Privacy policy
At Speaklarity, we respect your privacy and are committed to protecting your personal data. This policy outlines how we collect, use, and protect your information when you use our services.
Last updated: 22 June 2026
Effective: 22 June 2026
This Privacy Policy explains how Speaklarity Ltd ("Speaklarity", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our website at https://speaklarity.com and our communication-coaching application and related services (together, the "Service").
We are the controller of your personal data under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU GDPR. This policy is also written to meet our disclosure obligations to California residents under the California Consumer Privacy Act, as amended (CCPA/CPRA), and to users in other regions.
By using the Service you confirm that you are at least 18 years old and that you have read and understood this Policy. If you do not agree with it, please do not use the Service.
1. Who we are and how to contact us
Controller: Speaklarity Ltd
Registered address:
Company number:
Privacy contact: privacy@speaklarity.com
General contact: support@speaklarity.com
If you are in the UK or EU and have a privacy question or want to exercise your rights, please email privacy@speaklarity.com.
Who this policy applies to
This Policy applies to everyone who uses the Service, including registered account holders and visitors to our website. The Service is intended for business and professional communication coaching and is only for people aged 18 or over. We do not knowingly collect personal data from anyone under 18 (see Section 11).
The personal data we collect
We collect the following categories of personal data. Most of it you provide directly; some is generated automatically as you use the Service; and some comes from third parties such as Google (if you sign in with Google) and Paddle (our payment provider).
a. Account and profile data
Email address
Name (if you provide it)
Password (stored only encrypted — we never store your plain-text password)
Google account identifier and verified email, if you sign in with Google
Email-verification status
Your selected focus areas and onboarding preferences (e.g. Interviews, Sales, Managerial)
Account settings and flags (e.g. whether onboarding is complete)
b. Content you create ("User Content")
This is the heart of the Service, and we want to be especially clear about it:
Audio recordings of your practice answers, speeches, and roleplay sessions
Transcripts generated from those recordings
AI evaluation results — scores, structured feedback (e.g. STAR-method analysis), delivery metrics, and filler/hedging-word analysis
Names/titles you give to drills and sessions
Preparation notes, questions, "gold-standard" answers, speaking points, and company-research notes you save
c. Billing and subscription data
We use Paddle as our Merchant of Record (see Section 7). Paddle processes your payment and handles card details directly — we never receive or store your full card number or payment credentials. We store:
Your Paddle customer ID, subscription ID, and transaction identifiers
Billing name and billing email (which may differ from your account email)
Subscription tier, plan status, and billing-period dates
Usage and minute-ledger records used to meter and bill the Service
d. Usage, device, and analytics data
Product analytics events and page views (via PostHog) — for example, which features you use and where you are in a flow
Approximate location derived from your IP address
Device, browser, and operating-system information
Server logs, including IP address, timestamps, and request metadata
e. Communications
The content of messages you send us (e.g. support or privacy requests) and our responses
Sensitive information. Speaklarity is not designed to collect special-category data (such as data about your health, race, religion, sexual orientation, or political opinions) or "sensitive personal information" under US laws. However, your recordings and transcripts may contain whatever you choose to say. Please avoid including sensitive personal information — about yourself or others — in your recordings. If you do include it, you ask us (and instruct our processors) to process it as part of providing the Service to you.
How we use your data, and our legal bases
Create and manage your account; authenticate you - Account & profile data - Contract (Art. 6(1)(b))
Provide the core Service — store recordings, transcribe them, and generate AI feedback - User Content (audio, transcripts, evaluations) - Contract
Process payments, manage subscriptions, and meter usage - Billing & usage data - Contract; and legal obligation for tax/accounting records (Art. 6(1)(c))
Send service/transactional emails (e.g. password resets, security notices, account notifications) - Email, name - Contract; legitimate interests (Art. 6(1)(f)) in operating the Service securely
Improve, debug, and develop the Service, including by creating de-identified and aggregated datasets from User Content - User Content, usage data - Legitimate interests in improving our product. Once data is de-identified/aggregated so that it no longer identifies you, it is no longer personal data and is not subject to this Policy. We do not use your recordings or transcripts to train third-party (foundation) AI models.
Measure product usage with analytics and similar technologies - Usage, device, analytics data; cookies - Consent for non-essential cookies/analytics (UK PECR); otherwise legitimate interests
Keep the Service secure; prevent, detect, and investigate fraud and abuse (e.g. rate limiting) - Account, usage, technical data - Legitimate interests in security and integrity
Comply with legal obligations and respond to lawful requests - Any relevant data - Legal obligation
Establish, exercise, or defend legal claims - Any relevant data - Legitimate interests; legal obligation
How your audio is processed (AI and automated processing)
Because Speaklarity is an AI-powered coaching tool, here is plainly what happens to your recordings:
You record audio in the app. The audio file is stored privately in our cloud storage (Google Cloud Storage) and is only accessible through short-lived, signed links issued by our servers.
To transcribe your speech, we send the audio to AssemblyAI, our speech-to-text provider.
To generate coaching feedback, we send the resulting transcript (and related metadata) to Google's Gemini models via Google Cloud Vertex AI.
We use LangSmith (LangChain) to monitor and debug these AI calls.
What we don't do:
We do not sell your personal data.
We do not use your recordings or transcripts to train third-party / foundation AI models.
