The Latch app does not store user credentials or information regarding the paired services.
If a device is lost or stolen, an attacker could (avoiding the device security restrictions), access the device and may have access to the Latch app. However, even if the user was logged in to Latch, the Latch account information won´t be visible.
Users can reset their password from any browser or the Latch mobile app. Resetting the password will invalidate all previously issued tokens to running applications (all user´s active sessions are automatically closed).