← Back to home

Privacy Policy

Last updated: March 18, 2026

1. Who We Are

LiveLingo is a product of Lunana Global Inc. ("we", "us", "our"), the data controller for your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at livelingo.io and our mobile applications (collectively, the "Service").

2. Information We Collect

We collect the following types of information:

  • Account information: When you sign up, we collect your email address, phone number, or Google account information used for authentication, as well as an optional display name.
  • Audio data: When you use our translation service, your microphone audio is streamed to our servers and third-party speech recognition providers for real-time processing. Audio is processed transiently and is not stored after the session ends. We do not retain raw audio recordings.
  • Session data: We store transcripts and translations from your sessions so you can review them later. These include source text, translated text, speaker labels, and timestamps, and are associated with your account.
  • AI-generated content: Meeting memos and session summaries generated by the Service are stored in your account.
  • Usage data: We collect session duration, language pairs used, subscription tier, and feature usage to operate and improve the Service.
  • Analytics data: We use Google Analytics and Google Ads conversion tracking, which may collect anonymized browsing data, page views, referral sources, and device information through cookies and similar technologies.
  • Payment information: Payment processing is handled by Stripe (web) or Apple/Google (in-app). We do not store your credit card details. See Stripe's Privacy Policy.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance: Processing your audio, storing transcripts, and managing your account are necessary to provide the Service you signed up for.
  • Consent: We process your microphone audio based on your explicit consent when you start a recording or join a call. You can withdraw consent at any time by stopping the session.
  • Legitimate interest: We use analytics data to improve the Service, detect abuse, and ensure security. We balance our interests against your rights and use anonymized data where possible.

4. How We Use Your Information

  • To provide, maintain, and improve our translation service
  • To authenticate your identity and manage your account
  • To store your session history, transcripts, and meeting memos
  • To process payments and manage your subscription
  • To monitor usage for tier-based billing and abuse prevention
  • To generate session titles and meeting summaries using AI
  • To communicate with you about your account, service updates, or security alerts
  • To analyze aggregate usage patterns and improve service quality

We do not use your audio, transcripts, or translations to train AI models. Your content is processed solely to deliver the Service.

5. Data Storage, Security, and Transfers

Your data is stored in Supabase (hosted on AWS in the United States) with row-level security policies ensuring you can only access your own data. All data is transmitted over encrypted connections (TLS/HTTPS/WSS).

International transfers: If you are located outside the United States, your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and/or your explicit consent as the legal mechanism for these transfers. Some of our third-party providers (including Google and Stripe) are certified under the EU-US Data Privacy Framework (DPF).

We take reasonable technical and organizational measures to protect your information, including encryption at rest and in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Third-Party Services

We use the following third-party services to provide the Service. Your data may be shared with these providers as necessary for service delivery:

  • Soniox: Speech recognition — receives streamed audio for real-time transcription. Audio is processed transiently.
  • Google Gemini: Translation and summarization — receives transcribed text for translation. Text is processed per Google's API Terms.
  • Groq: Context expansion for improved translation accuracy — receives topic context and brief text excerpts.
  • LiveKit: WebRTC peer-to-peer call infrastructure
  • Supabase: Authentication and database hosting (AWS US)
  • Stripe: Payment processing
  • Vercel: Website hosting
  • Google Analytics: Website analytics and conversion tracking

Each service operates under its own privacy policy. We select providers that maintain appropriate data protection standards.

7. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled.
  • Analytics cookies: Google Analytics collects anonymized browsing data to help us understand how users interact with our website. You can opt out by installing the Google Analytics Opt-out Browser Add-on.
  • Advertising cookies: Google Ads conversion tracking measures the effectiveness of our advertising campaigns. No personal data is shared with advertisers.

8. Data Retention

  • Audio data: Processed in real-time, not retained after the session ends.
  • Transcripts and memos: Retained as long as your account is active. You can delete individual sessions from within the app at any time.
  • Account data: Retained until you delete your account. Upon account deletion, all associated data (sessions, transcripts, memos) is permanently removed within 30 days.
  • Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).
  • Analytics data: Google Analytics data is retained for 26 months (the default retention period), after which it is automatically deleted.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a machine-readable format (JSON)
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
  • Lodge a complaint: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns

To exercise any of these rights, contact us at hello@livelingo.io. We will respond within 30 days (or as required by applicable law). You may also designate an authorized agent to submit requests on your behalf; the agent must provide written authorization signed by you.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a verifiable consumer request, email hello@livelingo.io with the subject line "CCPA Request."

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay (and within 72 hours where required by GDPR). We will also notify the relevant supervisory authority as required by applicable law.

12. Children's Privacy

Our Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice within the Service at least 15 days before they take effect. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at hello@livelingo.io.

Lunana Global Inc.
d/b/a LiveLingo
Data Protection Contact: hello@livelingo.io

EU/EEA Representative (GDPR Art. 27): If you are located in the EU/EEA and have data protection inquiries, you may also contact our designated representative by emailing eu@livelingo.io.