Automated feedback, not automated decisions. The Service uses automated processing to score and analyse your communication. This feedback is for your own development and does not produce any legal or similarly significant decision about you within the meaning of Article 22 of the UK/EU GDPR. You remain in full control of how you use the feedback.
6. Cookies and similar technologies
We use cookies and similar local-storage technologies. They fall into these groups:
Strictly necessary — required to run the Service and keep you signed in. These include our authentication cookie (
token, an HTTP-only, secure session cookie) and short-lived cookies used during Google sign-in. We also use your browser's local storage to cache application data for performance. These do not require consent.Analytics / performance — set by PostHog to understand how the Service is used and to improve it. These are non-essential and, for users in the UK and EEA, we set them only with your consent.
For UK/EEA visitors we present a cookie banner that lets you accept or reject non-essential cookies and change your choice at any time. You can also control cookies through your browser settings; blocking strictly necessary cookies may stop the Service from working.
7. Who we share your data with
We do not sell your personal data. We share it only as described here.
Service providers (processors / sub-processors)
We use trusted third parties to run the Service. They may process your personal data only on our instructions and under contract. Our key providers are:
DigitalOcean - Application hosting and managed database - All stored personal data - Data centre in [Frankfurt, EU — confirm]; provider is US-based
Google Cloud (Cloud Storage) - Stores your audio recordings and media - Audio recordings - Google Cloud (global)
Google Cloud Vertex AI (Gemini) - Generates AI evaluation/feedback - Transcripts and related metadata - Google Cloud (global)
AssemblyAI - Speech-to-text transcription - Audio recordings - United States
Google (Sign-In / OAuth) - Optional Google sign-in - Email, name, Google ID - United States
Paddle - Payments and subscription management (Merchant of Record) - Billing name/email, payment details (collected directly by Paddle), transaction data - United States / global
Resend - Sends transactional emails - Email, name, message content - United States
PostHog - Product analytics - Usage, device, approximate-location data, user ID - United States (US cloud)
LangSmith (LangChain) - AI request monitoring/debugging - AI call metadata - United States
We review our providers from time to time; this list may change. The current list is maintained here and we will keep it accurate.
Other disclosures
Legal and safety: where required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Speaklarity, our users, or others.
Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of that transaction; we will tell you if your data becomes subject to a materially different policy.
With your direction: where you ask us to share data (for example, by using an integration).
How long we keep your data
We keep your personal data for as long as your account is active, and then as described below.
Account, profile, and User Content (recordings, transcripts, evaluations, notes): retained while your account is open. We delete it when you delete the content, delete your account, or ask us to delete it (see Section 10). When you delete an item or account, associated database records are removed and the underlying audio files are deleted from storage.
Billing and transaction records: retained for as long as required to meet our legal, tax, and accounting obligations (typically up to 6 years in the UK), even after you close your account.
Security logs and operational data: retained for a limited period for security, troubleshooting, and abuse-prevention.
Password-reset tokens: expire after 1 hour and are then purged.
Backups: residual copies may persist in encrypted backups for a limited rolling period before being overwritten.
Your rights
Depending on where you live, you have some or all of the following rights.
If you are in the UK or EEA (UK/EU GDPR)
Access — get a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — ask us to delete your data ("right to be forgotten").
Restriction — ask us to limit how we use your data.
Portability — receive certain data in a portable format, or have it sent to another provider.
Objection — object to processing based on legitimate interests, and to any direct marketing.
Withdraw consent — where we rely on consent, withdraw it at any time.
Automated decisions — we do not make decisions about you with legal or similarly significant effects by solely automated means.
If you are a California resident (CCPA/CPRA)
Know / access the categories and specific pieces of personal information we collect, use, and disclose.
Delete personal information we hold about you, subject to legal exceptions.
Correct inaccurate personal information.
Opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising — we do not sell or share your personal information for these purposes.
Limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the Service.
Non-discrimination — we will not discriminate against you for exercising your rights.
How to exercise your rights
Email privacy@speaklarity.com. To protect your data, we may need to verify your identity before acting. We will respond within the time required by law — generally within one month (UK/EU) or 45 days (California), and we will tell you if we need an extension. These rights are free to exercise, though we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive. You may use an authorised agent where the law allows.
Complaints
If you are unhappy with how we handle your data, please contact us first so we can try to put it right. You also have the right to complain to a regulator:
UK: the Information Commissioner's Office (ICO) — https://ico.org.uk.
EEA: your local Data Protection Authority.
Children's privacy
The Service is for adults. You must be 18 or older to create an account or use Speaklarity. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, please contact privacy@speaklarity.com and we will delete it.
11. How we protect your data
We use appropriate technical and organisational measures to protect personal data, including:
encryption in transit (TLS), and HTTP Strict Transport Security;
passwords stored only as salted bcrypt hashes;
private audio storage accessible only via short-lived signed links;
session/authentication controls, including session invalidation on password change;
rate limiting and abuse controls on sensitive endpoints; and
access controls and the principle of least privilege for our team.
No method of transmission or storage is completely secure. While we work hard to protect your data, we cannot guarantee absolute security. If we become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant regulator and, where required, you, within the timeframes the law requires.
12. Changes to this policy
We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, notify you (for example, by email or an in-app notice). Your continued use of the Service after changes take effect means you accept the updated Policy.
13. Contact us
Privacy questions and rights requests: privacy@speaklarity.com
General enquiries: support@speaklarity.com
Post: Speaklarity Ltd,
