Home/Legal

Legal

Privacy Policy

Last updated: April 25, 2026

Lattice Graph, Inc. ("Company," "we," "us," or "our") operates https://latticegraph.comand related services (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

a. Information You Provide Directly

  • Account registration data: Name, email address, and organization information provided during sign-up through our authentication provider (Clerk);
  • Organization information: Organization name, membership, and role data;
  • Payment information: Billing details provided during subscription checkout, processed by Stripe -- we do not store your full credit card number on our servers;
  • Communications: Information you provide when contacting support, submitting feedback, or corresponding with us;
  • Search queries and workflow inputs: Materials, formulas, parameters, and configurations you enter when using the Service;
  • API usage: Queries, payloads, and request metadata sent through our API and SDK integrations.

b. Information Collected Automatically

  • Device and browser information: IP address, browser type and version, operating system, device identifiers, and hardware model;
  • Usage data: Pages visited, features used, time spent on pages, click patterns, search queries, and workflow interactions;
  • Referring and exit URLs: The page that directed you to our Service and the page you visit when you leave;
  • Log data: Server logs, error logs, access timestamps, and request metadata;
  • Cookies and similar technologies: See Section 3 below.

c. Information from Third Parties

  • Authentication providers: We receive profile information (name, email, profile image) from Clerk when you sign in or create an account;
  • Payment processors: We receive transaction status, subscription details, and billing events from Stripe;
  • Error tracking services: We receive anonymized error reports and performance data from Sentry;
  • Analytics: Aggregated usage and performance metrics from Vercel Analytics.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Process transactions and send related billing and subscription information;
  • Authenticate users and prevent abuse;
  • Send administrative communications, including service updates, security alerts, and account notifications;
  • Respond to your inquiries and provide customer support;
  • Monitor and analyze usage trends, preferences, and platform performance;
  • Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity;
  • Comply with legal obligations and enforce our Terms of Service;
  • Improve and personalize the Service, including search results and recommendations;
  • Develop new products, services, features, and functionality;
  • Send invitation emails on behalf of organization administrators (via Resend);
  • For any other purpose disclosed at the time of collection or with your consent.

We do not train foundation models on Customer Data without your written consent, and we do not sell personal information.

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. For full details, see our Cookie Policy.

  • Strictly Necessary Cookies: Session management, authentication state (via Clerk), and essential security features. These cookies are required for the Service to function and cannot be disabled;
  • Functional Cookies: Preferences such as active organization selection (stored in localStorage) and interface settings;
  • Analytics Cookies: Usage pattern analysis and performance monitoring through Sentry for error tracking and Vercel Analytics for product insights.

We do not use marketing or cross-site advertising cookies.

You can configure your browser settings to refuse cookies, but some features of the Service may not function properly without them.

4. Third-Party Services

We use the following categories of third-party services in connection with the Service:

  • Authentication: Clerk -- user identity, session management, and single sign-on;
  • Payment Processing: Stripe -- subscription billing, checkout, and payment handling;
  • Email Delivery: Resend -- transactional and invitation email delivery;
  • Error Tracking: Sentry -- application error monitoring and performance diagnostics;
  • Infrastructure: DigitalOcean -- cloud hosting, managed databases, and object storage (Spaces);
  • Frontend Hosting: Vercel -- web frontend hosting and analytics;
  • AI/ML Services: OpenAI -- embedding generation and computational features.

These third-party services have their own privacy policies governing their use of your information. We are not responsible for the privacy practices of third-party services. A current list of sub-processors is available on request at privacy@latticegraph.com.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors and service providers who perform services on our behalf, subject to confidentiality obligations;
  • Legal Compliance: When required by law, regulation, subpoena, court order, or other legal process, or in response to a lawful request by governmental authorities;
  • Protection of Rights: To enforce our Terms of Service, protect our rights, privacy, safety, or property, and that of our users or the public, as permitted by law;
  • Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, financing, or bankruptcy proceeding, your information may be transferred as a business asset;
  • With Consent: When you have given explicit consent to share your information;
  • Aggregated or Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you, without restriction.

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

  • Customer Data: Retained for the duration of your subscription and for 30 days after termination to allow for export, after which it is deleted or anonymized;
  • Log data: Retained for 90 days;
  • Billing records: Retained as required by tax and accounting regulations;
  • Aggregated data: May be retained indefinitely, as such data cannot be used to identify you.

After account deletion, we may retain certain information as required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes such as fraud prevention and security.

7. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect your personal information, including:

  • Encryption in transit (TLS/HTTPS) for all communications;
  • Encryption at rest for managed PostgreSQL databases;
  • Secure authentication through Clerk with multi-factor support;
  • API key rotation and secure credential management;
  • Access controls and role-based permissions on our infrastructure;
  • Regular security assessments and vulnerability monitoring.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. We are not responsible for unauthorized access to your information that occurs despite our reasonable security measures. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

For more information, see our Security page.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@latticegraph.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

We rely on Standard Contractual Clauses (SCCs) for lawful transfer from the EEA/UK where applicable. We will take reasonable steps to ensure your information is treated securely and in accordance with this Privacy Policy.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you;
  • Correction: Request correction of inaccurate or incomplete information;
  • Deletion: Request deletion of your personal information, subject to legal retention obligations;
  • Portability: Request a copy of your information in a structured, machine-readable format;
  • Objection: Object to certain processing activities based on legitimate interests;
  • Restriction: Request restriction of processing in certain circumstances;
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent (does not affect prior lawful processing).

To exercise any of these rights, contact us at privacy@latticegraph.com. We may need to verify your identity before processing your request. We reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests, or to decline such requests as permitted by law.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell;
  • The right to request deletion of your personal information;
  • The right to opt out of the sale or sharing of your personal information;
  • The right to correct inaccurate personal information;
  • The right to limit use and disclosure of sensitive personal information;
  • The right to non-discrimination for exercising your privacy rights.

We do not sell personal information as defined by the CCPA. To exercise your California privacy rights, contact us at privacy@latticegraph.com.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR), including the rights described in Section 10 above, as well as the right to lodge a complaint with your local supervisory authority.

Our legal bases for processing your information include:

  • Contract performance: Processing necessary to provide the Service you requested;
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and security;
  • Consent: Processing based on your consent, which you may withdraw at any time;
  • Legal obligation: Processing necessary to comply with applicable laws.

To exercise your GDPR rights, contact us at privacy@latticegraph.com.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay and, where required by applicable law (including GDPR Article 34), within 72 hours of becoming aware of the breach. We will also notify applicable regulatory authorities as required.

14. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Material changes will be announced via email or in-product notice at least 14 days before they take effect. Changes are effective when posted on this page with an updated "Last Updated" date.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact

If you have any questions about this Privacy Policy, please contact us:

Lattice Graph, Inc. · Wilmington, Delaware · Effective April 25, 2026