EFFECTIVE: NOVEMBER 3, 2022
Latticework, Inc., a Delaware corporation (“LatticeWork”, “we”, “us”, or “our”) provides data storage products (the “Products”) and software applications available for macOS and Windows computers and iOS and Android mobile devices (the “Applications”) and related services, including, cloud data storage and hosting services that we provide in connection with the Products (e.g., Amber or Amber X) and Applications (all of the foregoing, collectively referred to as the “Amber Platform”, or “Amber Service”).
Please read this Privacy Notice carefully to understand our general policies and practices regarding our collection and use of your information across our various services.
This Privacy Notice (“Privacy Notice”) is intended to help you better understand how we process your personal information, and governs how LatticeWork may collect, use, store and disclose personal information that we obtain through or from the following (collectively referred to as, the “Services”):
- Visit or use the LatticeWork website located at www.latticenest.com, www.latticehome.com, www.myamberlife.com, www.latticeworkinc.com, www.myamber.cloud or any other websites or domains owned or operated by LatticeWork on which an authorized link to this Privacy Notice is posted (the “Sites”);
- Purchase and use the Products and/or Services;
- Install, access and/or use the Applications;
- Access and use the Amber Platform;
- Visit or interact with our social media channels;
- Subscribe to our newsletters, marketing campaigns or participate in our surveys or giveaways;
- Contact our customer support; or
- Otherwise interact with us in your capacity as a customer or prospective customer.
We recommend that you read this Privacy Notice carefully, as it provides important information about your personal data. It also tells you about your rights under the law that may protect you.
You might also be interested to read a separate Amber Service Privacy Statement covering more details about how we protect your private user data files on our main product platform (the Amber Service).
By accessing or using the Services or submitting information through the Services, you understand that you allow us to identify you, and you acknowledge and agree that you have read, understood, and agreed to the terms of this Privacy Notice and agree to the collection, use, and disclosure of your personal information in accordance with this Privacy Notice.
IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, UNLESS OTHERWISE STATED, YOUR CHOICE IS NOT TO USE OR ACCESS THE SERVICES.
This Privacy Notice is designed so that you can easily reach the section that you are interested in. You can also print the complete text of our Privacy Notice.
Table of Contents:
- Who We Are
- What Personal Information Do We Collect and How It Is Collected
- Sensitive Data
- Children’s Privacy
- Why We Collect Your Personal Information and How We Use It
- Marketing Communications
- Managing Your Preferences
- Disclosure of Personal Information
- Third-Party Links
- Third-Party Social Plug-ins
- How Long Do We Keep Data
- Protecting Your Personal Data
- Your Responsibilities
- International Transfers
- Additional Legal Rights for Users in the European Economic Area
- How to Contact Us
- Changes to this Privacy Notice
If you have any questions, comments, or concerns regarding this Privacy Notice and/or our data practices, or would like to exercise your rights, do not hesitate to contact us. See How to Contact Us About Privacy and Additional Legal Rights For Users in the European Economic Area below.
Who We Are
When we refer to or use “LatticeWork”, “we”, “us”, or “our” throughout this Privacy Notice it means Latticework, Inc., a Delaware Corporation.
You can contact LatticeWork at: firstname.lastname@example.org
or Latticework, Inc.
2210 O’Toole Ave, Suite 250
San Jose, CA 95131
United States of America
What Personal Information Do We Collect and How It Is Collected
Personal data, or personal information, means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, or payment information, and in some jurisdictions your IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).
We will inform you when your information is required in order to process a request, respond to your queries or provide you with our Services. Note that if you do not provide this information, it may delay or prevent us from processing your request, responding to your query or providing our Services to you.
- Information That You Provide to Us
How we collect personal information directly from you depends on how and why you use the Services. For instance, the information that you provide when you visit our Sites is more limited than the information you provide if you have registered to use the Amber Platform.
Please be advised that we may ask you to update your information from time to time in order to keep it accurate.
IMPORTANT – PLEASE NOTE if you provide personal data to us about someone else, you must ensure that you have the right to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice.
If you allow another person to sign into your account, you assume to take full responsibility for the actions of that individual on your account.
Account & Log in Information
When you register an account to access and use the Amber Platform you are required to provide us with your email address as your login account name and establish a password for your future login to your account. You may also provide us with voluntary information, for example, your first and last name, and certain preferences (e.g., language preferences).
User Content and Information
When you store data on your Amber device your data stays on your device and we do not make any copy of it in the Amber Cloud. Since we also provide some free storage space for you on Amber Cloud, you have the option to upload some of your data to the Amber Cloud. As a matter of principle, we do not examine your stored data on Amber Cloud and we process your file only for the purpose of storage and executing your instructions (e.g., sharing them with someone, etc.).
