Does Latch’s data retention policy comply with New York City’s Tenant Data Privacy Act?

Yes, we have revised our Privacy Policy to comply with New York City’s Tenant Data Privacy Act. This change will automatically be effective on July 30, 2021 for all Latch users in a New York City property and applies to data collected on or after that date. This change impacts users across LatchOS applications for consumers and enterprises in New York City. More information regarding this NYC data retention policy can be found in our Privacy Policy.

What happens to New York City resident access logs after 90 days in the Latch App?

Activity logs for buildings in New York City will be subject to a 90 day retention period starting July 30, 2021 for access logs collected on or after that date. After 90 days, these activity logs will be deleted or anonymized on a rolling basis.

What happens to my (resident) access logs before the New York City Tenant Data Privacy Act policy takes effect?

New York City building activity logs from before July 30, 2021 will not be visible via the Latch App or Latch Mission Control. For NYC buildings, only 90 days worth of activity logs generated on or after July 30, 2021 will be accessible via the Latch App or Latch Mission Control. For special cases where data beyond that time frame is needed, please reach out to support@latch.com.

What happens to logs outside of New York City buildings that do not fall under the Tenant Data Privacy Act policy?

Activity logs for buildings outside of New York City will abide by the default two-year retention period. Access logs will only be visible in a two-year time range. Activity logs generated on or after July 30, 2021 will be removed or anonymized two-years after they are generated.

This is being reviewed by JJ:
We’ve approached security from every angle to reduce the risk of malicious activity. We continuously test our hardware and software against potential threat models and frameworks to get ahead of potential risks, and are committed to making software updates if and when vulnerabilities are detected. Additionally, we’ve taken steps to ensure that access information is protected: encrypting data on our devices as well as on our back-end servers, building in strong authentication and data leakage provisions, and more. 

First, our offline-first design approach means that our Latch M, e-Genius Powered by Latch, and C devices do not require internet connectivity to unlock. Operating independently from the internet provides an extra layer of security against malicious actors and keeping residents’ data safe.

Second, in addition to running internal static, unit, and integration tests, we partner with third-party firms to run periodic penetration tests, and validate our product architecture and design. We also use a variety of security monitoring tools to detect risks in real-time and test new features and products in real-world scenarios.

Finally, ‍Latch devices are designed to get better every day. Because all our products can be upgraded via Bluetooth, we’re able to roll out the latest security features and fixes quickly and easily.

To learn more about how our security program has been designed to meet commercial best practices, visit latch.com/security-privacy.

Your access history at your personal door is never shared with or sold to third parties for the purposes of marketing or advertising. 

For additional details on this topic please review our Privacy Policy. 

If you have or had Latch access in either California, Colorado, Virginia, Utah, or Connecticut  

You may be entitled to (now or later this year, depending on when the state’s privacy law takes effect) certain consumer rights with respect to your personal information. Under these state privacy laws, a “business” or “data controller” that either (a) collected your data or (b) caused your data to be collected by a “service provider” or “data processor” would have an obligation to fulfill a verified consumer privacy request. In most cases (e.g., your building and unit access), Latch acts as a “service provider” or “data processor” on behalf of its customers (property owners and managers) that act as “businesses” or “data controllers.” In this capacity, Latch cannot action any privacy requests directly, and you need to direct your data rights requests to your property owner or manager. In some circumstances, after receiving your request, our customer may ask us for help in fulfilling it, including by asking us to directly provide you with a copy of your personal information. In that case, for your protection, we will need to verify your identity before we can provide the personal information to you. You may find additional details in our Privacy Policy. 

In limited circumstances, Latch may act as a “business” or “data controller,” where you have a direct relationship with Latch (e.g., a WeWork membership that you purchased directly from Latch). In these rare circumstances, Latch will action your privacy rights request directly when you send us a request to support@latch.com.  

If you do not have or did not previously have Latch access in California, Colorado, Virginia, Utah, or Connecticut

You do not have a statutory right to access or delete your personal information collected by Latch. That being said, you can always view your access logs in the Latch App and know that Latch depersonalizes door access information in accordance with its retention schedule (90 days from the day of record creation for properties in New York City and 2 years from the day of record creation for properties anywhere else). You may find additional details in our Privacy Policy.

Canada Data Subject Requests

For users in Canada, you are entitled to access personal information that we have collected, used, or disclosed about you. If you'd like to make a request, please send a request to support@latch.com. Upon verifying your identity, we will respond to your request within thirty (30) days. If we need additional time in order to respond to your request, we will notify you and explain the reasons for the additional time.

Law Enforcement/Legal Request

If you are requesting records pursuant to a subpoena, court order, or other legal process, please send the request and supporting documentation to legal@latch.com and cc support@latch.com. 

Emergency Request

If you have security or safety concerns that require investigation of access activity at your private unit door, you may contact us directly, stating your concern, explaining why the access activity information you see in the Latch App is not sufficient to address your concern, and making a specific request. If you have not done so prior to contacting us, we will involve your property manager, as necessary, to help address your request. To make a request, email support@latch.com with your name and Latch account email or call us on our toll-free telephone line: 1-877-890-2221 (operates on East Coast business hours).

We note that while Latch strives to capture all access events, in limited instances, we may experience unintentional loss of access log data that is associated with the operation of our products. Such expected access log data loss may limit your ability to view certain access events. 

Please review our Privacy Policy for further information on how Latch handles consumer privacy rights requests.

If you have resident status at a private unit door, your activity history at your private door is not visible nor shared with anyone at your property, including landlords or property managers. For the safety of the building, activity by all users at common doors (regardless of user status and including residents) is captured and visible to property management staff. Activity by all users who do not have resident status (e.g., residents’ guests and users of 24 hour doorcodes) at private unit doors is visible to the resident of that unit as well as property management staff. 

Any available access logs (for buildings outside of New York City) will be retained for a two-year retention period. This is to ensure that you’ll have access to a history of who entered your space and when (including landlords, property managers, and building staff), which helps resolve disputes if and when they occur. Activity logs older than two years will be depersonalized two years after they are generated.

While we strive to capture all access events, in limited instances, we may experience unintentional loss of access event data that is associated with the operation of our products. Such expected access event data loss may limit your ability to view certain access events.

What if I don’t want my property manager to see my guest access?

Unfortunately, property managers need to be able to view your guests’ access history to maintain the safety and security of the building and everyone in it.  

Do Latch devices take photos?

We designed Latch devices so you can easily and securely enter your space and share access with those you trust. For peace of mind, some Latch devices have a camera on their exterior that takes photos in specific situations while preserving your privacy, so you can check who entered your space and when (Latch C, Latch M, and Latch R). The Latch C2, current Latch M, Latch T and E-Genius Powered by Latch do not have a camera.

When are photos taken at private unit doors?

• Latch devices with cameras on private unit doors only take photos under specific circumstances, namely during a failed/incorrect doorcode attempt and when someone uses a daily doorcode. Latch devices at private unit doors do not capture photos during Latch App (Bluetooth) unlocks, mechanical key unlocks, keycard unlocks, or doorcode unlocks that are not 24-hour daily doorcodes (i.e. no photos are taken if a user utilizes the doorcode provided with Latch App access).

When are photos taken at public doors?

• For the security of the building, Latch devices at common area/public doors take photos of the following unlock events regardless of user type (resident, guest, accounts with property management permissions): Latch App (Bluetooth) unlocks, 24-hour daily doorcode unlocks, and doorcode unlocks that are not tied to 24-hour daily doorcodes.

Who can see the photos?

If you have resident status, photos at your private unit door are visible only to you, other users with resident status at your private unit door, and authorized building personnel.

Note: The lens on the R, M, and C devices is not capable of taking video.

Is there an interior camera on my Latch device? Can Latch see inside my apartment?

No, there is no interior camera on any Latch device, and Latch cannot see inside your apartment. 

If you've lost your Latch Keycard or you think it might be stolen, we recommend performing the following steps:

1. Go to keycard.latch.com
2. Select 'Deactivate'
3. Enter your Latch email address (that you use to login to the app)
4. Check your email and confirm the deactivation
5. Perform a door update on your device using your Latch App (or request your property management team perform the door update) as the keycard will still work on any non-internet connected doors until a door update is performed.

If you need a new Keycard, contact your property management and activate it with the following steps.