Your home embodies who and what you consider significant. Your home is a powerful part of you, and because of this, we’re committed to keeping it private and safe. We created this policy to explain how we collect, store, use, transfer, and disclose the information of anyone who lives in, manages, or visits a Latch-enabled building. It was last updated on March 24, 2023.
With Latch, you can unlock your door with an app, Keycard, or Doorcode; share access with friends, family, and trusted services; see access history; chat with our customer support via the chat feature, if available, in the Latch App; and manage everything from a web browser. To use Latch, your property manager or their agent may provide us with your name, email address, phone number, and length of stay, for short term rentals for example, in order to create your Latch account or to allow us to provision access to doors you have access to. If your property manager has enabled an integration between their property management software and Latch, then we may receive this information directly from the property management software. If you create your Latch account yourself, you can submit this information directly to Latch and we will share relevant information with your property manager to allow them to finalize your account set up using Latch Manager.
When you use an access product such as a Latch M, R, C, Intercom, or Latch App, we may collect information about how you use the product. For example, with the Latch App, we may collect information that tells us if something isn’t working properly or how often a particular feature is used. If you do not wish to use the Latch App, you can still use a Keycard. To help keep private and common spaces secure, Latch devices store an access history of who entered your space and when. In some cases, our access products take a photo or a video so you can make sure only the right person got in and to monitor entrances and exits for security purposes. We have very strict privacy rules depending on if a space is private or common, which govern how we use and share this usage and access history information, which are outlined in the sections “Access history, photos, and videos” and “When personal information is shared or disclosed.”
Latch offers integrations with select and trusted smart home device partners that give residents and property managers the option to control and manage those smart home devices from Latch Manager or the Latch App. While a resident lives in an apartment with third-party smart home products, their smart home device information, such as the temperature of their home or whether their lights are on or off is never shared with property management. We will only share information in the case of an emergency, for security purposes, or to report device errors or malfunctions. For example, we may inform your property manager if there is a leak detected in your apartment or if a device goes offline to help property management mitigate the issues as early as possible. See ‘Third-party smart home device troubleshooting’ for more information.’
Latch integrates with select and trusted third party thermostats. If you have thermostats in your building; when you control a thermostat from the Latch App, we receive the desired temperature and thermostat mode that you would set and send those settings to our partners to operate a thermostat, but we never store or aggregate that data over time. Instead, we delete that information each time you change your desired temperature and setting. Depending on the model of thermostat that has been installed, the manufacturer may separately collect information from the thermostat. Please see Our Service Providers and Partners for the privacy policies of our thermostat partners.
Like thermostats, we only store the current desired setting for your lights. As soon as you turn your lights on or off, we delete the previously desired setting. Our lighting partners do not separately collect information from lights and we do not share any lighting usage information with them.
Latch’s water sensors detect when there is a leak in a building to help residents and property managers take action as early as possible to avoid costly damage. The Latch Water Sensor sends a connection status to Latch to ensure it is working properly and also notifies residents and property managers when there is a leak. See ‘Third-party smart home device troubleshooting’ for more information on leak detection events.
The Latch Camera captures images and video and is intended to be installed next to the Latch Intercom to enable video calls when a visitor calls a resident from the Latch Intercom or in common areas to help maintain the safety and security of the building. Your building may choose to expand the use of the Latch Camera and connect it to a third-party network video recorder (NVR) or video management system (VMS) to enable collection of images and video beyond what is collected by or shared with us. Such images and video are governed by the privacy policies of the third-party product and of your property manager.
Your personal device has a lot of sensitive information on it, which is why we only collect information that is necessary to provide our services to you, improve them, diagnose issues, and ensure that only an authorized user is accessing your space. When you use Latch from your phone, computer, or other personal device, we automatically collect device-specific information such as unique device identifiers, network information, IP address, hardware model, the ways in which your personal device interacts with Latch, and device status. We do not rely on your GPS location to provide our services, except when you use the Virtual Intercom. If you use Latch Virtual Intercom, for security purposes, we will request you to allow us to access your location to verify that you are physically near the building before you can contact building residents using the Virtual Intercom. Also, because Latch relies on Bluetooth functionality, some smartphone operating systems, such as Android, require you to enable location services in order to use the Bluetooth functionality of the Latch App. However, even in such instances, Latch does not purposefully collect your GPS location (other than for the use of Virtual Intercom, as described above). If we become aware of instances where we have inadvertently collected your GPS location from our service partners, we take steps to prevent it from occurring in the future and to remove it from our datasets. We do not track your location. See “Location information” for our strict policies around the use of location information.
When you give us access to your personal device’s contacts, we only collect the contact information for the person you want to let into your space in order to provide them with a Doorcode or instructions to install the Latch App.
Residents and property managers can give and remove access for residents, friends, family, or trusted service providers using the Latch App or Latch Manager, as applicable.