For data stored on your Amber device, the data may be read and processed by some services running on the Amber device itself. For example, your photos may be processed by AI algorithms to extract features like faces, etc., and the photo indexer will be reading some useful metadata stored in the photo file itself to help create an indexed database for quick search and organization of your photos. The additional auto-generated data stay on your Amber device and no part of it will be sent to the Amber Cloud. The only time when your data is sent to the cloud or sent to someone else is only when you instruct us to do so on your behalf (e.g., when you share something with some other person).
Direct Communications with us, Feedback and Support
If you provide us feedback or contact us via e-mail or through our “contact-us” forms, or in connection with support related inquiries, we will collect your first and last name, e-mail address and any information requested in our “contact-us” forms or support forms, as well as any other content included in the feedback or your e-mail or in the contact-us” support inquiries you send to us.
Surveys, Giveaways and Marketing Campaigns
If you participate in our surveys, giveaways, or marketing campaigns, we may collect your name, mailing address, email, images and/or videos from which you may be identified, pictures and any other information requested and/or required with respect to your participation in the surveys, giveaways, and marketing campaigns.
Additional Services and Communications
We may provide certain additional services and/or communications if you select such additional services and/or communications by opting-in to such additional services and/or communications offered to you by us, including, for example, using certain buttons provided in the user interface of the Sites and/or the Applications.
- Information Collected during Normal Use
Mobile and Computer Device Information
When you use or interact with the Services, using a computer or a mobile device, or connect to or access the Amber Platform via the Apps, we, or our authorized third-party service providers, may automatically collect information about the device in which you access and use the Amber Platform. For example, we may collect the following device information: Hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, and settings of the device you use to access the Services.
Product Usage Information
When you use the Products, we may collect certain information directly from the Products themselves:
- Product Usage and Performance Information: We may collect information about your use of the Products, including activities you perform using the Application, and activities we perform in connection with the Products. We also may collect technical data from sensors built into the Products, which allow us to detect certain information such as Product performance.
- Technical Information from the Product: In order to improve your experience over time and help troubleshoot any problem you may encounter with the Products and/or Applications, we may record device model and serial number, software version, and technical information such as sensor status, Wi-Fi connectivity, error logs, power status and battery charge level, and whether product features are working properly.
- Wi-Fi Network Information: To use your Product as part of, and in connection with, the Amber Platform, or to access your Product over the Internet from a computer, a smartphone or a tablet, you may need to connect it to your Wi-Fi network. During setup, if you choose to use Wi-Fi connection method instead of Ethernet, the Product will ask for your Wi-Fi network name (SSID) and password to connect to the Internet through your Wi-Fi router. To be clear, sensitive information such as SSID and Wi-Fi password are saved on the device itself (and not ever sent to AmberCloud) They are remembered by your Amber device for the purpose of allowing it to automatically re-connect to your Wi-Fi router after every reboot. Once your Amber device has access to the internet, it will register itself to the AmberCloud, so that your Amber Service shall function as intended (e.g., providing remote accessibility and allowing sharing over the internet).
- Product and Software Health Information: We automatically collect certain information related to the health/reliability of the products we offer to you. We may automatically collect major software failure diagnostic information. We do this to continually improve the quality of our products and provide pro-active notification and follow-up services to protect your data. We design the logs we automatically collect to contain only non-personal information.
When you use or interact with the Site and/or Amber Platform, LatticeWork may collect, or infer, your actual location (derived from your IP address or other location-based technologies).
General Usage Information
We collect information about your interactions with the Sites and the Amber Platform, such as the pages or content you view, your searches, the Services that you use (which may include administrative and support communications with us), and other actions on the Sites or in connection with the use of the Amber Platform. We automatically collect log data when you access and use the Sites and/or Amber Platform, even if you have not created an account or logged in. That information includes, among other things: details about how you’ve used the Sites and/or Amber Platform (including if you clicked on links to third party applications), IP address, access dates and times, information about your approximate location as determined through data such as your IP address, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Sites. We use this information for our internal purposes only and to improve the Sites and the Amber Platform.
Cookies and Similar Technologies
We process “Aggregated Data”, such as statistical or demographic data, which may be derived from personal data. Aggregated data that cannot be linked back to individual personal data are not considered personal data. However, if we combine or connect Aggregated Data with your personal data, or there is a way to directly or indirectly identify you, we treat the combined data as personal data, which will be processed in accordance with this Privacy Notice.
- Information from Third Parties
In some instances, we process personal information from third parties, which consists of, data and information from our partners, such as transactional data from providers of our e-commerce and payment services.
