Skip to content
Lattice.
Features
Pricing

Privacy Policy

Last updated: 16 February 2026

1. Introduction

Lattice (Pty) Ltd (“Lattice”, “we”, “us”, or “our”), a company registered in the Republic of South Africa, is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”) and other applicable data protection legislation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at lattice.cloud and our mobile applications (collectively, the “Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service immediately.

2. Responsible Party and Information Officer

For the purposes of POPIA, Lattice (Pty) Ltd is the responsible party for the processing of your personal information. Our designated Information Officer can be contacted at:

  • Email: legal@lattice.cloud
  • Company: Lattice (Pty) Ltd, Republic of South Africa

Where you use the Service to process the personal information of your own customers, employees, or other data subjects, you act as the responsible party and Lattice acts as an operator (as defined in POPIA) on your behalf.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Organisation or workspace name
  • Password (stored exclusively as a cryptographic hash — we never store or have access to plaintext passwords)
  • Profile photograph (optional)
  • Billing information (processed by our payment provider — we do not store full payment card numbers)

3.2 Field Data

Lattice is designed for field and business operations. Depending on how your organisation configures the platform, the following data may be captured by users through the mobile and web applications:

  • GPS coordinates and location data (for location verification, geofencing, and check-in/check-out)
  • Photographs and images (for proof of work, inspections, audits, and documentation)
  • QR code and barcode scan data
  • Form submissions, checklist responses, and structured data entries
  • Timestamps, device identifiers, and metadata associated with field activities

3.3 Usage Data

We automatically collect certain technical information when you use the Service:

  • Device type, operating system, and browser information
  • IP address and approximate geographic location derived from IP
  • Pages visited, features used, and actions taken within the platform
  • Crash reports, error logs, and performance diagnostics

4. Lawful Basis for Processing

We process your personal information on the following lawful grounds under POPIA:

  • Consent — You have provided consent for specific processing activities (POPIA Section 11(1)(a))
  • Contractual necessity — Processing is necessary to perform our obligations under the Terms of Service (POPIA Section 11(1)(b))
  • Legitimate interest — Processing is necessary for our legitimate interests, provided those interests do not override your rights (POPIA Section 11(1)(f))
  • Legal obligation — Processing is necessary to comply with a legal obligation (POPIA Section 11(1)(c))

5. How We Use Your Information

We use collected information to:

  • Provide, operate, maintain, and improve the Service
  • Process your transactions and manage your account and subscription
  • Send transactional communications (account verification, password resets, billing receipts, service notifications)
  • Power AI features including natural language workflow building, content generation, and automation suggestions
  • Analyse usage patterns to improve performance, reliability, and user experience
  • Respond to support requests and communicate with you about the Service
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with applicable legal obligations and enforce our Terms of Service

6. AI-Powered Features

Lattice uses third-party AI models to power features such as natural language workflow creation, content generation, and automation suggestions. When you use AI features:

  • Your prompts and relevant workspace context are sent to our AI provider's API for processing
  • Your data is not used to train any third-party AI models
  • AI-generated content is provided as suggestions and should be reviewed before reliance
  • You may use the Service without relying on AI features
  • We may change AI providers at any time to improve the Service; the current provider processes data in accordance with their own privacy and security policies

7. Data Storage and Security

Your data is stored using Supabase, a managed database platform built on PostgreSQL, hosted on infrastructure with SOC 2 compliance. Key security measures include:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Row-level security policies ensuring users can only access data within their authorised workspace
  • Regular automated backups with point-in-time recovery capability
  • Authentication using secure tokens with expiry and refresh mechanisms
  • Access controls based on workspace roles and permissions

While we implement industry-standard security measures, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, and you acknowledge this inherent risk.

8. Third-Party Services

We use the following categories of third-party services that may process your data:

  • Database and authentication — Supabase (database hosting, authentication, and file storage)
  • AI processing — Third-party AI model providers (workflow generation and content features)
  • Email delivery — SendGrid (transactional email delivery)
  • Application hosting — Firebase App Hosting on Google Cloud (web and API hosting)

Each third-party provider operates under their own privacy policy and data processing terms. We select providers that maintain appropriate security, privacy, and compliance standards. A full list of sub-processors is available to Enterprise customers upon request.

9. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

  • With third-party service providers as described in Section 8, solely for the purpose of operating the Service
  • When required by law, regulation, subpoena, court order, or other legal process
  • To protect the rights, property, or safety of Lattice, our users, or the public
  • In connection with a merger, acquisition, reorganisation, or sale of assets, provided we give you prior notice and the acquiring entity assumes the obligations of this Privacy Policy
  • With your explicit consent for any other purpose

10. Your Rights Under POPIA

In accordance with POPIA Sections 23 to 25 and related provisions, you have the right to:

  • Access — Request confirmation of whether we hold personal information about you, and request a copy of such information (Section 23)
  • Correction — Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully (Section 24)
  • Deletion — Request destruction or deletion of personal information that we are no longer authorised to retain (Section 24)
  • Objection — Object to the processing of your personal information on reasonable grounds (Section 11(3)(a))
  • Objection to direct marketing — Object to the processing of your personal information for direct marketing purposes (Section 11(3)(b))
  • Data portability — Export your data in a structured, commonly used, machine-readable format
  • Withdraw consent — Withdraw previously given consent for processing, without affecting the lawfulness of processing based on consent before its withdrawal
  • Lodge a complaint — Submit a complaint to the Information Regulator of South Africa if you believe your rights under POPIA have been infringed

To exercise any of these rights, contact our Information Officer at legal@lattice.cloud. We will acknowledge your request within 5 business days and respond substantively within 30 days, as required by POPIA.

11. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:

  • Active account data is retained for the duration of your account and subscription
  • Upon account deletion, your personal data is deleted within 30 days
  • Workspace data is deleted within 30 days of account closure (or retained if other workspace members remain active)
  • Backup systems are purged of your data within 90 days of deletion
  • Anonymised, aggregated analytics data that cannot be used to identify you may be retained indefinitely
  • Billing records and tax-related information may be retained for up to 5 years as required by law

12. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — Required for authentication, session management, and core platform functionality. These cannot be disabled without impairing the Service.
  • Analytics cookies — Used to understand how the Service is accessed and used, enabling us to improve performance and user experience

We do not use advertising cookies or third-party tracking cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies may prevent you from using the Service.

13. International Data Transfers

Lattice is based in South Africa. Your data may be transferred to and processed in countries outside of South Africa where our infrastructure providers and sub-processors operate. In accordance with POPIA Section 72, we ensure that any cross-border transfer of personal information is subject to appropriate safeguards, including:

  • The recipient country has adequate data protection legislation
  • The recipient is bound by a binding agreement or corporate rules that provide adequate protection
  • You have provided explicit consent to the transfer after being informed of the risks
  • The transfer is necessary for the performance of the contract between you and Lattice

14. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. In accordance with POPIA Section 35, if we become aware that we have collected personal information from a child without appropriate consent, we will take immediate steps to delete such information. If you believe a child has provided us with personal data, please contact us at legal@lattice.cloud.

15. Security Incidents

In the event of a security breach that compromises your personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible, in accordance with POPIA Section 22
  • Notify affected data subjects as soon as reasonably possible after discovery of the breach
  • Provide details of the nature of the breach, the information involved, and the measures taken to address it
  • Take all reasonable steps to mitigate the effects of the breach

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address associated with your account, or through a prominent notice within the Service, at least 30 days before changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you do not agree to the changes, you must discontinue use of the Service.

17. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights under POPIA, contact us at:

  • Information Officer: legal@lattice.cloud
  • General support: support@lattice.cloud
  • Company: Lattice (Pty) Ltd, Republic of South Africa

You also have the right to lodge a complaint with the Information Regulator of South Africa:

  • Website: inforegulator.org.za
  • Email: complaints.IR@justice.gov.za
Lattice.
HomePricingPrivacyTerms

© 2026 Lattice