← Back to home

Privacy Policy

Effective Date: 19 February 2026
Last Updated: 19 February 2026
ICO Registration Reference: ZC092497

The Key Points

We know privacy policies can be long, so here's a plain-English summary of the important bits. Please do still read the full policy below  - but this should give you the headlines:

  • What we collect: Your name, email, career details, voice recordings from your chat with Lem, CV uploads, job interaction data, and basic technical data. You control what you share during conversations.
  • Why we collect it: To build your career profile, find you great job matches, improve the platform, process payments, and keep things secure.
  • AI is central to what we do: We use AI to transcribe your interview, extract your career preferences, score jobs against your profile, and generate match explanations. We're transparent about how this works (see Section 5).
  • Voice recordings: We record your conversations with Lem to build your profile and improve the service. We will never use your voice recordings to create biometric voiceprints or sell them to third parties. You can request deletion of recordings at any time.
  • We don't share your data with employers. Job discovery works by us searching publicly available job listings  - we never send your profile, CV or contact details to employers or job boards.
  • We don't sell your data. Ever. To anyone. We also don't use advertising cookies or retargeting pixels.
  • Third-party services: We use trusted providers like Supabase, ElevenLabs, OpenAI and Stripe to run the platform. Full details are in our Subprocessor Register.
  • Your data goes overseas: Most of our providers are US-based. We apply appropriate safeguards for all international transfers.
  • You're in control: You can access, correct, download or delete your data at any time. You can also opt out of marketing emails and analytics tracking.
  • We take security seriously: Encryption, row-level database security, hashed passwords, and PCI-compliant payments.

If you have any questions after reading through, we're always happy to help  - just email privacy@makelemonade.io.

1. About This Policy

This Privacy Policy explains how Lemonade collects, uses, stores, shares and protects your personal data when you use the Lemonade platform, website and services (the “Service”).

Lemonade is an AI-powered, voice-first job discovery and matching platform. We use artificial intelligence, including large language models and voice processing technology, to help professionals find career opportunities that genuinely fit their experience, goals and preferences.

We're committed to being upfront about how we use your data, particularly when it comes to AI-driven processing. This Policy is drafted in compliance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the Data (Use and Access) Act 2025, and applicable international data protection laws.

Data Controller:

  • Trading Name: Lemonade
  • Operated By: Mr Alastair Grant (sole trader)
  • Address: 2 Farndon Road, Oxford, OX2 6RS, United Kingdom
  • Contact Email: privacy@makelemonade.io
  • ICO Registration: ZC092497

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you don't agree with how we handle your data, please don't use the Service.

2. Information We Collect

2.1 Account Information

  • Full name (first name and last name)
  • Email address
  • Password (stored in hashed form; we never store passwords in plain text)
  • Account creation date, last login date and session activity
  • Authentication data from third-party sign-in providers (Google OAuth)

2.2 Profile and Career Information

Information you provide during the AI-powered voice onboarding interview and through profile creation, including:

  • Employment history (job titles, companies, dates, responsibilities)
  • Skills, qualifications and areas of expertise
  • Career goals, motivations and aspirations
  • Location preferences
  • Salary expectations and flexibility
  • Industry preferences
  • Preferred company types and sizes
  • Education and professional qualifications
  • Management experience and team leadership history
  • Language skills
  • Any other career-related information you choose to share

2.3 Voice Recordings, Transcripts and Conversational Data

  • Audio recordings of your conversations with “Lem”
  • Full transcriptions generated automatically by our AI systems
  • Structured data extracted from conversations by AI models
  • Conversation metadata including timestamps, session duration
  • Open-ended conversational data about your experience

Important notice: We will never use your voice recordings to create biometric voiceprints, sell or licence your recordings to third parties, or use them to train third-party AI models.

2.4 CV and Resume Documents

  • Uploaded CV or resume files
  • Text extracted from uploaded documents by our AI systems
  • AI-generated summaries of your CV content
  • File metadata

2.5 Job Interaction Data

  • Jobs saved to your dashboard
  • Jobs you have rejected or dismissed
  • Feedback you provide on job matches
  • Job match scores and AI-generated match explanations
  • Job search filters and preferences

2.6 Payment and Billing Information

  • Subscription plan and billing cycle
  • Billing history and transaction records
  • Payment details processed securely by Stripe (we don't store full card numbers)

2.7 Technical and Usage Data

  • IP address, device type, browser information
  • Pages visited, features used, session duration
  • Error logs and diagnostic data
  • Analytics data collected via PostHog

2.8 Communications Data

  • Emails we send you and your interactions with them
  • Support enquiries and correspondence

3. How We Collect Your Data

3.1 Directly From You

When you create an account, during voice interview, upload a CV, interact with the AI, save/reject jobs, update your profile, or contact us.

3.2 Automatically

Technical data, analytics via PostHog, email engagement via Customer.io, session data via Supabase.

3.3 Generated by AI Systems

Structured profile data, CV text extraction, job match scores and explanations, profile quality assessments.

3.4 From Third Parties

Google OAuth data, Stripe payment confirmations, public job listings.

4. How We Use Your Data

4.1 To Provide the Service (Legal basis: Contract)

Create accounts, conduct voice interviews, extract data, match jobs, generate scores/explanations, enable profile updates.

