LatticeBack to home

Legal

Privacy Policy

Last updated June 5, 2026

This Privacy Policy explains how Lattice Strategy, LLC (“Lattice,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit latticestrategy.co(the “Site”), contact us, or otherwise engage with our services. By using the Site, you acknowledge the practices described in this policy.

1. Scope

This policy applies to information we collect through the Site, by email, and in the course of providing advisory services. It does not apply to third-party websites or services that we do not own or control.

2. Information we collect

Information you provide

When you submit an inquiry, request a strategy session, or correspond with us, we collect details such as your name, institution, role, email address, telephone number, and the contents of your message.

Information collected automatically

When you access the Site, we and our service providers may automatically collect technical information such as IP address, device and browser type, operating system, referring URLs, pages viewed, and the dates and times of access, including through cookies and similar technologies.

Information from third parties

We may receive information about you from business contacts, referral sources, and publicly available sources, and we may combine it with the information described above.

3. Cookies and tracking technologies

We use cookies, web beacons, and similar technologies to operate the Site, remember preferences, and understand usage. The categories we use include:

  • Strictly necessary: required for the Site to function and cannot be switched off in our systems.
  • Analytics/performance: help us understand how visitors interact with the Site so we can improve it.
  • Preference: remember choices you make to personalize your experience.

Most browsers let you refuse or delete cookies through their settings. Disabling certain cookies may affect the functionality of the Site. We respond to Global Privacy Control (GPC) signals where required by law.

4. How we use information

We use the information we collect to:

  • Respond to inquiries and schedule and deliver strategy sessions;
  • Provide, operate, maintain, and improve the Site and our services;
  • Communicate with you about engagements, and send relevant updates;
  • Analyze usage and trends to enhance user experience;
  • Detect, prevent, and address security incidents and misuse; and
  • Comply with legal, regulatory, and contractual obligations.

5. Legal bases for processing (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on one or more of the following legal bases: your consent; the performance of a contract with you or to take steps at your request; our legitimate interests in operating and improving our business (where not overridden by your rights); and compliance with a legal obligation.

6. How we share information

We do not sell your personal information. We may share information:

  • With service providers who perform functions on our behalf (such as hosting, email delivery, and analytics) under confidentiality obligations;
  • When required by law, subpoena, or other legal process, or to protect rights, safety, and property;
  • In connection with a business transaction such as a merger, financing, acquisition, or sale of assets; and
  • With your consent or at your direction.

7. Confidentiality of engagement information

Information you share about specific credits, borrowers, collateral, or institutions is treated with strict confidentiality and used solely to evaluate and support a potential or active engagement, consistent with any applicable engagement agreement.

8. International data transfers

We are based in the United States and may process and store information there or in other countries whose data protection laws may differ from those in your jurisdiction. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

9. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, including to provide services, comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, we delete or de-identify it.

10. Data security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your privacy rights

EEA/UK (GDPR)

Subject to applicable law, you may have the right to access, rectify, or erase your personal data; to restrict or object to processing; to data portability; to withdraw consent at any time; and to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

Subject to applicable law, California residents may have the right to know and access the personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information. We do not sell personal information, and we will not discriminate against you for exercising your rights.

How to exercise your rights

To make a request, contact us at [email protected]. We will verify your request as required and respond within the timeframes set by applicable law. You may use an authorized agent where permitted.

12. Children’s privacy

The Site is intended for business users and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.

13. Third-party links

The Site may link to third-party websites and services. We are not responsible for their content or privacy practices, and we encourage you to review their policies.

14. Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. Because no common industry standard for DNT has been adopted, the Site does not currently respond to DNT signals, but we honor recognized opt-out preference signals where required by law.

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised “Last updated” date, and where required, we will provide additional notice.

16. Contact us

If you have questions or requests regarding this policy or your personal information, contact us at [email protected].