Privacy Policy

Welcome to Lisna ("Lisna," "we," "us," or "our"). We are committed to protecting the privacy and security of the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered workplace customer feedback management platform (the "Service").

Lisna helps teams collect, classify, and act on customer feedback using AI-powered automation. Given the nature of the information processed through our Service, we take your privacy seriously. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using Lisna, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use the Service.

We collect the following types of information:

We use the information we collect for the following purposes:

• To provide and operate the Service, including AI-powered feedback classification, triage, and analytics
• To maintain your account, authenticate your identity, and ensure secure access to your organization's workspace
• To improve the quality and effectiveness of our AI classification features and user experience
• To communicate with you about your account, including service updates, security alerts, and support responses
• To monitor and analyze usage patterns to detect, prevent, and address technical issues, abuse, and security threats
• To comply with legal obligations and enforce our Terms of Service

Lisna uses AI models (Anthropic's Claude models hosted on Amazon Web Services Bedrock) to power its classification features. When feedback is submitted, your data is processed by these models to generate classifications, summaries, and priority assessments.

Important: Your data is NOT used to train AI models. Data processed through AWS Bedrock is not used by Anthropic or Amazon to train, improve, or develop their AI models. Your feedback data is used solely to provide you with the Service.

AI-generated classifications and summaries are provided for informational purposes and should be reviewed by your team before taking action.

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• Infrastructure providers: We use Amazon Web Services (AWS) to host and operate the Service, including AI model processing through AWS Bedrock. AWS processes data on our behalf under strict data processing agreements.
• Organization administrators: If you access Lisna through an organization's subscription, your organization's administrator may have access to aggregated usage data and feedback management features within their organization.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid legal processes, such as a court order, regulatory investigation, or subpoena.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• With your consent: We may share your information for any other purpose with your explicit consent.

Protecting the security and confidentiality of your data is fundamental to our Service. We implement robust technical and organizational measures, including:

• Encryption: All data is encrypted in transit using TLS/SSL and encrypted at rest using industry-standard encryption algorithms.
• Multi-tenant data isolation: Each organization's data is stored in a separate, isolated database schema. This architectural design ensures that one organization's data is never accessible to another organization.
• Authentication: We use secure JWT (JSON Web Token) authentication with tenant context to verify user identity and ensure access is properly scoped to the correct organization.
• Access controls: Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis.
• Infrastructure security: Our Service is hosted on AWS, which maintains comprehensive security certifications including SOC 2, ISO 27001, and more.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and continuously improving our security practices.

Lisna uses only essential cookies that are strictly necessary for the operation of the Service. Specifically, we use:

• Session cookies: These cookies maintain your authenticated session so you remain logged in as you navigate the Service. They are temporary and are deleted when you close your browser or log out.
• Authentication tokens: Secure tokens stored in cookies that verify your identity and your organization's tenant context.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track your behavior across other websites. We do not participate in any cross-site tracking or ad-targeting programs.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access: You have the right to request a copy of the personal data we hold about you, including your feedback data and account information.
• Right to Rectification: You have the right to request that we correct any personal information you believe is inaccurate or incomplete.
• Right to Erasure: You have the right to request the deletion of your personal data. Upon account deletion, your data will be permanently purged within 30 days.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we export your data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to certain types of processing, such as processing for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us through the platform. We will respond to your request within 30 days. If you are a resident of California, the European Economic Area, the United Kingdom, or Canada, additional rights under the CCPA, GDPR, UK GDPR, or PIPEDA may apply to you.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy. Our specific retention periods are:

• Active account data: Your personal information and feedback data are retained for as long as your account remains active and you continue to use the Service.
• Deleted account data: When you delete your account or request data deletion, all personal data and feedback content is permanently purged within 30 days of the deletion request.
• Audit logs: System audit logs, which may contain limited personal information such as user identifiers and action timestamps, are retained for 90 days for security and compliance purposes, after which they are automatically deleted.

We may retain anonymized and aggregated data that cannot be used to identify you for longer periods for analytical and service improvement purposes.

Lisna is designed for use by working professionals and is not intended for individuals under the age of 16. We do not knowingly collect personal information from anyone under 16 years of age. If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us through the platform. If we discover that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

Your information, including personal data and feedback content, is primarily stored and processed in Canada. Some data processing, including AI model inference through AWS Bedrock, may occur in the United States through Amazon Web Services infrastructure.

If you are accessing the Service from outside of Canada or the United States, please be aware that your data may be transferred to, stored, and processed in these countries, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to Canada and the United States as described in this Privacy Policy.

We ensure that appropriate safeguards are in place for any international data transfers, including standard contractual clauses and data processing agreements with our service providers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, providing additional notice such as an email notification or an in-app announcement.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

You can reach us through the in-app feedback feature or by contacting your organization's administrator.