4.2 To Process Payments (Legal basis: Contract)

Process subscriptions via Stripe, manage billing, detect fraud.

4.3 To Improve the Service (Legal basis: Legitimate Interests)

Analyse usage, fix bugs, develop features, improve AI accuracy.

4.4 To Communicate With You

  • Transactional emails (Contract)
  • Service updates (Legitimate Interests)
  • Promotional emails (Consent  - opt out anytime)
  • Support responses (Contract)

4.5 To Ensure Security (Legal basis: Legitimate Interests)

Monitor for fraud, enforce Terms, protect rights and safety.

4.6 To Comply with Legal Obligations (Legal basis: Legal Obligation)

Respond to lawful requests, maintain required records.

5. AI and Automated Decision-Making

5.1 How AI is Used

  • Voice Interview Processing (ElevenLabs and OpenAI)
  • CV Analysis
  • Job Matching and Scoring (GPT-powered scoring engine)
  • Job Discovery (automated web scraping)
  • Profile Quality Checks

5.2 Human Oversight

Matches are suggestions, not decisions. You control which jobs to pursue. Our team may manually review match quality.

5.3 Your Rights Regarding Automated Processing

Under UK GDPR, you have the right to meaningful information, make representations, and obtain human intervention.

6. Special Category Data

During conversations with Lem, you might share sensitive data (health, ethnicity, religion, etc.). Legal basis: Explicit consent. You control what you share. You can request deletion at any time.

7. Legal Basis for Processing  - Summary

Processing PurposeLegal Basis
Providing the ServicePerformance of contract
Payment processingPerformance of contract
Service improvementLegitimate interests
Security and fraud preventionLegitimate interests
Marketing communicationsConsent
Legal and regulatory complianceLegal obligation
Special category dataExplicit consent (Article 9)

8. Cookies, Analytics and Tracking Technologies

8.1 Essential Technologies

Authentication tokens (Supabase Auth), session data  - cannot be disabled.

8.2 Analytics

PostHog for product analytics (pages, session replays, interactions). Not shared with advertisers.

8.3 Email Analytics

Customer.io tracks opens, clicks, delivery status.

8.4 No Advertising Cookies

We do not use advertising cookies, retargeting pixels or third-party ad trackers.

See our separate Cookie and Analytics Policy for full details.

9. How We Share Your Data

We do not sell, rent or trade your personal data. We do not share your profile with employers.

9.1 Subprocessors

Key subprocessors: Supabase, ElevenLabs, OpenAI, Anthropic, Stripe, Vercel, Replit, GitHub, PostHog, Customer.io, Resend, SerpAPI.

All bound by data processing agreements. 14 days notice before changes.

9.2 Legal Requirements

May disclose if required by law.

9.3 Business Transfers

30 days notice if business is sold/merged.

10. Internal Use of Voice Recordings

Used for: service quality/AI improvement, compliance/abuse prevention, technical support.

Safeguards: restricted access, confidentiality obligations.

You can request deletion anytime.

11. Data Retention

11.1 Active Accounts

  • Profile/career data: while account active
  • Voice recordings: 12 months
  • CV uploads: 12 months
  • Job interaction data: while account active
  • Payment records: 6 years (UK law)
  • Analytics data: 24 months

11.2 Inactive Accounts

After 12 months inactive: 30 day warning, then deletion.

11.3 Account Deletion

Deleted within 30 days. Payment records may be retained. Anonymised data may persist.

11.4 Backups

May persist in encrypted backups for up to 30 days after deletion.

12. International Data Transfers

Data transferred to US where subprocessors operate. Safeguards: UK IDTA, SCCs, supplementary technical measures, contractual commitments.

13. Your Rights

  • Access
  • Rectification
  • Erasure
  • Restrict processing
  • Data portability
  • Object
  • Withdraw consent
  • Complain to controller
  • Automated decision-making rights

Contact: privacy@makelemonade.io. Response within one month.

You can also complain to the ICO (see Section 16).

14. Marketing Communications

Opt in during signup. Opt out via unsubscribe link, account settings, or email. Transactional emails continue.

15. Complaints Procedure

Email privacy@makelemonade.io with subject “Data Protection Complaint”. Acknowledged within 30 days. Can escalate to ICO.

16. Supervisory Authority

ICO: ico.org.uk, 0303 123 1113

17. International Users

Data processed in UK and US. You're responsible for local law compliance.

17A. US State Privacy Rights

Rights to know, delete, correct, opt out, limit sensitive data use, non-discrimination, appeal. Contact privacy@makelemonade.io.

18. Aggregated and Anonymised Data

May use aggregated data for analytics. Never identifies you. Not sold to advertisers.

19. Data Security

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest
  • Row-level security
  • Access controls
  • Stripe PCI DSS
  • Regular monitoring

20. Children's Privacy

Not intended for under 18s. We delete if discovered.

21. Third-Party Links

Not responsible for external sites.

22. Changes to This Policy

30 days email notice for material changes. Updated date at top.

23. Contact Us

Email: privacy@makelemonade.io

Address: Mr Alastair Grant trading as Lemonade, 2 Farndon Road, Oxford, OX2 6RS, United Kingdom