When you open a message from us, such as an email, SMS, push notification, or chat in the Latch App, we may collect information such as whether you opened or saw the message in order to improve our messaging to you.
As a property owner or manager, when you purchase Latch’s products or services, Latch may process your financial information. When you use Latch’s Payment Services to collect and manage various payments from your residents, Latch’s payment processing services partners (Dwolla and Plaid for ACH payments and Stripe for payment card payments) will process your personal and financial information. Your financial information may include your personal or business credit card number, bank account number, billing address, and shipping address. Your use of Latch’s payment processing services partners will be governed by their respective terms of service and privacy policies.
As a prospective or current resident in a Latch building, you may have an option to pay your rent, security deposit, and other associated fees from your bank account through Latch, in which case your personal and financial information will be processed by our ACH payment processing services partners, Dwolla and Plaid, and will be governed by their respective terms of service and privacy policies.
When you use any of Latch’s Payment Services, your bank account and payment card information will always be collected and used by Latch’s payments processing services partners, and never by Latch.
In limited circumstances, we may request your financial information from our payment processing services partners to carry out transactions that you have initiated, protect against fraudulent activities, and comply with applicable laws. See “Our service providers” on how we strictly limit what our service providers can do with your information.
Latch has a few marketing channels that help us to raise awareness about our products and services, and other services that maybe useful for you. In these channels, such as latch.com, we allow you to submit your personal information if you’d like to find out more about our products or want to subscribe to our marketing communications. This personal information may include name, title, company name, phone number, email, and postal address. See “Education, announcements, and offers” to learn more about how we specifically use your information for marketing. If you do not wish to receive these communications, you may opt not to submit your information or opt out of the communications from within the email, text message, or Latch’s products.
In jurisdictions that allow it, we may purchase contact information from third party datasets of people who are involved in the development, design, management, or installation of a building, such as building developers and property managers. We never knowingly purchase the personal information of residents for the purposes of marketing to them. We will also never purchase your contact information for marketing purposes if doing so infringes on local laws. You may opt out of any marketing communications through the means by which we sent it—for example, through an unsubscribe link if we contacted you by email.
While unauthorized access to user accounts is very unlikely, we have a robust set of protocols to rapidly contain and remedy the incident including: investigating the alleged incident, determining the course of action based on severity, conducting thorough incident documentation, managing the incident, and notifying impacted users.
One of the reasons we use your personal information is to enable you to use Latch—for example, to unlock your Latch device; share access with friends, family, and trusted services; control smart home devices, and provide an access history of who accessed your space.
We try to make Latch better every day. We analyze how you use Latch products and services to fix bugs, improve reliability and speed, and design new features. Occasionally, we may also ask you to participate in an online survey, through which we may collect your name, mailing address, phone number, email address, and contact preferences. We will keep your answers to a survey confidential; in other respects we will treat your survey answers as described in the “Feedback” section.
When you contact us with a query or an issue through any of our support channels, including phone, email, or chat in the Latch App, we may use information from your device, user account, activity logs, prior communications with us, and access history to help diagnose the problem and provide effective assistance. For example, we may use your address to identify where a device is not working or your Latch device information in order to investigate any issues with that device.
We may send you communications about our products from time to time, such as announcing new features, letting you know about industry news, or sending you offers for trusted services that you may find useful, such as discounts on pet care or housekeeping. If you do not wish to receive these notifications, you may opt out of them from within the email, text message, or Latch’s products and services.
We never share your personal information to third parties for the purposes of marketing or advertising to you.
We use your IP address when you use our products or visit our website to identify the region where you are using Latch in order to provide a more personalized experience, such as offering additional language and currency options. We do not track your location over time or when you are not using the Latch App, and we do not share your location with third parties. We also never use GPS location data of our users, unless you are using Latch Virtual Intercom, as described below. To better understand how your personal device manufacturer uses your location information, we recommend familiarizing yourself with their privacy policies and terms of service.
Additionally, if you use Latch Virtual Intercom, we will request you to allow us to collect your location to verify that you are physically near the building before you can contact building residents using the Virtual Intercom. We do this to minimize potential misuse of this service and to help ensure that the Virtual Intercom is used as intended – by individuals who are legitimately contacting building residents requesting to gain entry into the building for valid reasons. To use the Virtual Intercom, you do have to allow us to verify your location. If you do not allow us to verify your location, you will not be able to use the Virtual Intercom to contact building residents, but this will not affect your use of our other products and services. When you allow us to verify your location, we will do so by collecting your GPS location data only while the site is in active use. We will not then continue collecting this information or tracking your movements over time. We will not use this information for any other purposes and will not sell it to any third party. We will use your GPS information for as long as the Virtual Intercom site is in active use and will not access or use your GPS information again until and unless you use the Virtual Intercom site again. For security reasons, when our web page tries to access location information, you are notified and asked to grant permissions. Note that each browser has its own policies and methods for requesting this permission. We will delete your GPS information from our systems 30 days after we collect it.
