Contact Sales

Latch Data Policy and New York City Tenant Data Privacy Act

Does Latch’s data retention policy comply with New York City’s Tenant Data Privacy Act?

Yes, we have revised our Privacy Policy to comply with New York City’s Tenant Data Privacy Act. This change will automatically be effective on July 30, 2021 for all Latch users in a New York City property and applies to data collected on or after that date. This change impacts users across LatchOS applications for consumers and enterprises in New York City. More information regarding this NYC data retention policy can be found in our Privacy Policy.

What happens to New York City resident access logs after 90 days in the Latch App?

Activity logs for buildings in New York City will be subject to a 90 day retention period starting July 30, 2021 for access logs collected on or after that date. After 90 days, these activity logs will be deleted or anonymized on a rolling basis.

What happens to my (resident) access logs before the New York City Tenant Data Privacy Act policy takes effect?

New York City building activity logs from before July 30, 2021 will not be visible via the Latch App or Latch Mission Control. For NYC buildings, only 90 days worth of activity logs generated on or after July 30, 2021 will be accessible via the Latch App or Latch Mission Control. For special cases where data beyond that time frame is needed, please reach out to support@latch.com.

What happens to logs outside of New York City buildings that do not fall under the Tenant Data Privacy Act policy?

Activity logs for buildings outside of New York City will abide by the default two-year retention period. Access logs will only be visible in a two-year time range. Activity logs generated on or after July 30, 2021 will be removed or anonymized two-years after they are generated.

How do you work to prevent security breaches?

This is being reviewed by JJ:
We’ve approached security from every angle to reduce the risk of malicious activity. We continuously test our hardware and software against potential threat models and frameworks to get ahead of potential risks, and are committed to making software updates if and when vulnerabilities are detected. Additionally, we’ve taken steps to ensure that access information is protected: encrypting data on our devices as well as on our back-end servers, building in strong authentication and data leakage provisions, and more. 

First, our offline-first design approach means that our Latch M, e-Genius Powered by Latch, and C devices do not require internet connectivity to unlock. Operating independently from the internet provides an extra layer of security against malicious actors and keeping residents’ data safe.

Second, in addition to running internal static, unit, and integration tests, we partner with third-party firms to run periodic penetration tests, and validate our product architecture and design. We also use a variety of security monitoring tools to detect risks in real-time and test new features and products in real-world scenarios.

Finally, ‍Latch devices are designed to get better every day. Because all our products can be upgraded via Bluetooth, we’re able to roll out the latest security features and fixes quickly and easily.

To learn more about how our security program has been designed to meet commercial best practices, visit latch.com/security-privacy.

Can I request to see the data that Latch collects about my access history, or delete my data?

Please review our Privacy Policy for further information on how Latch handles consumer privacy rights requests. Please also review the privacy policies of your property manager or building owner.

Data Deletion Requests

As a Latch user, you may request deletion by navigating to the menu in your Latch App, selecting ‘Settings’ and  then choosing ‘Delete my account via Support.’ This will send a deletion request to Latch Support. You may also submit a request via email directly to Support@latch.com. 

With respect to our processing of your data as it relates to your building and unit access, Latch acts as a “service provider” or “data processor” on behalf of its customers (property owners and managers) that act as “businesses” or “data controllers.” In our capacity as a service provider, we cannot act on your deletion request directly and always require approval from your property management team to process your deletion request. When we receive your deletion request, we’ll contact your property management team to request approval to delete your data. If they approve, we’ll process your request. If they do not approve, we’ll refer you to contact them directly to discuss their data policies or reasons for denying the request. 

Note that, as part of the deletion request process, we’ll also verify your identity and confirm your request to delete your data by sending a verification code to your Latch-associated email address. 

Data Download Requests

Generally, unless required by law or if there is a need to address a security incident, Latch does not provide copies of access event data outside what is visible to you in the Latch App. With respect to our processing of your data as it relates to your building and unit access, Latch acts as a “service provider” or “data processor” on behalf of its customers (property owners and managers) that act as “businesses” or “data controllers.” In our capacity as a service provider, we cannot act on your data access request directly and always require approval from your property management team to process your data access request.

Data Download Requests Pursuant to a Statutory Right  

If you live in a state that provides consumers with certain rights over their personal data, including the right to access that data and obtain a copy (e.g., California, Colorado, Virginia, Utah, Connecticut, etc.), you may be entitled to make a data access request to your property manager or building owner. If your property manager or building owner is subject to the state’s data privacy law, they would act as a “business” or “data controller” with respect to your personal data and Latch would act as their “service provider” or “data processor.” Your request for access to your data that is processed by Latch should be directed to your property manager or building owner, who can then direct Latch to fulfill your request. Under our Privacy Policy, if you have “resident” permissions to your unit door, we will not share your unit access data with your property manager or building owner. Where your property manager or building owner requests us to fulfill your data access request, we will verify your identity and provide you with the responsive data by sending it to your Latch-associated email address.

