Privacy Policy - Leaf AI Ltd

Effective Date: January 1st, 2024

1. Introduction

Leaf AI Ltd ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This privacy policy explains how we collect, use, store, and protect the personal information of individuals using Lola, our chatbot designed for reminiscence therapy for those with dementia and other vulnerable individuals ("service users").

By using Lola by Leaf, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Contact Details

Leaf AI Ltd is a company registered in England and Wales, with company registration number 14987657 and registered address:

Office 17, 17 Mann Island, Liverpool, L3 1BP

We are registered with the Information Commissioner's Office (ICO) with reference ZB608102.

For any privacy-specific concerns, please contact our Data Protection Officer, Adam Galloway, at:

3. Data We Collect

We collect the following types of personal data:

4. How We Use Your Data

Your data is used for the following purposes:

5. Data Security and Storage

We take your data privacy and security seriously. Your data is stored securely within Microsoft Azure servers in the United Kingdom. We implement technical and organisational measures, including encryption, access controls, and regular security audits, to protect your data from unauthorised access, disclosure, or breaches.

We process your data based on the following legal grounds:

You have the right to withdraw your consent at any time by contacting us at [email protected].

7. Data Retention

We retain personal data for as long as necessary to provide our services and fulfil the purposes outlined in this policy. Personal data is stored for a maximum of 6 years after you cease using our service, unless a longer retention period is required by law.

8. Sub-Processors and Data Sharing

We may share your data with third-party data processors to provide our services. Our current third-party processors include:

These third parties are bound by strict contractual agreements to ensure the protection and security of your data.

In the event of a business sale or transfer, we may share your data with the acquiring entity. You will be notified and given the opportunity to opt out.

9. International Data Transfers

If your data is transferred outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with applicable data protection laws.

10. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights:

To exercise these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated to you via email or through our website. The updated policy will be posted on our website with the effective date.

12. Complaints

If you have a complaint about our handling of your data, you have the right to lodge a complaint with: