Lattice Logo
Auxiliary Machines Inc.
Lattice Logo

Privacy Policy

Effective Date

March 1, 2026

Last Updated

March 1, 2026

Auxiliary Machines Inc. ("Lattice", "we", "us", "our")

This Privacy Policy describes how Auxiliary Machines Inc., operating as Lattice (runlattice.com), collects, uses, and protects information when you use our platform and services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • First and last name
  • Enterprise/organization affiliation
  • Role within your organization

1.2 Investigation Data

When you use Lattice to conduct investigations, you may upload or create:

  • Documents (PDFs, spreadsheets, images, log files, CSV files)
  • Problem statements and incident descriptions
  • Evidence and supporting materials
  • Timeline events
  • Root cause analysis diagrams and conclusions
  • Recommended actions and corrective/preventive actions (CAPA)

This data is provided by you and belongs to you. See Section 4 for how we handle it.

1.3 Integration Data

If you connect third-party services, we store:

  • Slack: OAuth tokens, team identifiers, and user mappings necessary to operate the integration
  • Jira: OAuth tokens and site information necessary to operate the integration
  • Email: Inbound email content sent to your Lattice-assigned address

1.4 Usage Data

We collect standard usage information including:

  • Browser type and version
  • Pages visited and features used
  • Timestamps of actions
  • Error logs for debugging

We do not use third-party advertising trackers.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Lattice platform
  • Authenticate your identity and enforce access controls
  • Process your investigation data using AI models (see Section 3)
  • Generate investigation reports, timelines, and root cause analyses
  • Maintain audit logs of investigation activity
  • Send transactional emails (e.g., account verification, investigation notifications)
  • Diagnose and fix technical issues

We do not use your information to:

  • Serve advertisements
  • Sell data to third parties
  • Build user profiles for marketing purposes

3. AI Processing and Model Training

3.1 How AI Processes Your Data

Lattice uses AI models to assist with investigation workflows, including evidence analysis, pattern identification, root cause reasoning, and report generation. When you use these features, your investigation data is sent to our AI subprocessors for real-time inference (generating responses), not for model training.

3.2 No Cross-Customer Training

Your data is never used to train, fine-tune, or improve AI models that are shared with other customers or the general public. This commitment is both architecturally enforced (tenant-isolated infrastructure) and contractually guaranteed.

3.3 Custom Models (Future)

If Lattice offers custom model fine-tuning in the future, this would only occur with your explicit, documented consent. Any resulting model would be deployed exclusively for your organization and would not be accessible to other customers.

3.4 Subprocessor AI Commitments

Our primary AI subprocessor is Google Cloud (Vertex AI / Gemini API). Per Google's Cloud Data Processing Addendum and AI/ML data governance policy: "Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction." Google may temporarily retain prompts for abuse monitoring purposes, but this data is not used for model training.

4. Data Ownership and Tenant Isolation

4.1 You Own Your Data

All investigation data, documents, reports, and AI-generated outputs created within your Lattice environment belong to your organization. We do not claim ownership of your content.

4.2 Tenant Isolation

Lattice operates a multi-tenant architecture with strict enterprise-level isolation:

  • Each organization's data is logically isolated at the database level using row-level security (RLS) policies.
  • No organization can query, view, or access another organization's data through the application or database layer.
  • File storage is scoped to your organization.
  • AI queries are processed in the context of your organization's data only.

5. Data Storage and Security

5.1 Where Data Is Stored

  • Structured data (investigations, user accounts, audit logs): Encrypted cloud-native relational databases
  • Documents and files: Encrypted object storage infrastructure
  • Vector embeddings (for semantic search): Secure cloud infrastructure

5.2 Security Measures

  • Encryption in transit: All data transmitted between your browser, our servers, and third-party services uses TLS encryption (HTTPS).
  • Encryption at rest: Sensitive credentials (e.g., database connector passwords) are encrypted using AES-based encryption (Fernet). Our hosted data providers enforce encryption at rest for all stored data.
  • Authentication: JWT-based authentication with token refresh.
  • Access controls: Role-based access controls (RBAC) with admin and member roles. Investigation-level visibility controls allow restricting access to specific team members.
  • Audit logging: All investigation actions (creation, evidence uploads, status changes, AI interactions) are logged with user identity and timestamp.
  • Infrastructure security: Security middleware blocks common reconnaissance and attack patterns.

6. Third-Party Subprocessors

We use industry-standard secure subprocessors to operate Lattice, including providers for AI model inference (we utilize Google Cloud / Vertex AI), database hosting, secure file storage, and transactional email delivery. Each subprocessor is bound by strict data processing agreements. We do not share your data with subprocessors beyond what is legally and operationally necessary to provide the service.

7. Data Retention and Deletion

  • Your data is retained for as long as your account is active and your organization maintains a subscription.
  • You may request deletion of your organization's data at any time by contacting us at [email protected].
  • Upon account termination, we will delete your data within 30 days, unless retention is required by law.
  • Backups may retain data for up to 30 additional days after deletion, after which they are purged.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a portable format.
  • Objection: Object to specific processing of your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

Lattice uses essential cookies for authentication and session management. We do not use advertising or tracking cookies.

10. Children's Privacy

Lattice is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform. Continued use of Lattice after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or our data practices:

Auxiliary Machines Inc.
Email: [email protected]
Website: https://www.runlattice.com