Privacy Policy - Leaf AI Ltd
Effective Date: January 1st, 2024
Leaf AI Ltd ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This privacy policy explains how we collect, use, store, and protect the personal information of individuals using Lola, our chatbot designed for reminiscence therapy for those with dementia and other vulnerable individuals ("service users").
By using Lola by Leaf, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.
Leaf AI Ltd is a company registered in England and Wales, with company registration number 14987657 and registered address:
Office 17, 17 Mann Island, Liverpool, L3 1BP
We are registered with the Information Commissioner's Office (ICO) with reference ZB608102.
For any privacy-specific concerns, please contact our Data Protection Officer, Adam Galloway, at:
Email: [email protected]
Postal Address: Office 17, 17 Mann Island, Liverpool, L3 1BP
We collect the following types of personal data:
Personal Information: Names, contact details, and other identifying information.
Interests and Events Data: Information related to the user's interests and significant life events.
Conversational Data: Messages and conversations from interactions with Lola.
Voice Data: Recordings of your voice when interacting with Lola, primarily used for measuring transcription quality.
Technical and Log Data: IP address, device details, browser type, operating system, and usage data.
Location Data: When required by your organisation, we may collect location data to verify whether you are within a designated geofenced area for reporting purposes. We do not collect location data continuously or track your movements beyond the necessary verification process.
Your data is used for the following purposes:
Providing Our Services: To deliver and personalise the Lola by Leaf service.
Quality Improvement: Conversations with Lola may be used for training and improving the service.
Communication: To contact you regarding updates, support, and service-related information.
Protecting Our Services: To monitor and secure our services against misuse or unauthorised access.
Location Verification: When required by your organisation, to verify your presence within a designated geofenced area for reporting purposes.
Legal Obligations: To comply with applicable laws and regulations.
We take your data privacy and security seriously. Your data is stored securely within Microsoft Azure servers in the United Kingdom. We implement technical and organisational measures, including encryption, access controls, and regular security audits, to protect your data from unauthorised access, disclosure, or breaches.
We process your data based on the following legal grounds:
Consent: Your freely given consent, provided by you or a carer acting on your behalf.
Contractual Necessity: To fulfil our obligations under the terms of service.
Legal Obligations: To comply with applicable laws and regulations.
You have the right to withdraw your consent at any time by contacting us at [email protected].
We retain personal data for as long as necessary to provide our services and fulfil the purposes outlined in this policy. Personal data is stored for a maximum of 6 years after you cease using our service, unless a longer retention period is required by law.
We may share your data with third-party data processors to provide our services. Our current third-party processors include:
Microsoft (Azure): Cloud hosting and storage.
OpenAI: Natural language processing and AI training.
Sentry: Error tracking and performance monitoring.
Firebase: App analytics and development.
ElevenLabs: Voice processing and transcription services.
These third parties are bound by strict contractual agreements to ensure the protection and security of your data.
In the event of a business sale or transfer, we may share your data with the acquiring entity. You will be notified and given the opportunity to opt out.
If your data is transferred outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with applicable data protection laws.
Under the UK GDPR and EU GDPR, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your data under certain conditions.
Right to Restrict Processing: Request restriction of processing under certain conditions.
Right to Data Portability: Request transfer of your data to another service provider.
Right to Object: Object to processing of your data for specific purposes.
To exercise these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.
We may update this policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated to you via email or through our website. The updated policy will be posted on our website with the effective date.
If you have a complaint about our handling of your data, you have the right to lodge a complaint with:
Our Data Protection Officer: Email [email protected].
The UK Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF