Legal

Privacy Policy

Last updated: 10 April 2026

L2L1 Ltd ("L2L1", "we", "us", or "our") operates the website l2l1.ai and the platform at app.l2l1.ai (together, the "Service"). This privacy policy explains what personal data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Who we are

L2L1 Ltd is a company registered in England. For any privacy-related queries, contact us at privacy@l2l1.ai.

What data we collect

Account information

  • Name and email address (from signup or LinkedIn login)
  • LinkedIn profile information when you sign in with LinkedIn (name, email, profile picture)
  • Authentication tokens managed by Amazon Cognito

Profile information you provide

  • CV / resume content (uploaded by you)
  • Career goals, target roles, employer details
  • Native language and target languages
  • Optional links to your LinkedIn profile and employer website

Training session data

  • Voice recordings from interview practice and coaching sessions, used to provide real-time feedback and scoring
  • Video recordings for your AI Mirror avatar (one-time training video) and optional session recordings
  • Speech transcripts generated by browser speech recognition
  • Coaching scores, diagnostic results, and progress metrics
  • Interview answers, scenarios practised, and session history

Technical data

  • Browser type, device type, IP address, and approximate location
  • Usage analytics (pages visited, features used, session duration)
  • Performance and error logs

How we use your data

  • To deliver the service: generate AI coaching feedback, build your Mirror avatar, score your performance, and personalise your training plan
  • To process payments: manage your subscription via Stripe (we do not store payment card details)
  • To improve the service: understand how features are used and identify areas to improve
  • To communicate with you: send service updates, training reminders, and respond to support requests
  • To comply with legal obligations

Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract: to deliver the service you have signed up for
  • Consent: for marketing communications and optional features (you can withdraw consent at any time)
  • Legitimate interests: to improve and secure our service
  • Legal obligation: to comply with applicable laws

How we share your data

We do not sell your personal data. We share data only with trusted service providers who help us deliver the service:

  • Amazon Web Services (AWS): hosting, storage, and AI compute infrastructure (UK and EU regions)
  • Anthropic (Claude API): AI coaching analysis. Your training content is sent for processing but is not used to train their models
  • ElevenLabs: voice cloning and text-to-speech for the Mirror feature
  • Stripe: subscription billing and payment processing
  • LinkedIn: if you choose LinkedIn login, we receive basic profile information from LinkedIn

All providers are bound by data processing agreements and equivalent privacy standards.

Where we store your data

Your data is stored primarily in the UK and EU (AWS regions: London, Ireland, Frankfurt, Stockholm, Paris). Some AI processing may occur in other regions where our service providers operate. We use appropriate safeguards (Standard Contractual Clauses) for any international transfers.

How long we keep your data

  • Account data: kept while your account is active and for 30 days after deletion
  • Training session data: kept for the duration of your subscription so you can review your progress; deleted within 90 days of cancellation unless you request earlier deletion
  • Voice and video recordings: kept while your account is active; you can delete individual recordings at any time
  • Billing records: kept for 7 years to comply with UK tax and accounting law

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data ("right to erasure")
  • Restrict or object to processing
  • Portability — receive your data in a machine-readable format
  • Withdraw consent at any time
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email privacy@l2l1.ai. We will respond within 30 days.

Cookies

We use essential cookies to keep you signed in and remember your preferences. We use analytics cookies (with your consent) to understand how the service is used. You can control cookies through your browser settings.

Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, secure authentication via Amazon Cognito, and access controls. No system is 100% secure, but we work hard to protect your data.

Children

L2L1 is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through the service. The "Last updated" date at the top of this page reflects the most recent revision.

Contact us

For any questions about this privacy policy or how we handle your data, contact us at privacy@l2l1.ai.