Compliance & Data Protection

Last updated: 19 February 2026

LingoVoice is committed to protecting your data and operating transparently under UK GDPR and applicable data protection laws. This page provides a centralised overview of our compliance posture, sub-processor relationships, security practices, and accessibility commitment.

1. Data Processing Agreement (DPA)

This section outlines the standard terms under which LingoVoice processes personal data on behalf of its customers, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.1 Scope

This DPA applies to the processing of personal data by LingoVoice (the "Processor") on behalf of the customer (the "Controller") when using the LingoVoice real-time interpreting platform. It covers all personal data processed through the platform, including but not limited to user account information, audio data, message text, and payment details.

1.2 Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person, as defined under UK GDPR Article 4(1).
• "Processing" means any operation performed on personal data, including collection, recording, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
• "Sub-processor" means any third party engaged by the Processor to process personal data on behalf of the Controller.
• "Data Subject" means the identified or identifiable natural person to whom the personal data relates.

1.3 Data Processing Terms

• LingoVoice processes personal data only on documented instructions from the Controller, unless required by UK law to do otherwise.
• Processing is carried out solely for the purpose of providing real-time interpreting, translation, and related platform services.
• LingoVoice does not sell personal data, use it for advertising, or process it for any purpose beyond the services contracted.
• All persons authorised to process personal data have committed to confidentiality obligations.

1.4 Security Measures

• Encryption of all data in transit using TLS 1.2 or higher.
• Encryption of data at rest within our database infrastructure.
• Password hashing using industry-standard one-way algorithms (never stored in plaintext).
• Authentication tokens stored as irreversible hashes.
• Access controls limiting personnel access to personal data on a need-to-know basis.
• Regular security reviews and vulnerability assessments.

1.5 Sub-processing

LingoVoice engages sub-processors to deliver its services. A complete list of current sub-processors is provided in Section 2 below. The Controller is deemed to have given general written authorisation for the use of these sub-processors. LingoVoice will notify the Controller of any intended changes to sub-processors, giving the Controller the opportunity to object.

1.6 Data Subject Rights

LingoVoice assists the Controller in fulfilling its obligations to respond to Data Subject requests under UK GDPR, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection. Users may exercise their rights directly through their account settings or by contacting support@lingovoice.ai.

1.7 Breach Notification

In the event of a personal data breach, LingoVoice will notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, categories of data affected, approximate number of Data Subjects affected, likely consequences, and measures taken or proposed to address the breach.

1.8 Data Deletion

Upon termination of the service agreement or upon request, LingoVoice will delete or return all personal data to the Controller, and delete all existing copies, unless UK law requires retention. Users may self-service delete their accounts through the platform, which permanently removes all associated personal data.

2. Sub-processor List

The following third-party sub-processors are engaged by LingoVoice to deliver its services. This list is kept current and updated whenever sub-processor relationships change.

All sub-processors are bound by data processing agreements that require them to protect personal data in accordance with UK GDPR. For questions about sub-processors, contact dpo@lingovoice.ai.

3. Security Overview

LingoVoice employs a layered security approach to protect all data processed through the platform:

• Encryption in transit — All connections are secured with TLS 1.2+ and HTTPS is enforced across the entire platform. No unencrypted data transmission is permitted.
• Encryption at rest — Database contents are encrypted at rest using industry-standard encryption algorithms.
• Session-scoped messages — Translation messages are not persisted long-term. Messages exist only for the duration of the active interpreting session and are discarded upon session completion.
• Password security — User passwords are hashed using industry-standard one-way hashing algorithms. Passwords are never stored in plaintext or reversible formats.
• Token security — Authentication tokens are stored as irreversible hashes. Compromised token data cannot be used to reconstruct valid credentials.
• Regular security reviews — We conduct periodic security reviews and vulnerability assessments across our infrastructure and application code.
• SOC 2 Type II — Certification is in progress with a target completion date of 2026.

To report a security vulnerability, contact security@lingovoice.ai.

4. Data Residency

LingoVoice is designed to keep data within trusted jurisdictions:

• Primary infrastructure — Hosted on DigitalOcean in the London (LON1) region, United Kingdom.
• AI processing — Some AI processing (speech recognition, translation, text-to-speech) is routed through EU and US endpoints depending on the provider and language pair. See the sub-processor list above for specific provider locations.
• Transfer scope — No personal data is transferred outside the UK, EU, or United States.
• Legal framework — All data processing is governed by the UK GDPR. Transfers to the United States are covered under the UK-US Data Bridge, which provides an adequate level of protection as recognised by the UK government.

5. Accessibility Statement

LingoVoice is committed to ensuring digital accessibility for all users. We continually improve the user experience and apply relevant accessibility standards across our platform.

• WCAG 2.1 AA — We are committed to meeting the Web Content Accessibility Guidelines (WCAG) 2.1 at Level AA, as recommended by the UK Government Digital Service.
• Keyboard navigation — All core platform features are fully navigable using a keyboard alone.
• Screen reader compatibility — The platform uses semantic HTML and ARIA attributes to ensure compatibility with assistive technologies including screen readers.
• High contrast dark theme — The default dark interface provides high contrast ratios between text and background, reducing eye strain and improving readability.
• Responsive design — The platform is fully responsive and tested across desktop, tablet, and mobile devices to ensure a consistent experience on all screen sizes.

If you encounter any accessibility barriers or have suggestions for improvement, please contact us at support@lingovoice.ai. We take all accessibility feedback seriously and aim to address reported issues promptly.

6. ICO Registration

LingoVoice is operated by Lingo Service Translations, a UK-based professional translation and interpreting company headquartered in Cardiff, United Kingdom.

ICO (Information Commissioner's Office) registration is in progress. The registration number will be published on this page once confirmed.