For example, we do not directly collect your payment information and we do not store your payment information. We use Shopify as our e-commerce platform and Stripe, a third-party, PCI-compliant, payment processor, which collects payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via the Shopify and/or Stripe customer portal, except for the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information. Please review Shopify’s and Stripe’s Privacy Notice to learn more about how Shopify and Stripe collect, process and protect your personal information.
LatticeWork does not (and does not want to) collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic, and biometric data. We do not collect any information about criminal convictions and offenses.
LatticeWork does not target the Sites or the Amber Platform to, and they are not intended for use by, children under the age of thirteen (13) or the equivalent minimum age in the relevant jurisdiction. Furthermore, we do not knowingly collect personal information from children under the age of thirteen (13), or the equivalent minimum age in the relevant jurisdiction. As a data storage platform, we understand that families may store photos and documents on the Amber Platform that depict or include personal information of children under the age of thirteen (13) or the equivalent minimum age in the relevant jurisdiction. In this case, by providing such information, you acknowledge, understand, agree and consent to the use of such data and information in accordance with this Privacy Notice. If we learn that personal information of persons under thirteen (13) or the equivalent minimum age in the relevant jurisdiction has been collected on or through the use of Site or the Amber Platform, except in the limited circumstance set forth above, then we may deactivate the account and/or make such content inaccessible.
Why We Collect Your Personal Information and How We Use It
Our mission is to provide a safe, efficient and high-quality Service, and we, or our authorized third-party service providers who assist us in providing the Services, process your personal information for this purpose. We process your personal data for the following reasons:
- In order to perform the Services under the contract we are about to enter into or have entered into with you. For example, when you register to use our Services, that’s a contract. This may also include disclosure to the third parties who help us fulfil our obligations to you in connection with your use of the Amber Platform, such as payment processors.
- Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
- If we have obtained your prior consent (for example, when you subscribe to our newsletter or participate in our surveys or marketing campaigns). Please note that for this specific legal basis, you have the right to withdraw your consent at any time.
Specifically, and depending on how you use the Services, we use your personal data in the following instances and for the noted reasons:
- Provide you with our Services (performance of a contract);
- Conduct checks to verify identity (performance of a contract or sometimes necessary for our legitimate interests);
- Send you direct marketing communications regarding LatticeWork’s products and services that we may think are of interest to you, unless you have otherwise opted out (for our legitimate business purposes and with your prior consent where you are not an existing customer);
- Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests);
- Detect any fraudulent or illegal activity against you and/or LatticeWork (necessary for our legitimate interests);
- Perform system maintenance and upgrades, and enable new features (performance of a contract or sometimes necessary for our legitimate interests);
- Conduct statistical analyses (necessary for our legitimate interests);
- Provide information to regulatory bodies when legally required, and only as outlined below in Legal Obligations and Security (Necessary for compliance with a legal obligation).
If you are an existing customer, and have not otherwise opted out, or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information. For instance, when you request information about the Services, you will be asked if you wish to opt in to receive marketing communications from us about our products and services. This is what we call direct marketing. We carry out direct marketing by email.
Unless you are an existing customer or a prospective customer, we rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you have the right at any time to opt out of marketing emails and withdraw your consent at any time. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication. You may also manage your preferences as further explained in Managing Your Preferences.
Managing Your Preferences
As explained above, LatticeWork enables you to manage your marketing preferences by clicking on a link contained in each electronic communication sent to you. Please use your preference settings to inform us of how you would like to receive marketing communications. Updates to your privacy preference information will be submitted once you have confirmed your changes.
Outside the Site and Amber Platform, you may also manage your cookie and tracking preferences as follows:
- Turning off cookies in the preferences settings in your browser. For more information or additional guidance, please click here;
- Downloading the Google Analytics opt-out browser add-on here;
- Turning on the Do Not Track (“DNT”) setting in your browser, which will enable your browser to send a special signal to websites, analytics companies, plug in providers, and other web services you encounter while browsing to stop tracking your activity. To turn on your DNT signal, please click here.
Note that LatticeWork, like many other companies, does not currently respond to DNT signals. LatticeWork does not respond to DNT signals in order to maintain security and prevent fraud.
Disclosure of Your Personal Information
Regardless of how you use the Services, we never sell or rent your personal data, and only disclose it to authorized third parties to the extent strictly necessary, as explained in this section.
Aside from disclosing your information to those of our employees who are authorized to process the information in order to provide our Services and are committed to confidentiality, we disclose your personal information only to the third parties indicated below (and for the following reasons):
- Companies that do things to help us provide the Services: hosting service providers, user engagement and customer support providers, payment service providers, communication tools, and analytics tools;
- Professional service providers, such as auditors, lawyers, consultants, accountants and insurers;
- Governments, regulators, law enforcement and fraud prevention agencies, so we can help tackle and comply with law enforcement, but only as authorized in this Privacy Notice (see Legal Obligations and Security); and
- In the event of a business transfer.
