Gooey <-->

Lattice's Privacy Approach

Last updated: 

In recent years, constantly changing privacy laws and regulations have challenged even the most heavily capitalized and legally sophisticated organizations. Meeting modern data privacy requirements around the world is no easy task. Here at Lattice, we are proactive and agile when it comes to privacy compliance, investing prudently to manage compliance risks, maintain (and in some cases establish) industry best practices in information security and data privacy, and earn our customers’ trust. We proactively monitor changes in legal requirements and the compliance needs of our customers so that we can immediately respond to changes in the law, and efficiently offer compliant solutions to our customers and their employees.

Here are some examples of our work in action:

Proactive Approach

Lattice’s proactive monitoring of likely regulatory developments in the EU led to our prediction that the EU-US Privacy Shield would be invalidated by the EU courts. In Fall, 2020, it was. Thanks to our foresight, our customers were already positioned to comply with the new ruling because we opted to rely on the Standard Contractual Clauses instead of the Privacy Shield. View Lattice’s position statement on the Schrems II ruling here.

Privacy by Design

Our legal and engineering teams collaborate to implement privacy practices during the design and development of our software. As a result, we have completely anonymized our analytics database. That means we can deliver comprehensive benchmarking results to our customers without incremental risk to the preservation of user personal data.

Vendor Management

We understand that with data privacy, you are only as strong as the weakest link. That is why we assess the data privacy posture of all of our vendors, with enhanced scrutiny applied to those that process customer data. We require each vendor that subprocesses data to enter into our standard Data Processing Addendum. You can view and subscribe to a list of subprocessors of Lattice customer data at http://www.lattice.com/subprocessors.

Trust and Accessibility

Lattice is a people company; we prioritize the human element. We understand the need to offer individuals and our customers choice and transparency around the collection and processing of their data. That is why we have a dedicated privacy team ready to respond to any data privacy questions or requests. You can contact our privacy team at: [email protected]. For additional information about our privacy practices and your rights, please visit our Privacy Policy.

Transparency and Evolution

We collaborate internally and externally, with our legal and data privacy counsel, Data Protection Officer, E.U. Representative, and our customers and end users, as part of an iterative process to develop and implement workable privacy practices and solutions. We are happy to share some of these learnings in an effort to promote continued evolution, including this list of frequently asked questions and answers.

Subscribe to our subprocessor list updates on SafeBase:

Safebase Security Portal

Vendor

Services provided to Lattice

Security and privacy information

Location

10Pines

Software Development Services
10Pines Privacy and Security Policy
Argentina

Atlassian

Customer Support (Loom)
Atlassian Trust Center
United States

Amazon Web Services

Hosting & data storage
AWS Security and Compliance
United States

Courier

Messaging
Courier Trust Center
United States

Cloudflare, Inc.

Content delivery network, web application firewall, and DDoS protection
Cloudflare Trust Hub
United States

DataDog

Application monitoring and infrastructure status monitoring
DataDog Security and Compliance
United States

DocRaptor

Data conversion
DocRaptor Security and Privacy
United States

Fivetran

Data integration
Fivetran Trust Center
United States

Gong

Customer support
Gong Trust Center
United States

Google Cloud Products

Email, Docs (Google Workspace);
Analytics (Looker)
Google Cloud Trust Center
United States

MailGun

Email
MailGun Trust Center
United States

Marketo (Adobe)

CRM
Adobe Trust Center
United States

Orca

Cloud security vulnerability management
Orca Trust Center
United States

Qualtrics

Customer experience management
Qualtrics Data Protection and Privacy
United States

Salesforce Inc. - SFDC Group

CRM platform (Salesforce);
Messaging integration (Slack)
Salesforce Trust
United States

Sentry

Logging
Sentry Trust Center
United States

Splunk

Security logging and monitoring
Splunk Compliance Center
United States

Twilio Segment

Analytics
Segment Trust Center
United States

Zendesk

Customer support
Zendesk Trust Center
United States

Zoom

Customer support
Zoom Trust Center
United States

Optional Subprocessors

Applicable only to specific features within Lattice that customers have opted-in to use.

Vendor

Services provided to Lattice

Security and privacy information

Location

OpenAI

AI models in support of Lattice’s AI-powered features
OpenAI Security and Privacy
United States

OneSchema

Data import service for HRIS
OneSchema Security and Compliance
United States