Lingly
Book a call

Lingly

Sign inBook a call

Privacy Policy

Last Updated: 23/03/2026

1. Introduction

Welcome to Lingly ("Lingly", "we", "us", "our"). Lingly Limited provides a unified language assessment and training platform designed for workplace language skills, primarily serving care workers and other frontline professionals. Our services are provided exclusively to business organizations ("Customers") and accessed by individual employees or candidates ("Users") under a Customer's account.

This Privacy Policy explains what personal data we collect when you (an individual "User", which may include employees or candidates of our Customers) use our Services, how we use and share that data, and your rights concerning your data.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the Customer (your employer) is the Data Controller and Lingly is the Data Processor with respect to your personal data.

This Privacy Policy forms part of our Terms of Use. By using our Services, you acknowledge you have read and understood this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

We collect information to provide and improve our Services. This includes:

a. Information You Provide Directly:

  • Account Registration & Onboarding: When you or your employer creates an account or you onboard onto our training platform, we may collect your name, email address, native language, the language you are learning, your assessed language level, desired language level, timezone, locale preference, job role, employer name, industry, phone number (for Language Screening), and how you heard about us. If you sign up using Google, we may receive your name, email address, and Google avatar URL.

  • Communications: If you contact us directly (e.g., via email support at support@lingly.ai ), we collect your name, email address, and the content of your communication.

b. Information Provided by Employers (Our Customers):

  • Language Screening: For our Language Screening service, your potential or current employer (the Data Controller) may provide us with your name and phone number to facilitate the screening call.

c. Information Collected During Service Use:

  • Language Training Platform (app.lingly.ai): We collect data about your learning progress, including: modules and lessons started/completed, performance in exercises and roleplays (including text transcriptions and voice-to-text inputs), vocabulary words learned and reviewed, fluency tip interactions, daily review completions, quiz scores, and learning streaks.

  • Audio Data (AI Roleplays): When participating in interactive AI roleplays, your voice input is temporarily processed by our third-party AI providers (OpenAI and ElevenLabs) to generate responses and provide feedback on pronunciation.

  • Automatically Collected Data (Website & Platform):

    • Log & Device Data: When you access our website or platform, we automatically collect your IP address, browser type, operating system, device identifiers, settings, and the date/time of your visit.

    • Usage Data: We collect information about how you interact with our website and platform, such as pages visited, features used, and session duration.

  • Cookies and Tracking Technologies: We use cookies and similar technologies on our website (lingly.ai uses Google Analytics; app.lingly.ai uses Vercel Analytics) to operate the site, understand how visitors use it, and for marketing purposes. You can manage cookie preferences through your browser settings and our website's cookie consent tool.

3. How We Use Your Information

We use the information we collect for purposes including:

  • Providing and Maintaining Services

  • Personalizing Language Training

  • Conducting Language Screening (as a processor for employers)

  • Improving Services (analyzing usage, diagnosing issues, developing features)

  • Communication (service updates, support, marketing with consent)

  • Reporting to Employers (as per contractual agreements, often aggregated/anonymized)

  • Security and Fraud Prevention

  • Legal Compliance

4. Legal Basis for Processing (UK GDPR)

We rely on the following legal bases to process your personal data:

  • Contractual Necessity: To provide the core Services under our agreement with your employer.

  • Legitimate Interests: For service improvement, personalization, security, analytics, and screening, ensuring these don't override your rights.

  • Consent: For marketing emails and non-essential cookies.

  • Legal Obligation: To comply with legal duties.

5. How We Share Your Information

We do not sell your personal data. We may share it with:

  • Service Providers: Third parties assisting with our operations. Key sub-processors include:

    • Cloud Infrastructure: DigitalOcean, Vercel (Hosting)
    • AI Processing: OpenAI (LLM), Anthropic (LLM), Google Cloud (Text-to-Speech), ElevenLabs (Text-to-Speech)
    • Communications: Plunk (Email)
    • Analytics: PostHog, Vercel Analytics

    These providers are contractually obligated to protect data and process it only for the purposes we specify.

  • Employers (Our Customers): Language Screening results and call transcriptions are shared with the requesting employer. Training platform progress reports (potentially including individual progress as contractually agreed, otherwise aggregated/anonymized) may be shared with the employer providing access.

  • Legal Requirements: When required by law or to protect rights and safety.

  • Business Transfers: In case of merger, acquisition, or asset sale.

6. AI Data Processing & Aggregation

a. Third-Party Processing

To provide AI-powered features, we process your data using third-party AI service providers (primarily OpenAI and ElevenLabs). We have configured these services to prevent them from using your data to train their publicly available AI models. These providers may retain data for a limited period for security and misuse monitoring, after which it is removed from their systems.

b. Internal Improvement

We may render personal data anonymous so that it is no longer personally identifiable ("Aggregated Data"). We use this anonymised data for research, benchmarking, and to train or improve our internal machine learning algorithms (e.g., to improve the accuracy of our grammar correction tools). This Aggregated Data is not considered Personal Data under the UK GDPR.

7. Data Security

We implement technical and organizational measures like encryption (at rest and in transit), access controls, and secure authentication to protect your data. However, no system is 100% secure.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, to provide our Services, or as required by law. We have established specific retention periods for different types of data based on business needs and legal requirements.

For detailed information about how long we keep different types of personal data, please see our comprehensive Data Retention Policy. This includes specific timeframes for account data, learning records, voice recordings, communications, and analytics data.

You can request deletion of your data at any time by contacting us at support@lingly.ai. Data may be deleted earlier than our standard retention periods if you exercise your right to erasure or if our processing becomes unlawful.

9. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you

  • Right to rectification: Request correction of inaccurate or incomplete data

  • Right to erasure: Request deletion of your personal data

  • Right to restrict processing: Request that we limit how we use your data

  • Right to data portability: Request a copy of your data in a structured format

  • Right to object: Object to processing based on legitimate interests

  • Right to withdraw consent: Withdraw consent for marketing communications

To exercise these rights, please contact us at support@lingly.ai. As your employer is the Data Controller for most processing activities, you may also need to contact them directly for certain requests. You also have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

10. Children's Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we learn we have collected such data, we will delete it promptly.

11. International Data Transfers & Locations

We prioritise data sovereignty. Our primary databases and hosting infrastructure are located within the United Kingdom and the EEA.

a. Sub-processors within the UK/EEA

Where possible, we utilise regional processing options to keep data local:

  • Google Cloud Text-to-Speech: Data is processed within Europe via the EU regional endpoint.

b. International Transfers

Some specialised services may require processing outside the UK/EEA:

  • OpenAI (AI Processing): We enforce a Zero Data Retention policy via the API, meaning your inputs and outputs are not stored at rest by OpenAI. Data is processed in the United States and is not used for model training. Transfers are safeguarded by Standard Contractual Clauses (SCCs).

  • Anthropic (AI Processing): Data is processed in the United States and retained for a limited period for safety monitoring, after which it is deleted. Data is not used for model training. Transfers are safeguarded by Standard Contractual Clauses (SCCs).

  • ElevenLabs (Speech Synthesis): United States. Data is not used for model training. Transfers are safeguarded by Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA).

For all international transfers, we ensure appropriate safeguards (such as the UK International Data Transfer Agreement) are in place to ensure your data receives protection equivalent to UK GDPR standards.

12. Third-Party Links

Our Services may link to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via our website and/or email to registered users. Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@lingly.ai

  • Data Protection Officer: harry@lingly.ai

  • Company: Lingly Limited

  • Address: Cornhill International House, 36-38 Cornhill, London, EC3V 3NG, United Kingdom