Amber Service Privacy Statement
Version: July 01, 2022
Latticework Inc. (the “Company”, “we”, “us”) provides the Amber Hybrid Cloud Service (the “Amber Service”), comprising the Main Cloud Service (the “AmberCloud”), Personal Cloud Device (the “Amber Device”) and client software applications running on Apple macOS, Microsoft Windows OS, Apple iOS, and Google Android device (the “Applications”).
The Amber Device provides the storage location for personal data, and the AmberCloud provides cloud connectivity for the Application to the Amber Device. In addition, the AmberCloud service provides some amount of cloud storage for each of the AmberCloud user accounts, mainly for the purpose of providing some data storage location for account users who don’t own an Amber Device.
The Amber Service consists of cloud software services that enable full secure cloud connectivity to Amber Devices storing users’ data on the customer’s premise so they can be accessed or shared with anyone over the internet.
This Privacy Statement is specific to the Amber Service provided by Latticework. This statement may be modified from time to time. Latticework shall make reasonable attempts to notify users of major changes to the Amber Service Privacy Statement. Our latest Privacy Statement shall always be available from our main site or our apps.
Information you provide when using the Amber Service
- Email address for service account
You provide an email address for the creation of a service account on AmberCloud to enable access to the Amber Service. We also send emails to your email address for Amber Service-related purposes, such as share notifications, issues notifications, and system update notifications.
When you share your digital content with another user, we will send notification to that user about a share coming from you, identifying you by your email address. We do NOT share your email address with any parties for any purpose not directly attributable to your service purpose.
- Service account password
The password you set for the Amber Service account is only stored in hashed form in a protected database. Password complexity policy is in place to help you create stronger passwords. It is your responsibility to keep your password secret and not share it with others.
We strongly suggest that even if you want someone to have access to your files, you do so only by sharing the files with the person’s AmberCloud account. For added protection, use read-only share if you do not intend the other person to modify your files.
- Service account profile
Your Amber Service account comes with a personal profile information page that allows you to add your name, nickname, mobile number, personal email, language preference, etc. These personal profile data are optional.
We do not share your personal profile with any third parties.
Storage location of your files
The files you store on your Amber Device stay inside your Amber Device. Even if you share some files with some AmberCloud users, we do not copy any of those files to the AmberCloud. We only maintain share-link information of shared-files to allow your intended share recipient to access the files on your Amber Device.
Any file uploaded to AmberCloud can only be initiated by AmberCloud users with an access right to the file. You should be aware that when you share a file with another AmberCloud user, he or she will ultimately be able to make a copy of that file and do whatever with the copy, including uploading a copy of the files to his/her AmberCloud storage space.
Information we collect for service purposes
- Normal connectivity and session information
Whenever your Amber Device and client Application connect to the AmberCloud, by necessity, AmberCloud will identify them (and thus the user account) using unique session ID. Also, the connection IP address will be known to AmberCloud.
The use of session ID and IP addresses is necessary for normal and secure operation of the Amber Service.
- Amber Device user information
AmberCloud that provides a secure cloud service for every participant in the Amber Service ecosystem. That means that aside from protecting the privacy of data stored on your Amber Device, we also protect the legitimate interests of all other AmberCloud users. That includes providing accurate identification of sharer information when someone receives shared content. AmberCloud does not support masking of sharer identity in share-links it presents to any AmberCloud user.
Each Amber Device provides the following information to the AmberCloud in order to allow AmberCloud to perform its intended services: Serial Number, Amber Instance ID, Admin user’s AmberCloud account name, and the AmberCloud account name of any other user on the Amber Device that is cloud-connected. Whenever an Amber Device user shares an item on an Amber Device with other AmberCloud users, the share-link information for the item will be transmitted from the Amber Device to each of the intended AmberCloud users. The actual shared data remains on the Amber Device. AmberCloud only provides routing information and user identity management for an AmberCloud share-recipient user to retrieve the content of the share-link. Your Amber Device makes the final decision of whether to grant access to a share-link when an incoming share-link access request is received.
- Amber Device system information
We record the Amber OS version number running on your Amber Device for determination of compatibility amongst AmberCloud, Amber Devices and Client Applications.
As the Amber Device contains at least one storage unit (whether a hard drive or a solid-state drive), the failure of the storage unit may mean the loss of your stored data. We make an attempt to predict the imminent failure of your storage unit so we can provide you with a notification to prepare for the failure. For that, we collect the SMART logs of the storage unit in your Amber Device. Storage unit SMART log contains no user data or user-identifiable data.
Logs that you may provide on a need-to-know basis
- Amber Device operation logs
For the possible need of debugging an issue you might encounter with the operation of your Amber Device, your Amber Device logs the activities of the system and keeps them inside the Amber Device.
When you request support from us, if needed, our support team may request that you provide us with your Amber Device operation logs to help us debug your issues. You have to initiate the support request, then our support team can send a counter request to your Amber Device for the logs. The counter request will show up in the Applications’ notification window. You have to approve the log upload request for the logs to be uploaded to AmberCloud.
There is no mechanism for us to retrieve your Amber Device operation logs without your consent.
- Client Applications operation logs
Your client Application also maintains its operation logs within the client Application.
For us to receive your client Application’s logs, you have to initiate the support request, then our support team can send a request to your client Application for the logs. You must approve the log upload request for the upload to happen.
There is no mechanism for us to retrieve your client Application operation logs without your consent.
Data protection mechanism
- Storage volume protection on Amber Device
You can choose to enable volume encryption on your Amber Device to provide extra protection for your stored files. The main reason you might want to enable storage encryption is to prevent someone who has physical possession of your Amber Device (e.g., through theft) from accessing your data by taking apart the storage unit and reading the content using other IT equipment.
However, volume storage encryption on your Amber Device comes with a potential downside: we also cannot help you recover your data should you forget your encryption password. For people that do not have the means of keeping and recovering their encryption passwords by themselves, we will advise that they do not enable volume encryption. You don’t want to lose your data because you forget your encryption password long before your device ever gets stolen!
You should note that you only have one chance to choose between enabling or disabling volume encryption, and that is during initial setup of the Amber Device.
- Data transfer protection
Communication amongst AmberCloud, Amber Devices and client Applications are all encrypted to protect against eavesdropping.
Information you provide during purchase
Making a purchase of your Amber Device is not a functionality of Amber Service but it might re-assure you to know how we handle key information you provide during purchase.
- Credit Card Information
The credit card information that you may provide when you purchase your Amber Device is handled by our payment service providers such as Amazon, eBay, and Shopify. We redirect the payment process to the payment service provider and receive the payment authorized confirmation of your purchase order. All our payment service providers shall comply with The Payment Card Industry Data Security Standard (PCI DSS) requirements.
- Shipping information
Your name, shipping address and contact phone number you provide during product purchase are used only for shipping-related purposes.
We do not share your shipping information with any third party not involved in the shipping process.