Skip to content
Last updated · February 8, 2026

Data & Security

A short, plain-English trust page covering the architecture, permissions, and what to do if you find a vulnerability.

Lattice is built around one rule: your conversations stay on your device. No Lattice server stores them. The only network calls Lattice makes are (a) on your behalf, to the AI provider you chose for Ask, using your own API key; and (b) periodic license checks to Gumroad once Pro is active.

Local-first architecture

All conversation content captured from chatgpt.com and claude.ai is written to IndexedDB and chrome.storage.local on your machine. There is no Lattice backend that ingests, mirrors, or syncs your chats. If you uninstall the Extension or clear your browser data, that storage is gone.

Bring-your-own-key model for Ask

The Ask Lattice feature is the only place network traffic leaves your machine on your behalf. When you ask a question:

  • You pick a provider (Groq, OpenAI, Anthropic, or Google).
  • The Extension uses your own API key, stored locally.
  • Your selected conversation context plus the question is sent directly from your browser to that provider — Lattice servers are not in the loop.
  • The provider returns the answer to your browser, where Lattice renders it with source citations.

What each Chrome permission actually accesses

  • sidePanel — renders the Lattice UI in Chrome's side panel.
  • tabs / activeTab — knows which AI tab is active to capture and display the right conversation.
  • storage — saves maps and settings locally on your device.
  • alarms — schedules the optional weekly thinking-patterns report.
  • notifications — optional alerts (off by default in most builds).
  • Host access to chatgpt.com and claude.ai — reads visible conversation text to build your Atlas.
  • Host access to the AI provider API domains — for Ask, using your own key.
  • Host access to gumroad.com — license validation for Pro.

Deleting your data

You have full control over the local store at any time:

  • Delete individual conversations from the side panel.
  • Wipe the entire local store from the settings.
  • Uninstall the Extension — the local data is removed with it.
  • Export everything as JSON before you delete, if you want a backup.

Because we don't hold a server-side copy of your chats, there is nothing left for us to delete.

Responsible disclosure

If you believe you've found a security issue in the Lattice extension or website, please email hello@uselattice.online with details and a proof-of-concept where possible. Please give us a reasonable window to investigate before publicly disclosing. We'll acknowledge receipt within a few business days and keep you updated on the fix.