Security is at the core.

We design our products to be as secure, if not more secure, than conventional mechanical locks.

They record an access log and in some cases, a photo, when someone attempts to unlock the door.

Provides keyless and easy-to-track credentials like the Latch App and Keycard, which removes the insecurity of physical keys, which can be copied and difficult to track.

Access can be revoked without the need to wait for an integrator or locksmith.

Doors can be assigned schedules, so access is only available to people at certain times on certain days.

Built to be secure.

Data theft and hacking are a real concern in today’s connected world. Which is why we’ve built security into everything we do.

Data encryption in transit and at rest

We secure sensitive data by encrypting it while in-transit and storing it in an encrypted format while at rest.

Latch App, Latch Manager, Latch Cloud and internet-connected Latch devices communicate with each other via TLS 1.2.

All data in Latch Cloud, such as access permissions, access logs, access photos, and personally identifiable information, is encrypted at rest using AWS KMS with at least 128-bit AES encryption.

Data in Latch App is secured using platform-specific best practices such as iOS Keychain and Android Keystore.

Vulnerability-testing

Latch undergoes full system penetration tests by a third party with results being actioned on, in a timely fashion.

We work closely with the security community to implement the latest forward-thinking security architectures and policies.

Availability

Our offline-first design approach means that devices do not require internet connections to unlock in the event of a network or cloud outage.

Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers.

Internal policies

Multi-factor-authentication is enforced for all teams and tools where available.

Sensitive internal resources are separated from the internet via a VPN.

Staff are trained in security best practices when applicable, with training plans under continuous review for improvement.

Security researchers

To report security or privacy issues that affect Latch products or web servers, please contact product-security@latch.com. You may encrypt your emails to Latch using the Latch PGP Key. We will do our best to reply to reports in a timely fashion and periodically update you on our progress with respect to investigating or remediating any issues you may have identified.

Privacy.

Our philosophy is to provide flexible access sharing tools while preserving the security, safety, and privacy of everyone. Hence, while Latch devices record data, the storage and access of such data is strictly controlled.

Access log and photo privacy

Latch products give residents peace of mind with; a history of who accessed their space, when they did so, and if it's a guest of theirs, a photo – so they can verify the right person entered. Their comings and goings from their private spaces however are only viewable by them and the lock will never take a photo of them when entering their home.

To keep common areas safe for everyone, building managers are able to see all access history with accompanying photos for the common doors, much like building security cameras.