Lattice

Overview

Lattice is a people management platform that provides tools for performance reviews, goal setting (OKRs), employee engagement surveys, compensation management, and career development tracking. Like other HR platforms, Lattice operates primarily as a standalone SaaS application — employees access it through Lattice's own hosted interface rather than through scripts embedded on third-party websites.

Lattice's presence on external websites is minimal. When it does appear, it is typically in the form of links directing employees to the Lattice platform or lightweight authentication handoff scripts for single sign-on integration. Website operators encountering Lattice in their third-party script audits are likely seeing it in an internal portal or intranet context rather than on a public-facing website.

What This Script Does

Lattice's interaction with third-party websites is limited and functionally scoped:

• SSO authentication redirects: Scripts may facilitate single sign-on flows, redirecting authenticated employees from an internal portal to the Lattice platform with identity tokens for seamless login.
• Survey access links: Employee engagement survey invitations may include links or embedded buttons that direct users to Lattice-hosted survey pages. These are typically simple redirects rather than embedded scripts.
• Notification widgets: In some enterprise configurations, lightweight scripts may display notification badges or prompts (e.g., "You have a pending review") within an internal portal, fetching status data from Lattice's API.
• Minimal cookie footprint: Any cookies set on third-party domains are typically limited to session management for authentication flows and do not persist beyond the immediate interaction.

Lattice does not perform behavioral tracking, analytics data collection, or advertising functions on third-party websites. Its data collection occurs within its own hosted platform where employees interact with HR tools directly.

Consent & Compliance

Lattice's scripts on third-party websites serve a narrow functional purpose — facilitating employee access to HR tools. Under GDPR, the processing of employee data within Lattice's platform is governed by the employer-employee relationship and typically relies on legitimate interest or contractual necessity as the legal basis. The client-side scripts that handle authentication redirects are functionally necessary for the service.

Cookies set for SSO session management are likely to qualify as strictly necessary under the ePrivacy Directive, as they enable a service explicitly requested by the user (accessing their HR platform). No marketing, analytics, or cross-site tracking is involved.

Employee data processed within Lattice's platform (performance reviews, survey responses, compensation data) carries significant privacy sensitivity, but this processing occurs on Lattice's own infrastructure and is governed by the data processing agreement between the employer and Lattice rather than by the website's consent management setup.

Should You Block This Without Consent?

Lattice's scripts on third-party websites serve purely functional purposes — authentication handoffs and employee access to HR tools. There is no behavioral tracking, analytics, or marketing data collection. Blocking these scripts would prevent employees from accessing their people management tools, with no privacy benefit. The scripts set only functional session cookies necessary for authentication.

No.