Is Lattice safe with your data?

Lattice

Degree, Inc. (Lattice)

61/100

Partial disclosure · high confidence

Lattice earns a C (61/100) because it discloses its data practices only in part.

#91

of 177 apps ranked

score · HR & recruiting avg 65

-4

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Lattice publishes a controller-side privacy policy with a data-subject rights menu, a named Data Protection Officer, an EU representative, Standard Contractual Clauses for international transfers, and a statement that it does not sell personal information. It loses the entire training-data domain because whether content entered into the Services feeds any AI model is covered in a separate AI Use Terms document that is outside this snapshot, and it gives only an as-long-as-necessary retention period with no day-count or deletion timeline. The rights and sharing disclosure together with the missing training answer and the open-ended retention put it in the C band.

What Lattice's privacy policy says about your data

No automated decisions

Section 12 states that Lattice does not engage in any automated decision making with User Personal Information, a limit that matters for an HR product.

Does not sell, with opt-out

Lattice declares under the CCPA that it does not sell personal information, and offers a CCPA opt-out portal at preferences.lattice.com/ccpa for the limited advertising sharing it does perform.

Full rights menu, DPO, and SCCs

Section 12 grants access, deletion, correction, portability, objection, and restriction. The policy names a Data Protection Officer at dpo@lattice.com, an EU representative, and Standard Contractual Clauses for transfers outside the EEA and UK.

Vague retention and silent on training

Retention is stated as as long as is necessary, with no day-count and no deletion timeline, and the policy never says whether content entered into the Lattice Services trains any AI models, because that is covered in a separate AI Use Terms document.

What the policy is silent or vague on

Not stated: keeping user inputs out of model training
Not stated: a way to opt out of training
Not stated: whether training use differs by plan
Not stated: your ownership of generated outputs

Lattice privacy rating

Training-data use0 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inSilent

Names a way to opt out of or into trainingSilent

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsSilent

Data-subject rights5 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatDisclosed

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion1 of 4 disclosed

States a retention period for your dataPartial

States a deletion timeline after closure or requestSilent

Sets a shorter retention for AI conversation logsSilent

Commits to collecting only the data it needsDisclosed

Third-party sharing5 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementDisclosed

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersDisclosed

States a standard for government and law-enforcement accessDisclosed

Transparency3 of 4 disclosed

Discloses that you are interacting with AIPartial

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesDisclosed

Is versioned and dated, with change noticeDisclosed

Sensitive data and children2 of 3 disclosed

Discloses automated decisions and a human-review pathDisclosed

Limits the use of special-category dataSilent

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability1 of 3 disclosed

Describes its security safeguardsPartial

Commits to breach notificationPartial

Names a certification or a privacy contactDisclosed

DisclosedPartialSilentAdverseNot applicable

Details

Category: HR & recruiting
Modalities: text
Processes biometrics: No
Policy last updated: 2026-05-05
Region scored: Global / US-default
Assessed: 2026-06-20

Read Lattice's privacy policy

Other hr & recruiting apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.