Reviewed: this page is updated whenever anything material changes.
If you need anything in writing, our Data Processing Agreement is available on request. Email hello@lingovoice.ai.
Where your data lives
All processing happens within the United Kingdom and European Union. Our primary infrastructure is hosted in London. Speech recognition, translation and text-to-speech processing are performed in UK and EU regions only.
Where any sub-processor handles data in a country outside the UK or EU, that transfer is governed by Standard Contractual Clauses, or the UK to US Data Bridge where applicable. The only category of data that ever leaves the UK or EU is email addresses for transactional notifications. We never transfer conversation content, audio or session transcripts outside the UK or EU.
Recording and audio
This is the honest version, and it matters most for a clinic or a legal intake.
Recording is off by default. Real-time translation is not retained. While a session is live, voice is streamed for transcription and translation and the audio is not written to disk. If you turn recording on, that audio is stored encrypted and automatically deleted after 30 days.
A host may enable recording on a per-session basis with the participants' consent. A recording includes the audio and the bilingual transcript, is stored in UK cloud storage in the London region, and stays under the host's control. Hosts can delete any recording at any time. We never access recordings ourselves except for direct technical support that the customer asks us for.
Chat messages and translations
Chat messages and their translations exist only for the life of the active room. When the last participant leaves, every message for that room is deleted automatically. Messages are never archived or backed up.
What we keep, and for how long
| Data | How long we keep it |
|---|---|
| Live translation | Not retained. Processed in real time. |
| Chat messages | Deleted automatically when the room closes |
| Session recording (opt-in) | Encrypted, deleted after 30 days, deletable on demand |
| AI session summary (opt-in) | Stored against the host account, deletable any time |
| Account and billing | For the life of the account, plus six years for UK tax law |
| Usage metadata (no content) | Retained for billing and reporting only |
Per-session metadata covers the date, duration, languages used, minutes consumed and cost. It does not include any conversation content.
Your control
You can ask us to delete your account and the data tied to it at any time by emailing hello@lingovoice.ai. We action the request within 30 days, as required by UK GDPR Article 17, except where we are legally required to keep certain records, such as billing data for tax compliance.
- Recording is opt-in and host-controlled, with a one-click delete.
- Guest tokens are room-specific, time-limited and revocable by the host at any time. Guests never see organisation data.
- Account roles are Owner, Admin and Member, so billing and member management sit only with the people who should hold them.
- Every session generates a metadata audit log that you can export.
Encryption
All traffic between your browser and LingoVoice is secured with modern TLS, and HTTP connections are redirected to HTTPS. Live interpreting sessions use encrypted connections for all audio, text and control messages.
All stored data sits on AES-256 encrypted storage. The database, file storage and any session recordings are protected by full-disk encryption. User passwords are hashed and never stored in plain text or in any reversible form. Access tokens are short-lived and refreshed in the background, and refresh tokens are stored as hashes in cookies that JavaScript cannot read.
Sub-processors
LingoVoice uses a small number of carefully vetted sub-processors to deliver core platform capabilities. The categories below describe what each one does. The full list with named providers and their data-protection terms is available to current customers and qualified prospects on request. Email hello@lingovoice.ai.
| Category | Purpose | Data processed | Region |
|---|---|---|---|
| Cloud hosting | Platform infrastructure | All platform data | UK (London) |
| File storage | Document and recording storage | Uploaded files, opt-in recordings | UK (London) |
| Translation engines | Real-time text translation | Chat message text only | UK / EU |
| Speech recognition | Voice to text | Voice audio in transit only, not stored | UK / EU |
| Text to speech | Voice synthesis | Translated text in transit only | UK / EU |
| Payment processing | Card payments | Payment instrument data only | EU |
| Transactional email | Account and billing emails | Email address only | UK / EU |
All sub-processors are bound by data-processing agreements that prohibit the use of customer data for AI model training, or for any purpose beyond delivering the contracted service.
The honest boundary
AI for the intake, a certified human interpreter for the formal record. Use LingoVoice for the fast first conversation: the walk-in, the urgent instruction, the symptom, the document a client is trying to explain. For a witness statement, a sworn document, a court hearing, an end-of-life conversation or any safety-critical setting, a qualified human interpreter should always be used. The product is built around that line, not against it.
What we do not claim
We will not claim certifications we do not currently hold. We are honest about what is in progress versus what is in place today.
| Standard | Status | Target |
|---|---|---|
| UK GDPR & Data Protection Act 2018 | In place | - |
| ICO registration | Held by parent company Lingo Service Translations Ltd | - |
| Cyber Essentials | Application in progress | End Q2 2026 |
| Cyber Essentials Plus | Planned | Q3 2026 |
| NHS Data Security & Protection Toolkit | Application in progress | Q3 2026 |
| ISO 27001 (information security) | Planned, not yet held | 2027 |
| SOC 2 Type II | Planned, not yet held | After ISO 27001 |
| WCAG 2.2 AA accessibility | Self-assessed | Independent audit Q4 2026 |
If a certification matters to your procurement process and ours is in progress, we are happy to share where we are in the assessment cycle, including the assessor name and target audit date.
AI use and oversight
LingoVoice provides assistive translation and transcription, not autonomous decision-making. We follow a few clear principles:
- Human in the loop for safety-critical decisions. The tool augments professionals, it does not replace them. For sworn proceedings, court appearances or end-of-life conversations, a qualified human interpreter should always be used.
- No training on customer data. Your conversations are never used to train AI models, and our sub-processor agreements prohibit it explicitly.
- Audit trail. Every session generates a metadata audit log that customers can export.
- Domain-tuned modes. Clinical and legal modes apply domain-appropriate behaviour to reduce terminology errors in regulated contexts.
Incident response and insurance
In the event of a personal data breach affecting customers, we notify the Information Commissioner's Office within 72 hours of becoming aware where UK GDPR Article 33 requires it, and we notify affected customers without undue delay. Security disclosures go to security@lingovoice.ai, and we acknowledge reports within two working days.
Professional Indemnity cover of one million pounds is held by the parent company, with two million pounds of Public Liability cover. Cyber insurance is in progress alongside Cyber Essentials.
Contact
General compliance enquiries: hello@lingovoice.ai
Data Protection Officer: dpo@lingovoice.ai
Security disclosures: security@lingovoice.ai
Right of complaint: If you are unhappy with how we have handled your personal data, you can lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.
LingoVoice is a product of Lingo Service Translations Ltd, registered in England and Wales (Company No. 09343595). Cardiff, United Kingdom.