Lattice's Privacy Approach
Last updated:
In recent years, constantly changing privacy laws and regulations have challenged even the most heavily capitalized and legally sophisticated organizations. Meeting modern data privacy requirements around the world is no easy task. Here at Lattice, we are proactive and agile when it comes to privacy compliance, investing prudently to manage compliance risks, maintain (and in some cases establish) industry best practices in information security and data privacy, and earn our customers’ trust. We proactively monitor changes in legal requirements and the compliance needs of our customers so that we can immediately respond to changes in the law, and efficiently offer compliant solutions to our customers and their employees.
Here are some examples of our work in action:
Proactive Approach
Lattice’s proactive monitoring of likely regulatory developments in the EU led to our prediction that the EU-US Privacy Shield would be invalidated by the EU courts. In Fall, 2020, it was. Thanks to our foresight, our customers were already positioned to comply with the new ruling because we opted to rely on the Standard Contractual Clauses instead of the Privacy Shield. View Lattice’s position statement on the Schrems II ruling here.
Privacy by Design
Our legal and engineering teams collaborate to implement privacy practices during the design and development of our software. As a result, we have completely anonymized our analytics database. That means we can deliver comprehensive benchmarking results to our customers without incremental risk to the preservation of user personal data.
Vendor Management
We understand that with data privacy, you are only as strong as the weakest link. That is why we assess the data privacy posture of all of our vendors, with enhanced scrutiny applied to those that process customer data. We require each vendor that subprocesses data to enter into our standard Data Processing Addendum. You can view and subscribe to a list of subprocessors of Lattice customer data at http://www.lattice.com/subprocessors.
Trust and Accessibility
Lattice is a people company; we prioritize the human element. We understand the need to offer individuals and our customers choice and transparency around the collection and processing of their data. That is why we have a dedicated privacy team ready to respond to any data privacy questions or requests. You can contact our privacy team at: [email protected]. For additional information about our privacy practices and your rights, please visit our Privacy Policy.
Transparency and Evolution
We collaborate internally and externally, with our legal and data privacy counsel, Data Protection Officer, E.U. Representative, and our customers and end users, as part of an iterative process to develop and implement workable privacy practices and solutions. We are happy to share some of these learnings in an effort to promote continued evolution, including this list of frequently asked questions and answers.
Vendor | Services provided to Lattice | Security and privacy information | Location |
---|---|---|---|
10Pines | Software Development Services | 10Pines Privacy and Security Policy | Argentina |
Atlassian | Customer Support (Loom) | Atlassian Trust Center | United States |
Amazon Web Services | Hosting & data storage | AWS Security and Compliance | United States |
Courier | Messaging | Courier Trust Center | United States |
Cloudflare, Inc. | Content delivery network, web application firewall, and DDoS protection | Cloudflare Trust Hub | United States |
DataDog | Application monitoring and infrastructure status monitoring | DataDog Security and Compliance | United States |
DocRaptor | Data conversion | DocRaptor Security and Privacy | United States |
Fivetran | Data integration | Fivetran Trust Center | United States |
Gong | Customer support | Gong Trust Center | United States |
Google Cloud Products | Email, Docs (Google Workspace); Analytics (Looker) | Google Cloud Trust Center | United States |
MailGun | Email | MailGun Trust Center | United States |
Marketo (Adobe) | CRM | Adobe Trust Center | United States |
Orca | Cloud security vulnerability management | Orca Trust Center | United States |
Qualtrics | Customer experience management | Qualtrics Data Protection and Privacy | United States |
Salesforce Inc. - SFDC Group | CRM platform (Salesforce); Messaging integration (Slack) | Salesforce Trust | United States |
Sentry | Logging | Sentry Trust Center | United States |
Splunk | Security logging and monitoring | Splunk Compliance Center | United States |
Twilio Segment | Analytics | Segment Trust Center | United States |
Zendesk | Customer support | Zendesk Trust Center | United States |
Zoom | Customer support | Zoom Trust Center | United States |
Optional Subprocessors
Applicable only to specific features within Lattice that customers have opted-in to use.
Vendor | Services provided to Lattice | Security and privacy information | Location |
---|---|---|---|
OpenAI | AI models in support of Lattice’s AI-powered features | OpenAI Security and Privacy | United States |
OneSchema | Data import service for HRIS | OneSchema Security and Compliance | United States |