Last updated: June 11, 2026
Lemma (“Lemma”, “we”, “us”) operates heylemma.com and app.heylemma.com, a platform where organizations (“Sponsors”) run AI-led research interviews with people they invite (“Participants”). This policy explains what personal data we handle, why, and the rights you have.
Two roles matter under EU data-protection law (GDPR). For account, billing, and usage data, Lemma decides how and why the data is used: we act as the data controller. For the content of a study — including a Participant’s interview responses — the Sponsor who runs the study decides why it is collected: the Sponsor is the controller and Lemma processes that content on the Sponsor’s behalf.
Where this policy says Lemma is the controller, the controller is Speiros, a French société par actions simplifiée registered with the Marseille Trade and Companies Register under number 994 829 851, with its registered office at 67 Rue Saint-Jacques, 13006 Marseille, France, operating the Service under the name “Lemma”.
We do not sell personal data, and we do not use interview content for advertising.
Interviews are conducted by an AI interviewer. To provide this, interview content is processed by third-party AI providers — for example to transcribe speech, generate the interviewer’s questions, synthesize the interviewer’s voice, and produce summaries. These providers process the content as our service providers, under agreements that restrict their use of it to providing the service to us. We do not use your interview content to train models of our own.
Interview data — responses, transcripts, and audio recordings — is stored in our primary database and storage, hosted within the European Union. Some service providers (such as AI model providers) may process data outside the EU during a request; where that happens, transfers rely on safeguards recognized by the GDPR, such as the European Commission’s Standard Contractual Clauses or an adequacy decision.
We share personal data only with the service providers we need to run the platform, in these categories: application hosting; database, authentication, and file storage; AI model providers (language models, speech-to-text, text-to-speech); real-time voice infrastructure; transactional email delivery; payment processing; error monitoring (configured to exclude interview content); customer-support chat (which receives your name, email, and workspace context so we can help you in place); and product analytics. A current list of providers is available on request via the contact below.
Interview material is shared with the Sponsor who runs the study — that is the purpose of the Service. We may also disclose data where the law requires it, or as part of a corporate transaction with notice to you.
We keep account data for as long as your account is active. Interview data is kept for as long as the Sponsor’s study needs it, and is deleted when the Sponsor deletes it or closes their workspace. Residual copies may persist in encrypted backups for a limited period before being overwritten. We may retain limited records where the law requires it (for example invoicing records).
Under the GDPR you can ask for access to, correction of, deletion of, or a copy of your personal data, ask us to restrict or object to certain processing, and withdraw consent where processing is based on consent. To exercise these rights, contact privacy@heylemma.com.
If your request concerns interview content from a study, we may forward it to the Sponsor who controls that study, or ask you to contact them directly — and we will help them respond. You can also lodge a complaint with your data-protection authority; in France, that is the CNIL (cnil.fr).
We protect personal data with measures appropriate to the risk, including encryption in transit, access controls and row-level authorization in our database, isolation of secrets, and monitoring. No system is perfectly secure; if a breach affects your data in a way that creates a risk for you, we will notify you and the competent authority as the GDPR requires.
By default, the Service only uses cookies that are necessary to operate it — chiefly authentication and session cookies. Our product analytics run without cookies or any persistent browser identifier, and are configured around explicit product events rather than broad tracking. Our customer-support chat sets its cookies only after you choose to open the chat. We do not use third-party advertising cookies.
The Service is not directed at children and is not intended for anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.
We may update this policy as the Service evolves. If we make material changes, we will give you reasonable notice (for example by email or in the product). The date at the top reflects the latest revision.
For any privacy question or request, contact privacy@heylemma.com. Our Terms of Service describe the contractual side of the Service.