Privacy Policy

1. Who We Are

We provide an AI-assisted personal development platform that uses voice-based coaching and psycholinguistic insights to support self-awareness and growth.

Data Controller

Peak Artificial Intelligence Ltd is the data controller for personal data processed through the Services.

Data Processors

We engage third-party service providers (such as ElevenLabs and cloud hosting providers) to process personal data on our behalf, under UK-GDPR-compliant Data Processing Agreements.

2. Personal Data We Collect

We collect the personal data described below, depending on how you use the Services.

a. Voice Input Data

• When you speak to the Nlighten Coach, your audio is streamed in real time to our processor ElevenLabs for transcription and speech-to-speech processing.
• We do not store raw audio on our servers.
• ElevenLabs may retain conversation history to support continuity. You may delete this at any time via your Nlighten account settings, and we submit a deletion request on your behalf.

b. Transcripts and Linguistic Data

• Your speech is transcribed into text.
• Transcripts are stored locally on your device and may be analysed to generate coaching insights.
• Generated audio is synthesized from text and is not based on biometric voice characteristics.
• If you participate in a supervised programme, only high-level summaries may be shared with authorised supervisors.
• We never share raw audio or full transcripts unless you explicitly agree.

c. Psycholinguistic & Behavioural Indicators

We analyse transcribed speech to derive non-clinical behavioural insights, such as:

• Engagement patterns
• Linguistic style and phrasing
• Cognitive load estimates (indicating levels of focus or distraction)

These insights support self-reflection and personal development. They are not medical or diagnostic assessments. Certain behavioural indicators may be sensitive in nature and are processed only with your explicit consent.

d. Onboarding Responses

Written or spoken onboarding responses are used to understand your goals, motivations, and communication style.

e. Technical & Usage Data

• Device type, operating system, app version
• Interaction patterns (screens visited, session duration)
• IP address and network performance (used for stability, security, and service improvement)

f. Account & Contact Data

• Name, email address, login information
• Information you provide through support or feedback requests

3. How We Use Your Data

We process your data for the following purposes:

a. Deliver and Improve Coaching

• Convert your voice to text and provide real-time AI responses
• Personalise coaching using transcript analysis
• Generate psycholinguistic insights and cognitive-load estimates
• Adapt session pacing and content to your needs
• Generate real-time speech-to-speech audio responses to match actual responses

b. Support Your Personal Development

• Track onboarding progress
• Build your goals map
• Store your reflective notes and insights (on device)

c. Supervised Programmes (If Applicable)

If you participate in a supervised programme, authorised supervisors may view:

• High-level session summaries
• Progress indicators
• Cognitive-load trends

Supervisors do not receive raw audio or full transcripts unless you explicitly agree in writing. We and the supervisor act as independent data controllers for our respective processing activities.

d. Operate, Secure & Improve the Services

• Maintain and secure the application
• Prevent misuse
• Conduct non-marketing internal analytics
• Comply with legal obligations

We do not sell your data or use it for targeted advertising.

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

• Explicit Consent — for processing voice input, psycholinguistic insights, behavioural indicators, and cognitive-load estimates.
• Consent — for optional features and supervised programme sharing.
• Performance of a Contract — to provide our Services to you.
• Legitimate Interests — for service security, analytics, and improvement (where your rights do not override our interests).
• Legal Obligation — where processing is required by law.

You may withdraw your consent at any time via app settings or by contacting us.

5. Data Storage & Retention

a. On-Device Storage (Primary Storage)

Transcripts, progress data, onboarding responses, and summary insights are stored locally on your device. You may delete them at any time through app or device controls.

b. Real-Time Audio Processing

Audio is streamed to ElevenLabs for transcription and not stored by Nlighten.

c. Server-Side Data (If Applicable)

For supervised programmes, we may store summary metrics (e.g., progress indicators, cognitive-load trends) on secure servers.

d. Retention Periods

• On-device data: Stored until you delete it.
• Summary metrics: Retained for up to 12 months after programme completion or account closure.
• Account data: Deleted within 6 months of account closure.
• Support enquiries: Retained for up to 12 months.

We retain data only as long as necessary for the purposes described above. Permanent deletion includes the submission of deletion requests to ElevenLabs and any other processors.

6. Sharing & Sub-Processors

We only share your data with necessary and trusted third parties:

a. ElevenLabs (Speech Processing)

• Processes real-time speech for STT/TTS.
• Receives your audio only to deliver this functionality.
• Does not use your audio to train models, unless you explicitly opt in.

b. Cloud Hosting Providers (e.g., AWS, GCP)

• Process summary metrics and operational data.
• Store data using encryption and access controls.

c. Supervisors or Programme Administrators

• Receive only high-level summaries, not raw audio or full transcripts.
• Access is based on your explicit opt-in.

d. Professional Advisors & Regulators

• Only when legally required.

We do not sell or rent your personal data.

7. International Data Transfers

Some processors (including ElevenLabs) may process data outside the UK. Where data is transferred internationally, we implement appropriate safeguards such as:

• International Data Transfer Agreements (IDTAs)
• Standard Contractual Clauses (SCCs)
• Supplementary technical and organisational measures

We ensure all international transfers provide a level of protection essentially equivalent to UK standards.

8. Security Measures

We implement robust technical and organisational measures, including:

• Encryption in transit (TLS 1.2+)
• Encryption at rest (AES-256)
• Access control and authentication
• Secure hosting environments
• Regular audits, monitoring, and penetration testing

We do not use your voice for:

• Biometric identification
• Emotion recognition
• Medical assessment

Generated audio is synthesized from transcript text and does not rely on biometric features of your voice.

9. Automated Decision-Making & Profiling

We use automated analysis of your transcribed speech to generate behavioural indicators and cognitive-load estimates. This is considered profiling under UK GDPR. It does not produce legal or similarly significant effects. You may object to profiling at any time.

10. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your data ("right to be forgotten")
• Restrict processing
• Object to processing (including profiling)
• Receive your data in a portable format
• Withdraw consent at any time

To exercise your rights, contact us at hello@nlighten.pro. We will respond within seven working days.

You may also lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk

11. Data Breach Notification

If a personal data breach creates a risk to your rights or freedoms, we will notify you and the ICO without undue delay, in accordance with UK GDPR requirements.

12. Children's Privacy

The Services are not intended for individuals under 16 years of age. We do not knowingly process data of children under 16. We require users to confirm they are at least 16 before using the Services.

13. Changes to This Policy

We may update this Privacy Policy to reflect service developments or legal requirements. The "Last Updated" date at the top indicates the latest revision. Significant changes will be communicated through the app or by email.

14. Contact Us