Privacy Policy

Latch (“we,” “us,” or “our”) operates the Latch app for iPhone and iPad. This policy explains what information we collect, how we use it, and your choices. Latch is designed to be local‑first: your settings, profiles, schedules, and block records stay on your device by default.

We collect very little. The categories below are the only data we receive.

• —Support communications — messages you send to app@latch.family and our replies.
• —Crash diagnostics — anonymous crash logs, only if you enable crash reporting through iOS system settings. These contain no browsing activity.
• —Apple account identifier — when you sign in with Apple, we receive a stable user identifier and, if you choose to share it, your name and email address. We use this solely to link your subscription and enable account recovery. See Apple’s Privacy Policy for how Apple handles Sign in with Apple data.
• —App Store purchase records — Apple processes payment and provides us a receipt confirming subscription status. We do not receive your payment card details.

To be explicit, Latch does not collect or receive:

• —Your browsing history or the domains you visit
• —The content of your DNS queries beyond what is needed to apply your rules on device
• —Your location
• —Your contacts or address book
• —Any data about which apps you use or how long you use them
• —Any data from children that we are aware of

Latch runs a local DNS protection extension on your device using Apple’s Network Extension framework. When you enable protection, iOS will show a network or VPN permission prompt — this is required by the system for any app that installs a local network extension. The extension runs entirely on your device and does not route your traffic through any server we operate.

DNS queries for domains that are blocked by your rules are resolved locally and never leave your device. DNS queries for domains that are not blocked are forwarded to an upstream DNS resolver. The default resolver is Cloudflare (1.1.1.1 and 1.0.0.1). Cloudflare operates under its own privacy policy. We do not control, log, or receive any data from queries passed to Cloudflare.

Latch also uses Apple’s Screen Time framework (ManagedSettings and FamilyControls) to block apps and app categories at the system level. Shield events from both the DNS layer and the Screen Time layer are recorded locally and appear in Reports inside the app. Neither Latch nor any third party receives these records.

We use the information we collect only for the following purposes.

• —Verifying and maintaining your subscription access
• —Enabling account recovery when you reinstall or switch devices
• —Responding to support requests
• —Investigating crashes when you have opted in to diagnostics
• —Complying with applicable law and responding to lawful legal requests

We do not use your data for advertising, profiling, or any purpose not listed above.

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We may share limited information in these circumstances only:

• —Service providers — vendors who process support email or provide essential hosting infrastructure, under confidentiality obligations and only for the purpose of providing those services.
• —Legal requirements — if required by law, court order, or government authority, or to protect the rights, property, or safety of Latch, our users, or others.
• —Business transfers — in connection with a merger, acquisition, or sale of assets, in which case we will give you notice and any successor will be bound by this policy or provide equivalent protections.

We use reasonable technical and organizational measures to protect the limited information we hold. The guardian PIN is stored in the iOS Keychain on your device and is never transmitted to us. Your Apple account credentials are managed entirely by Apple and are not accessible to us. Because most app data exists only on your device, we have no access to it and cannot be breached for it.

Support emails are retained as long as needed to resolve your request and maintain a reasonable correspondence record, typically no longer than two years unless required by law. Crash logs, if collected, are retained for a short period sufficient to diagnose issues.

App data — settings, schedules, profiles, and block records — lives on your device. Deleting the app removes it. If you delete your account through Settings, Latch removes the Apple account identifier stored on that device and returns the app to its first-run state.

Latch is intended for use by adults and by adults configuring devices for children in their care. Latch is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. Parental or guardian controls in the app are managed by the adult who sets up the device; block records generated by a child’s device activity stay on that device and are not transmitted to us.

If you believe we have inadvertently collected personal information from a child under 13, please contact us at app@latch.family and we will delete it promptly.

You can delete all on-device app data at any time by deleting the app. To delete your account and disassociate your Apple ID from Latch, go to Settings → Account → Delete Account inside the app. This clears local Latch account data and then shows Apple’s steps for revoking Latch access from your Apple ID. Your subscription is managed through Apple and must be cancelled separately in iOS Settings → Apple ID → Subscriptions.

Depending on your region (including the EU/EEA under GDPR, California under CCPA, and other applicable laws), you may have rights to access, correct, port, or delete personal information we hold, and to object to or restrict processing. To exercise any of these rights, contact us at app@latch.family. We will respond within the time required by applicable law.

Privacy questions and requests go to app@latch.family.