- Third-Party Service Providers
Specifically, depending on how you use the Services, the following third parties collect data on our behalf or receive your personal data in order to assist us in providing our Services:
- Google Analytics to perform analytics on the Sites (see how to opt out here);
- Shopify, an ecommerce platform where you can purchase our Products
- Stripe, a subscription and payment service provider;
- Mailchimp, which sends emails on our behalf;
- Facebook, Twitter, LinkedIn, Adroll, and Hotjar, for usage and visitor analytics and to advertise our Products, Applications, Services and Amber Platform on other websites;
- Drift, to provide chat capabilities with visitors to the Sites;
- Zendesk, to provide customer support capabilities;
To provide the Services and other various services to you, we may use the efforts of our parent company, and any subsidiaries, joint ventures, or other companies, existing or formed in the future, under a common control (collectively, “Affiliates”). We may share some or all of your Personal Information with our Affiliates in which case we will require our Affiliates to comply with this Privacy Notice.
- Business Transfers
We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice or as updated.
- Legal Obligations and Security
Subject to the limitations in this Section, we will preserve, use, or disclose your personal data if we believe that it is necessary to comply with a law, regulation, legal process, or legitimate governmental request; to protect the safety of any person; to protect the safety or security of our Service or to prevent spam, abuse, or other malicious activity of actors on our Service; or to protect our rights or property or the rights or property of those who use our Services. Non-public information about our users will not be released to law enforcement except in response to an appropriate legal process such as a subpoena, court order, or other valid legal process that has been reviewed by LatticeWork. If, however, we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
Third Party Links
Third Party Social Plugins
How Long Do We Keep Your Personal Information?
Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements. For example,
- Personal data is stored for the duration of the commercial relationship and then retained only as required to satisfy applicable contractual, legal and financial retention obligations, after which it is deleted or archived (only if necessary to comply with legal retention obligations for the latter);
- Usage information is stored for ten years to comply with contractual and security requirements.
In some circumstances, you can ask us to delete your data. See Additional Legal Rights For Users in the European Economic Area below for further information.
Some exceptions from static retention periods may occur. For instance, we cannot delete personal data when there are legal obligations to retain it (e.g. arising from tax or commercial law). This is particularly true of financial data and payment information. Additionally, we cannot delete personal data when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the personal data will be retained if needed for exercising respective potential legal claims.
In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.
Protecting Your Personal Data
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we require VPN authentication for all employees and contractors who may access your data to provide our Services, and we limit access to those employees, agents, contractors and third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We also require those parties to whom we transfer your personal information to comply with the same.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take all reasonable steps necessary to provide the most secure Service, by using the Services, you assume the risks associated with your activities on the internet.
While LatticeWork is committed to protecting your privacy, it is your responsibility to ensure that to the best of your knowledge the information and data you provide us with is accurate, complete and up to date. It is also your responsibility that in the event you share personal information of other people with us, you collect such personal information in compliance with local legal requirements and that you have the appropriate consent to share such personal information. At a minimum, you should inform any such people about this Privacy Notice and obtain their consent prior to sharing their Personal Information with LatticeWork or through the Services.
LatticeWork is based in the United States and the personal information that we collect is sent to and stored on secure servers located in the United States. Such storage is necessary in order to process the information and provide you with the Amber Platform. LatticeWork operates globally and may transfer the personal data that we collect from you to our offices and/or to the third parties mentioned in the circumstances described above, which may be situated outside of your country or regional area, and may be processed by staff operating outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States by us or our agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.
Additional Legal Rights For Users in the European Economic Area
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:
- The right to be informed – that’s an obligation to us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Notice);
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
- The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your account settings);
- The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making.
rights are subject to certain rules around when you can exercise them. If you are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us (see How to Contact Us About Privacy).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purpose of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority. Please contact us first.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in How to Contact Us About Privacy below.
How to Contact Us About Privacy
If you have any questions about this Privacy Notice, have additional questions, or would like to exercise any of your rights, please contact us at: (i) email@example.com, if you are located in the European Economic Area, and (ii) firstname.lastname@example.org, if you are located outside the European Economic Area. You may also write us at: Latticework, Inc., 2210 O’Toole Ave., Suite 250, San Jose, California, 95131, United States of America; Attention: Privacy.
Changes to this Privacy Notice
LatticeWork may need to update this Privacy Notice from time to time. If so, we will post an updated Privacy Notice on our Service along with a change notice on the Services. If we make significant changes, we may also send registered users notice that this Privacy Notice has been changed. We encourage you to review this Privacy Notice regularly for any changes. Your continued use of the Services and/or your continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Notice.
© 2019, 2022 Latticework, Inc.