Privacy Policy

1. Introduction

Welcome to Lattice Lab. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our graph-native AI interface platform ("Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address, username, and password (stored encrypted).
• Payment Information: If you subscribe to premium features, payment processing is handled by third-party payment processors. We do not store credit card information on our servers.
• Communications: If you contact us for support, we collect the information you provide in your communications.

2.2 Your API Keys (BYOK Model)

Important: Lattice Lab operates on a "Bring Your Own Keys" model:

• Your API keys for OpenAI, Anthropic, Google, DeepSeek, and other providers are stored locally in your browser or encrypted in your account settings.
• We do not have access to your API keys in plaintext.
• All API calls to AI providers are made directly from your browser/client to their servers.
• Your conversations and prompts are sent directly to the AI providers you choose, not through our servers.

2.3 Automatically Collected Information

• Usage Data: We collect information about your interactions with the Service, such as features used, graphs created, and session duration.
• Device Information: We collect device type, operating system, browser type, IP address, and unique device identifiers.
• Cookies and Tracking: We use cookies and similar tracking technologies to track activity and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Lattice Lab platform.
• Improvements: To understand usage patterns and improve features, user experience, and performance.
• Communication: To send you technical notices, updates, security alerts, and support messages.
• Analytics: To analyze usage trends and measure the effectiveness of our Service.
• Security: To detect, prevent, and address technical issues, fraud, and security vulnerabilities.
• Legal Compliance: To comply with legal obligations and respond to lawful requests from authorities.

4. Data Storage and Security

4.1 What We Store

• Graph Metadata: We store the structure of your conversation graphs (nodes, edges, positions) to enable features like saving and syncing.
• User Preferences: Settings, theme preferences, and canvas configurations.
• Analytics: Anonymized usage statistics and performance metrics.

4.2 What We Don't Store

• Conversation Content: We do not store the actual text of your prompts or AI responses. These are processed client-side.
• API Keys (Plaintext): Your API keys are encrypted or stored locally. We cannot access them.
• AI Provider Data: Communications between your browser and AI providers (OpenAI, Anthropic, etc.) are direct and not routed through our servers.

4.3 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Secure development practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

5. Third-Party Services

5.1 AI Providers

When you use Lattice Lab, you directly interact with third-party AI services:

• OpenAI: Privacy Policy
• Anthropic: Privacy Policy
• Google (Gemini): Privacy Policy
• DeepSeek: Check provider's privacy documentation

Your use of these services is governed by their respective privacy policies and terms of service. We are not responsible for their data practices.

5.2 Analytics and Tools

We may use third-party analytics services (e.g., Google Analytics, Plausible, Mixpanel) to help us understand how users engage with the Service. These services may collect information sent by your browser, including cookies and IP addresses.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. You can request deletion of your account and associated data at any time by contacting us.

• Account Data: Retained until you delete your account.
• Usage Logs: Typically retained for 90 days, unless required for security or legal purposes.
• Anonymized Analytics: May be retained indefinitely for product improvement.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request a machine-readable copy of your data.
• Objection: Object to certain processing activities.
• Opt-Out: Opt out of marketing communications at any time.

To exercise these rights, please contact us at mohammad@lattice-lab.com.

8. Children's Privacy

Our Service is not intended for users under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there.

We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy, including using Standard Contractual Clauses approved by the European Commission for transfers from the EU.

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold.
• Right to delete personal information held by us.
• Right to opt-out of the sale of personal information (Note: We do not sell personal information).
• Right to non-discrimination for exercising your CCPA rights.

To exercise these rights, contact us at mohammad@lattice-lab.com.

11. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contractual necessity, legal obligations, and legitimate interests.
• Data Controller: Lattice Lab is the data controller for personal data collected through the Service.
• Data Protection Officer: You can contact our DPO at mohammad@lattice-lab.com.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: