact Email: support@channelascent.com

Address: California, United States

For EU/UK residents, we act as the data controller for personal data processed through our Service.

2. Categories of Personal Data

We process the following categories of personal data:

2.1 Identity Data

  • Full name
  • Email address
  • Username/handle

2.2 Account Data

  • Password (encrypted, hashed)
  • Account preferences
  • Subscription status

2.3 Financial Data

  • Payment card details (processed by Stripe, not stored by us)
  • Billing address
  • Transaction history

2.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system

2.5 Usage Data

  • Feature usage patterns
  • Blueprint analyses created
  • Content captured
  • Comments generated
  • Outcome metrics

2.6 Content Data

  • Captured social media posts (public)
  • Generated Blueprints
  • AI-generated comments
  • Voice source configurations

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

Processing ActivityLegal BasisDetails
Account creation and managementContractNecessary to provide the Service
Payment processingContractNecessary to fulfill subscription
Blueprint analysisContractCore service functionality
Comment generationContractCore service functionality
Security monitoringLegitimate InterestProtecting our Service and users
Fraud preventionLegitimate InterestPreventing abuse and fraud
Service improvementLegitimate InterestImproving user experience
AnalyticsLegitimate InterestUnderstanding Service usage
Marketing communicationsConsentOptional, with explicit opt-in
Legal complianceLegal ObligationComplying with applicable laws

Legitimate Interest Assessment

For processing based on legitimate interests, we have conducted assessments to ensure our interests do not override your fundamental rights and freedoms.

4. Data Subject Rights

4.1 Your Rights Under GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

Right to Erasure (Article 17)

You can request deletion of your data in certain circumstances ("right to be forgotten").

Right to Restriction (Article 18)

You can request restriction of processing in certain circumstances.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated individual decision-making, including profiling.

4.2 Your Rights Under CCPA

If you are a California resident, you have the following rights:

Right to Know

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share data
  • Specific pieces of personal information collected

Right to Delete

Request deletion of personal information, subject to exceptions.

Right to Opt-Out of Sale

We do not sell personal information as defined by the CCPA.

Right to Non-Discrimination

We will not discriminate against you for exercising your rights.

5. Exercising Your Rights

5.1 How to Submit a Request

Email: support@channelascent.com

Subject Line: Include "Data Subject Request" and specify the right you wish to exercise.

Required Information:

  • Your full name
  • Email address associated with your account
  • Specific request details
  • Country of residence

5.2 Identity Verification

To protect your privacy, we may require verification of your identity before processing requests. This may include:

  • Confirming your email address
  • Answering security questions
  • Providing additional documentation

5.3 Response Timeline

RegulationResponse TimeExtension
GDPR30 days+60 days if complex
CCPA45 days+45 days if necessary

We will inform you if we need additional time and the reasons for any delay.

5.4 Fees

We do not charge fees for processing legitimate requests. We may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

6. Data Processing Activities

6.1 Blueprint Analysis

  • Data Processed: Public social media content, engagement metrics
  • Purpose: Extract patterns and strategies for content creation
  • Legal Basis: Contract (service delivery)
  • Retention: Until account deletion or manual deletion

6.2 Comment Generation

  • Data Processed: Target post content, user voice preferences, context
  • Purpose: Generate contextual engagement suggestions
  • Legal Basis: Contract (service delivery)
  • Retention: 90 days for analytics, then anonymized

6.3 Chrome Extension

  • Data Processed: Public posts, engagement actions, browsing on supported platforms
  • Purpose: Content capture and engagement assistance
  • Legal Basis: Contract (service delivery)
  • Retention: Until user deletion or account closure

7. Sub-Processors

We use the following sub-processors who may process personal data on our behalf:

Sub-ProcessorPurposeLocationSafeguards
SupabaseDatabase & AuthUSASCCs, SOC 2
StripePaymentsUSASCCs, PCI DSS
AnthropicAI ProcessingUSADPA, Security Controls
VercelHostingUSA/GlobalSCCs, SOC 2
PostHogAnalyticsUSA/EUSCCs, GDPR Mode

SCCs: Standard Contractual Clauses for international data transfers

Sub-Processor Updates

We maintain an up-to-date list of sub-processors. Material changes will be communicated through our Service or via email.