In common areas, such as building entrances and amenity spaces, resident access histories and any corresponding photos collected from a Latch access device are viewable only by the resident that created the access event and by property managers. Similarly, the access histories of building staff members at common areas are viewable only by the staff member and property managers. Photo or video information collected by a Latch Camera is viewable only by property managers. These access events are created to promote the safe and appropriate use of common spaces and to protect residents in the building.
When guests and trusted service providers are provided access by a property manager or a resident, the access history of guests throughout a property are viewable by both the resident who invited them and property management to maintain the safety of the building.
While we strive to capture all access events, in limited instances, we may experience unintentional loss of access event data that is associated with the operation of our products. Such expected access event data loss may limit your ability to view certain access events.
Latch’s Terms of Service bans the use of Latch‘s products and services, including the use of access histories, for activities that Latch at its sole discretion deems threatening, harassing, abusive, or fraudulent. The Terms of Service also prohibit the selling of user data. We reserve the right to terminate the account of any property manager, resident, or guest who is found to be abusing or violating our Terms of Service.
We may use anonymized and aggregated information to better understand industry trends and better market our products and services.
As explained in more detail below, we need to share some of your information with third parties in order to operate our products and services as intended. By using our products and services, you are directing us to intentionally disclose your information to third parties as described in more detail below, to the extent applicable.
When you choose to share access to a private or common space, we may disclose your name, address, and contact information to the other Latch users, such as friends, family, or trusted services you invite so that they know who has given them access and where your space is. We may disclose your name and contact information to property management so that they may fulfill your requests, ensure you have access to the right spaces in a property, and maintain the safety and security of everyone in a property.
If your building has an Intercom at the front door and you live in an apartment, your name will display on the Intercom’s directory to enable visitors such as delivery personnel to call you in order to gain access to the building. If you have an alias or simply would prefer to have your name be private, you can change your Intercom display name to anything you like from the Settings menu in the Latch App. If you’re a building visitor, video footage of you may be shared with the resident or the property’s security team in order to help them identify you when you call them using the Latch Intercom.
We use service providers to provide and improve our products and services, such as for customer support, financial transactions, product delivery and fulfillment, common area security and notifications (such as package delivery), data storage, and conducting customer research or satisfaction surveys. Depending on the type of service they provide, our service providers may have access to: your contact information, product usage information, access and audit history, and when applicable financial information; only for the purpose of performing these tasks on our behalf. Our service providers may not disclose your data received through your use of Latch to other third parties or use it for other purposes, such as their own marketing programs. Latch uses a managed process to ensure that our service providers are assessed for security and privacy risks prior to engagement, and service providers are required to submit evidence of a mature, functioning security program. Service providers without a SOC2 Type 2 attestation or similar evidence of independent audit must submit a SIG or SIGlite form and be cleared by our Security Team.
A list of our service providers that we may share user data with to operate our products and services is located here: Our Service Providers and Partners
When an apartment is occupied, sensitive smart home device information such as temperature, thermostat mode, and light bulb status is private to the residents of that apartment. To help with troubleshooting, property management can view whether the smart device is connected and working; and are notified if there is a leak to help mitigate water damage as early as possible. No other data is provided.
Depending on the thermostat that has been installed, the original manufacturer may separately collect and share the device’s information in accordance with the separate terms and conditions that you as a user are presented with as part of their terms of service. Please see ‘when you use a third-party smart home device’ for more information.
We may access, preserve, and disclose any information we store associated with you to external parties in order to comply in good faith with law enforcement or national security legal orders, such as a court order, warrant, or subpoena; to protect our users and Latch; and to enforce our policies or contracts.
For New York City resident data generated on or after July 31, 2021, we comply with the New York City Tenant Data Privacy Act (TDPA). Specifically, we delete or anonymize authentication data, such as access histories and authentication credentials collected when you unlock a Latch device, after 90 days of collection. We also delete or anonymize reference data, such as the credentials that are compared to authentication credentials to unlock a Latch device, within 90 days of access expiration. These data retention periods are subject to the exceptions as specifically permitted by the TDPA, including to investigate security incidents, protect against malicious, deceptive, or fraudulent, or illegal activity, or to debug or improve our produced and services.
We do not knowingly collect personal information from children and Latch products and services are not intended for anyone under the age of 13. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information.