Data Download Requests Not Pursuant to a Statutory Right

As described above, a few states (e.g., California, Colorado, Virginia, Utah, Connecticut) provide consumers with certain rights over their personal data, including the right to access one’s personal information processed by a “business” or “data controller” (i.e., property manager or building owner). If you do not live in a state that provides those rights to state consumers, you would not have a statutory right to access your personal information collected by Latch on behalf of your property manager or building owner. That being said, you can always view your access logs in the Latch App and know that Latch depersonalizes door access information in accordance with its retention schedule (90 days from the day of record creation for properties in New York City and 2 years from the day of record creation for properties anywhere else). You can also make a request for data access directly to your property manager or building owner, which they can review and act upon at their discretion. You may find additional details in our Privacy Policy. Please also review the privacy policies of your property manager or building owner.

Canada Data Download Requests

For users in Canada, you are entitled to access personal information that we have collected, used, or disclosed about you. If you'd like to make a request, please either make it through the Latch App or send it to support@latch.com. Upon verifying your identity, we will respond to your request within thirty (30) days. If we need additional time in order to respond to your request, we will notify you and explain the reasons for the additional time.

Law Enforcement/Legal Request

If you are requesting records pursuant to a subpoena, court order, or other legal process, please send the request and supporting documentation to legal@latch.com and cc support@latch.com

Emergency/Security Request

If you have security or safety concerns that require investigation of access activity at your private unit door, you may contact us directly, stating your concern, explaining why the access activity information you see in the Latch App is not sufficient to address your concern, and making a specific request. If you have not done so prior to contacting us, we will involve your property manager, as necessary, to help address your request. To make a request, email support@latch.com with your name and Latch account email or call us on our toll-free telephone line: 1-877-890-2221 (operates on East Coast business hours).

We note that while Latch strives to capture all access events, in limited instances, we may experience unintentional loss of access log data that is associated with the operation of our products. Such expected access log data loss may limit your ability to view certain access events. 

 

Who can view my access history? How long is this data stored for?

If you have resident status at a private unit door, your activity history at your private door is not visible nor shared with anyone at your property, including landlords or property managers. For the safety of the building, activity by all users at common doors (regardless of user status and including residents) is captured and visible to property management staff. Activity by all users who do not have resident status (e.g., residents’ guests and users of 24 hour doorcodes) at private unit doors is visible to the resident of that unit as well as property management staff. 

Any available access logs (for buildings outside of New York City) will be retained for a two-year retention period. This is to ensure that you’ll have access to a history of who entered your space and when (including landlords, property managers, and building staff), which helps resolve disputes if and when they occur. Activity logs older than two years will be depersonalized two years after they are generated.

While we strive to capture all access events, in limited instances, we may experience unintentional loss of access event data that is associated with the operation of our products. Such expected access event data loss may limit your ability to view certain access events.

What if I don’t want my property manager to see my guest access?

Unfortunately, property managers need to be able to view your guests’ access history to maintain the safety and security of the building and everyone in it.  

Do Latch devices take photos?

 

Do Latch devices take photos?

We designed Latch devices so you can easily and securely enter your space and share access with those you trust. For peace of mind, some Latch devices have a camera on their exterior that takes photos in specific situations while preserving your privacy, so you can check who entered your space and when (Latch C, Latch M, and Latch R). The Latch C2, current Latch M, Latch T and E-Genius Powered by Latch do not have a camera.

When are photos taken at private unit doors?

  • Latch devices with cameras on private unit doors only take photos under specific circumstances, namely during a failed/incorrect doorcode attempt and when someone uses a daily doorcode. Latch devices at private unit doors do not capture photos during Latch App (Bluetooth) unlocks, mechanical key unlocks, keycard unlocks, or doorcode unlocks that are not 24-hour daily doorcodes (i.e. no photos are taken if a user utilizes the doorcode provided with Latch App access).

When are photos taken at public doors?

  • For the security of the building, Latch devices at common area/public doors take photos of the following unlock events regardless of user type (resident, guest, accounts with property management permissions): Latch App (Bluetooth) unlocks, 24-hour daily doorcode unlocks, and doorcode unlocks that are not tied to 24-hour daily doorcodes.

Who can see the photos?

If you have resident status, photos at your private unit door are visible only to you, other users with resident status at your private unit door, and authorized building personnel.

Note: The lens on the R, M, and C devices is not capable of taking video.

Is there an interior camera on my Latch device? Can Latch see inside my apartment?

No, there is no interior camera on any Latch device, and Latch cannot see inside your apartment. 

What if my Latch Keycard is lost or stolen?

If you've lost your Latch Keycard or you think it might be stolen, we recommend performing the following steps:

  1. Go to keycard.latch.com
  2. Select 'Deactivate'
  3. Enter your Latch email address (that you use to login to the app)
  4. Check your email and confirm the deactivation
  5. Perform a door update on your device using your Latch App (or request your property management team perform the door update) as the keycard will still work on any non-internet connected doors until a door update is performed.

If you need a new Keycard, contact your property management and activate it with the following steps.