8. International Data Transfers

8.1 Transfer Mechanisms

When transferring data outside the EEA/UK, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Supplementary measures where required

8.2 Transfer Impact Assessments

We conduct Transfer Impact Assessments to evaluate the data protection standards in recipient countries and implement additional safeguards as needed.

9. Data Security Measures

We implement the following technical and organizational measures:

9.1 Technical Measures

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.3)
  • Secure authentication (bcrypt password hashing)
  • Regular security updates
  • Intrusion detection systems
  • Regular backups

9.2 Organizational Measures

  • Access controls (principle of least privilege)
  • Security awareness training
  • Incident response procedures
  • Vendor security assessments
  • Regular security audits

9.3 Data Minimization

We collect and process only the minimum data necessary to provide our Service.

10. Data Breach Procedures

10.1 Breach Detection

We maintain systems and procedures to detect potential data breaches promptly.

10.2 Breach Response

In the event of a data breach:

  1. Containment: Immediately contain and assess the breach
  2. Assessment: Determine scope, affected data, and risk level
  3. Notification:
    • Supervisory authority within 72 hours (GDPR requirement)
    • Affected individuals without undue delay if high risk
  4. Documentation: Record all breaches in our breach register
  5. Remediation: Implement measures to prevent recurrence

10.3 Breach Notification Content

Notifications will include:

  • Nature of the breach
  • Categories and approximate number of individuals affected
  • Contact details for more information
  • Likely consequences
  • Measures taken or proposed

11. Data Retention Schedule

Data CategoryRetention PeriodJustification
Account dataDuration of account + 30 daysService provision
Billing records7 yearsTax/legal requirements
BlueprintsUntil deletion or account closureUser-controlled content
Captured postsUntil deletion or account closureUser-controlled content
Generated comments90 daysAnalytics, then anonymized
Usage analytics26 monthsProduct improvement
Security logs12 monthsSecurity compliance
Support tickets3 yearsService quality

After retention periods expire, data is securely deleted or anonymized.

12. Automated Decision-Making

12.1 AI Content Generation

We use AI to generate content suggestions. This processing:

  • Does not produce legally or similarly significant effects
  • Always requires human review before posting
  • Can be overridden or edited by the user

12.2 Confidence Scoring

AI-generated comments receive confidence scores. This is used to:

  • Filter low-quality suggestions (below 60% threshold)
  • Prioritize high-quality suggestions for user review

Users maintain full control over whether to use, edit, or discard suggestions.

13. Children's Data

We do not knowingly collect personal data from individuals under 18 years of age. If we discover we have collected data from a minor, we will:

  • Promptly delete the data
  • Terminate the associated account
  • Document the incident

14. Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for processing activities that may result in high risk to individuals, including:

  • Large-scale processing of social media content
  • AI-based profiling and content generation
  • New product features involving personal data

DPIAs are reviewed and updated as processing changes.

15. Privacy by Design

We implement privacy by design principles:

  • Proactive: Prevent privacy issues before they occur
  • Default Settings: Privacy-protective defaults
  • Embedded: Privacy built into system design
  • Full Functionality: Avoid false tradeoffs
  • End-to-End Security: Full lifecycle protection
  • Visibility: Transparent operations
  • User-Centric: Respect user privacy

16. Supervisory Authority

EEA Residents

You have the right to lodge a complaint with your local supervisory authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK Residents

You may contact the Information Commissioner's Office (ICO): https://ico.org.uk

California Residents

You may contact the California Attorney General's Office: https://oag.ca.gov

17. Policy Updates

We review this policy annually and update it as needed. Material changes will be communicated via:

  • Email notification
  • In-app notification
  • Updated "Last Updated" date

Continued use of the Service after changes constitutes acceptance of the updated policy.

18. Contact Information

Data Protection / Privacy Contact

Email: support@channelascent.com

Address: Latent Ventures LLC, California, United States

We aim to respond to all inquiries within 5 business days.

This Data Protection Policy is part of our commitment to protecting your privacy and complying with applicable data protection laws.