Depending on the laws in your jurisdiction, you may have specific privacy rights under applicable data protection or privacy law with respect to your personal information. These may include the rights to request access to or deletion of your personal information. These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal information that we are required or permitted by law to keep for a specific period of time. To exercise any of these rights, please email email@example.com with your name and Latch account email or call our toll-free number 1-877-890-2221 (operates on East Coast business hours). You may also designate an authorized agent to make requests on your behalf. To do so, we will request a signed letter from you verifying who your designated authorized agent is as well as government ID proving the identity of your authorized agent. We will evaluate your request and fulfill our legal obligations, as appropriate.
To protect the security and integrity of your personal information, where we are required to delete your personal information or provide you with access to it, we’ll need to verify your identity by asking you to provide a few pieces of information such as your Latch account contact information, government ID, a verification code, or further identifying information. If we are unable to verify your identity, we will not be able to complete your request.
If we cannot directly fulfill your request under the laws of your jurisdiction (see California Privacy Rights section and Virginia, Colorado, Connecticut, and Utah Privacy Rights section below), we will direct you to contact your property manager.
Under no circumstances will we be able to delete an active account or any information associated with that account, as this information is necessary for our customers to provide their building residents and other users with access and other services, including building security.
You may keep your information accurate, complete, and current through our products in most cases, or by contacting firstname.lastname@example.org.
If you live in Canada, you are entitled to access any personal information that we have collected, used, or disclosed about you. If you'd like to make a request, please send a request to email@example.com. In order to fulfill your request, we will follow the verification procedure outlined in the “Deleting or viewing your information” section above. We will respond to your request within thirty (30) days. If we need additional time, we will notify you and explain the reasons for the additional time.
Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) and applicable regulations (collectively referred to as “CCPA”), California residents have several privacy rights. We will directly fulfill those rights where Latch is acting as a “business” (as opposed to a “service provider” as those terms are defined in the CCPA). Note that we primarily act as a “service provider” to our customers (building owners and property managers), which means that we will not be obligated to fulfill these requests and will need to direct you to raise your request directly with the relevant customer.
California resident’s rights with respect to “businesses” (as that term is defined under the CCPA), include:
You may exercise your rights by submitting a request to firstname.lastname@example.org or calling our toll-free number 1-877-890-2221 (operates on East Coast business hours). If we cannot directly fulfill your request because we act in our capacity as a CCPA “service provider” to our customer, we will let you know and suggest that you contact our customer directly. Our customer may then ask us to assist them with fulfilling your request, after which we will engage with you directly to complete your request.
Where we act as a CCPA “business,” or where our customer asks that we complete your request on their behalf, we will only fulfill your request if we can verify your identity. We will follow the verification procedure outlined in the “Deleting or viewing your information” section above.
Where we are required to fulfill your request, we will fulfill your request within forty-five (45) days of its receipt and will notify you within those forty-five (45) days if we require more time to respond and the reasons for the additional time. We will deliver our response to your Latch account email. Any information we provide in response to a verified request to know will include information we have collected about you on or after January 1, 2022, including beyond the 12-month period preceding our receipt of the request, unless doing so proves impossible or would involve disproportionate effort, or you request data for a specific time period. If we cannot comply with a request or a portion of the request, we will include the reasons in our response. If we deny your request on the basis that it is impossible or would involve a disproportionate effort, we will explain our reasons, such as the data is not in a searchable or readily accessible format, is maintained for only legal or compliance purposes, or is not sold or used for any commercial purpose and our inability to disclose it, delete or correct it would not impact you in any material manner.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Additionally, California’s “Shine the Light” law (Civil Code Sections 1798.83-1798.84) permits California residents to request certain information regarding our disclosure of personal information to affiliates and other third parties for direct marketing purposes. To make such a request, please contact email@example.com. We may require additional information from you in order to verify your identity and fulfill your request.
Residents of Virginia, Colorado, Connecticut, and Utah have certain privacy rights under the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CDPA), and Utah Consumer Privacy Act (UCPA). This section is effective for residents of Virginia as of January 1, 2023, residents of Colorado and Connecticut as of July 1, 2023, and residents of Utah as of December 31, 2023.
The VCDPA, CPA, CDPA, or UCPA do not directly apply to Latch, as the nature of Latch’s data processing and business practices does not fit within the applicability scope of these laws. Although Latch is not a “data controller,” as this term is defined under these laws, Latch may be a “data processor” under one or more of these laws, depending on the applicability of these laws to a specific Latch customer. If you are a resident of any of these states and you have a question about your privacy rights with respect to the data that Latch processes about you, please send a request to firstname.lastname@example.org or call our toll-free number 1-877-890-2221 (operates on East Coast business hours). We will evaluate your request and fulfill our legal obligations, as appropriate.
Every day, we work to improve the Latch experience. We appreciate your feedback and other suggestions, comments, or ideas (“Feedback”) about the Latch System, Latch Devices, or Services. You should know that we may use your Feedback without any restriction or obligation to compensate you, and we are under no obligation to keep Feedback confidential. You can submit feedback by emailing email@example.com.