Skip to main content

Latched — Privacy Policy

Last updated: April 12, 2026

Latched Solutions LLC (“Latched,” “we,” “us,” or “our”) operates the Latched Services platform (latchedservices.com and related applications). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, role (Parent or Consultant), and account credentials managed through Microsoft Entra External ID.
  • Profile Information: For Consultants — professional credentials (IBCLC certification number, NPI), business address, practice details, biography, and profile photo. For Parents — general location and preferences.
  • Health Information (PHI): Session notes, intake forms, consultation records, and other health-related information exchanged during sessions. This information is classified as Protected Health Information under HIPAA.
  • Payment Information: Billing details processed through Stripe. We do not store full credit card numbers on our servers. When you make a payment, a reference to your payment method is saved securely through Stripe for future use, including faster checkout for subsequent sessions and enforcement of cancellation fees per your Consultant's cancellation policy. You may request removal of your saved payment method at any time.
  • Insurance Billing Information: If you use insurance for sessions, we collect insurance carrier name, member ID, group number, and related information to generate superbills and, when applicable, submit insurance claims on your behalf through our clearinghouse partner. Diagnosis codes (ICD-10) and procedure codes (CPT) are associated with session records for billing purposes.
  • Communications: Messages sent through our in-app messaging system and support inquiries.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration, and interaction patterns.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Log Data: IP addresses, access times, and referring URLs.

1.3 Information from Third Parties

We may receive information from credential verification services, identity providers (Microsoft Entra External ID), and payment processors (Stripe).

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Platform
  • Facilitate connections between Parents and Consultants
  • Process payments and generate superbills for insurance reimbursement
  • Verify Consultant credentials and certifications
  • Send transactional communications (booking confirmations, session reminders)
  • Improve the Platform through analytics and usage patterns
  • Respond to support requests and inquiries
  • Comply with legal obligations, including HIPAA requirements
  • Detect, prevent, and address fraud, abuse, and security issues

3. HIPAA Compliance

3.1 Protected Health Information

As a platform facilitating healthcare-related consultations, certain information you provide or that is generated during sessions constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We implement safeguards to protect PHI in accordance with HIPAA requirements.

3.2 Technical Safeguards

  • Encryption at Rest: AES-256-GCM encryption for all stored PHI
  • Encryption in Transit: TLS 1.3 for all data transmission
  • Access Controls: Role-based access controls (RBAC) ensuring users only access data relevant to their role
  • Audit Logging: Comprehensive audit trails for all PHI access and modifications
  • Session Security: Automatic 15-minute session timeout for inactive users
  • Video Security: HIPAA-compliant video sessions via Twilio with end-to-end encryption

3.3 Business Associate Agreements

We maintain Business Associate Agreements (BAAs) with all third-party service providers that may access, process, or store PHI on our behalf.

3.4 Your HIPAA Rights

Under HIPAA, you have the right to:

  • Access your PHI maintained by the Platform
  • Request corrections to inaccurate PHI
  • Receive an accounting of disclosures of your PHI
  • Request restrictions on certain uses and disclosures
  • Receive a copy of this Privacy Policy
  • File a complaint if you believe your privacy rights have been violated

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Other Users

When you book a session, relevant profile information is shared between Parents and Consultants to facilitate the consultation. Consultants see Parent names and session details; Parents see Consultant profiles, credentials, and availability.

4.2 With Service Providers

We share information with trusted third-party providers who assist in operating the Platform:

  • Stripe: Payment processing, saved payment methods, and Consultant payouts
  • Twilio: HIPAA-compliant video sessions
  • Microsoft Azure: Cloud hosting, database, and infrastructure
  • Microsoft Entra External ID: Identity and authentication
  • Claim.MD: Insurance claim submission, eligibility verification, and electronic remittance processing
  • Resend: Transactional email delivery

4.3 For Legal Compliance

We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or property.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.

4.5 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or PHI to third parties for marketing or advertising purposes.

5. Data Retention

We retain your information as follows:

  • Account Information: Retained for as long as your account is active, plus a reasonable period after account closure
  • PHI and Session Records: Retained for a minimum of 6 years as required by HIPAA, or longer as required by applicable state law
  • Payment Records: Retained as required by tax and financial regulations
  • Audit Logs: Retained for a minimum of 6 years per HIPAA requirements

When data is no longer required, it is securely deleted or de-identified in accordance with industry best practices.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption, firewalls, secure coding practices, regular security assessments, and employee training. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a data breach affecting your PHI, we will notify you and the relevant authorities as required by HIPAA and applicable state breach notification laws.

7. Your Rights and Choices

7.1 Access and Correction

You may access and update your account information at any time by logging into your account. To request access to or correction of your PHI, contact us at privacy@latchedservices.com.

7.2 Account Deletion

You may request deletion of your account by contacting us. Note that certain information (such as PHI and session records) must be retained as required by law, even after account deletion.

7.3 Communication Preferences

You may opt out of non-essential communications at any time. Transactional messages related to your account and sessions cannot be opted out of while your account is active.

7.4 Do Not Track

We do not currently respond to “Do Not Track” browser signals. We will update this policy if we adopt a standard for responding to such signals in the future.

8. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately and we will take steps to delete such information.

9. State-Specific Privacy Rights

9.1 Colorado Residents

Latched Solutions LLC is headquartered in Colorado. Under the Colorado Privacy Act (CPA), Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data. You also have the right to opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling. We do not sell personal data or use it for targeted advertising. To exercise your rights, contact us at privacy@latchedservices.com.

9.2 Connecticut Residents

Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the right to access, correct, delete, and obtain a portable copy of their personal data, as well as the right to opt out of the sale of personal data, targeted advertising, and profiling. We do not sell personal data. To exercise your rights, contact us at privacy@latchedservices.com.

9.3 Rhode Island Residents

Under the Rhode Island Data Transparency and Privacy Protection Act, Rhode Island residents have additional rights regarding their personal data, including the right to know what data is collected, request deletion, and opt out of the sale of personal data. We do not sell personal data. To exercise your rights, contact us at privacy@latchedservices.com.

9.4 Texas Residents

Under the Texas Data Privacy and Security Act (TDPSA), Texas residents have additional rights including the right to know what personal data is collected, the right to delete personal data, and the right to opt out of the sale of personal data. We do not sell personal data.

9.5 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. You may request disclosure of the categories and specific pieces of personal information collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@latchedservices.com.

10. Cancellation Fees and Automatic Charges

When you book a session, your payment method is saved securely through Stripe for future use. If a Consultant has a cancellation policy and you cancel a scheduled session within their cancellation window (typically 24–72 hours before the session), a cancellation fee may be automatically charged to your saved payment method. The fee amount is determined by the Consultant's cancellation policy, which is displayed at the time of booking.

Consultants may waive cancellation fees at their discretion. If a fee is waived after being charged, a refund will be processed to your original payment method.

11. Cookies and Tracking Technologies

We use essential cookies necessary for Platform functionality, including authentication and session management. We do not use third-party advertising cookies. Analytics cookies may be used to understand usage patterns and improve the Platform. You can control cookie preferences through your browser settings.

12. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 30 days before taking effect. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of the Platform after changes take effect constitutes acceptance.

14. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

Latched Solutions LLC

Privacy Officer Email: privacy@latchedservices.com

General Email: support@latchedservices.com

Website: latchedservices.com

15. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@latchedservices.com. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr.

This Privacy Policy is provided for informational purposes and does not constitute legal advice. For legal questions, please consult a qualified attorney.