Legal
Privacy Policy
This Privacy Policy explains what information TinyPrd (“Lattice,” “we,” “us”) collects when you use Lattice, how we use it, and the choices you have. We built Lattice to help you remember what you learn, and we take the privacy of your notes and study data seriously.
Last updated: June 25, 2026
Information we collect
We only collect what we need to run Lattice and improve it.
Information you provide
Account details like your name and email address, the notes, documents, and transcripts you upload, the review cards generated from them, and anything else you create or save in Lattice.
Information collected automatically
Usage data such as the decks and cards you review, your recall responses, and your review schedule. We also use first-party cookies for anonymous analytics and attribution (see below). We do not use third-party tracking cookies or cross-site trackers.
Information from integrations
If you connect a third-party service (for example, a sign-in provider or import source), we receive the account information you authorize us to access.
Anonymous analytics and attribution
We use first-party cookies to understand how people discover and use Lattice. These cookies store only an anonymous session identifier (a random string, not linked to your account or identity), the campaign that brought you here (e.g. “Twitter” or “email” if you clicked a link with UTM parameters), and which version of a feature you saw during an A/B test. None of this data identifies you personally, we never share it with third-party analytics or advertising providers, and we do not use it to build profiles or track you across other sites. We process this data under our legitimate interest in measuring and improving Lattice. Because these cookies are first-party and strictly functional or anonymous, you do not see a cookie consent banner when you visit Lattice.
How we use your information
We use your information to provide, maintain, and improve Lattice:
- To generate review cards and calculate your retrievability scores.
- To schedule the cards you should review and personalize your experience.
- To operate your account, authenticate you, and provide support.
- To understand which channels bring new users to Lattice, so we can focus on what works (this uses only anonymous campaign data, never your identity).
- To run A/B tests on our marketing pages to improve the experience for future visitors (this uses only the anonymous session identifier and never personal data).
- To monitor usage, prevent abuse, and keep Lattice secure.
Legal basis for processing (GDPR)
If you are in the European Economic Area, the UK, or Switzerland, we process your personal data on the following bases:
- Performance of a contract: to deliver Lattice and the features you signed up for.
- Legitimate interests: for anonymous analytics, campaign attribution, A/B testing, security monitoring, and improving Lattice — all balanced against your rights and always without identifying you personally in these contexts.
- Consent: for optional marketing communications, which you can withdraw anytime.
- Legal obligation: where we are required to retain or disclose data.
Intelligence processing of your content
Lattice uses models to turn your notes into review cards. Your content is processed to provide this feature to you. We do not sell your data, and we do not use your personal notes to train public models. Where a sub-processor is used, it is bound by contract to process data only on our instructions.
Sharing and sub-processors
We do not sell your personal information. We share data only with service providers who help us operate Lattice (such as hosting, model inference, and email delivery), under written agreements that require confidentiality and appropriate security. Our anonymous analytics and attribution data is processed entirely on our own infrastructure and is never shared with third-party analytics, advertising, or data-broker services. A current list of categories of sub-processors is available on request.
International data transfers
Lattice and its providers may process data in countries other than your own. Where this involves a transfer outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses, or another valid transfer mechanism.
Data retention
We keep your data for as long as your account is active, or as needed to provide Lattice. You can request deletion at any time. We retain limited information after deletion where required by law or for legitimate security and record-keeping purposes.
Security
We use reasonable technical and organizational measures, such as encryption in transit, access controls, and regular reviews, to protect your data. No method of transmission or storage is fully secure, so we cannot guarantee absolute security.
Your privacy rights
Depending on where you live, you may have the right to:
- Access or receive a copy of your personal data.
- Correct inaccurate or incomplete data.
- Request deletion of your data.
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time (without affecting processing already done).
How to exercise your rights
Email support email with your request. We respond within the timeframes required by applicable law. For details specific to EU/UK residents, see our GDPR page.
Children's privacy
Lattice is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here with a new “Last updated” date and, for material changes, notify you in the app or by email.
Contact us
Questions about this policy or your data? Email support email or write to us at our address in Portugal.