Privacy & Compliance

How Lisa Listener protects employee anonymity, ensures data privacy, and maintains compliance with global regulations.

Last updated: January 2026

Our Anonymity Commitment

Lisa Listener is designed from the ground up to protect employee anonymity. We do not collect, store, or transmit any personally identifiable information (PII) from employees who submit feedback.

What This Means for Employees

  • No names collected: We never ask for or record your name
  • No email addresses: Submissions require no login or email
  • No employee IDs: No connection to HR systems or employee records
  • No IP tracking: We do not log or store IP addresses from submissions
  • No voice identification: Voice data is processed for content only, not for biometric identification

Important Note

While we protect your anonymity through our systems, please be mindful not to include personally identifying information in your verbal feedback (such as stating your name, employee ID, or specific personal details that could identify you).

What We Collect

From Employees (Submitters)

Data TypePurposeRetention
Voice conversation contentProcessed to extract feedback insightsAudio deleted after processing; transcript summarized
Feedback summaryStored for manager review and analysisUntil campaign deletion
Anonymous session IDTechnical: links conversation to submissionSession only; not stored long-term
TimestampTrack when feedback was submittedUntil campaign deletion

From Campaign Managers

Data TypePurposeLegal Basis
Email addressAccount creation, authentication, notificationsContract performance
Password (hashed)Account securityContract performance
Campaign configurationsService functionalityContract performance

What We Do NOT Collect

  • Names or personal identifiers from submitters
  • IP addresses from submission pages
  • Device fingerprints or tracking cookies for submitters
  • Voiceprints or biometric identifiers
  • Location data (GPS, geolocation)
  • Integration with HR, payroll, or employee databases

How We Process Data

Voice Conversation Processing

  1. 1
    Real-time conversation: Employee speaks with Lisa (our AI voice agent). Audio is streamed to our voice processing partner (ElevenLabs) for real-time transcription and response.
  2. 2
    Content extraction: The conversation is analyzed to extract the core feedback—problems, ideas, or observations shared by the employee.
  3. 3
    Structured summary: Key insights are summarized and categorized (urgency, impact, frequency) without retaining the original audio.
  4. 4
    Manager dashboard: Only the anonymized summary is made available to campaign managers—never raw audio or full transcripts.

Voice Data Clarification

We process voice for content understanding only—not for voice recognition, speaker identification, or biometric analysis. Under GDPR, this means voice data is treated as standard personal data during processing, not as special category biometric data, as we do not use it to uniquely identify individuals.

Whistleblower Protection Alignment

While Lisa Listener is designed for general workplace feedback (not specifically whistleblowing), our architecture aligns with key principles from global whistleblower protection frameworks.

EU Whistleblower Directive

Directive (EU) 2019/1937

  • Confidential channels: Anonymous submission by design
  • No retaliation data: Cannot identify reporters
  • Secure processing: Industry-standard encryption

NZ Protected Disclosures Act

Protected Disclosures Act 2022

  • Confidentiality: Identifying info kept confidential
  • Accessible channel: Voice-first, low-friction
  • Protection by design: Cannot expose disclosers

Organizational Responsibility

Organizations using Lisa Listener for collecting disclosures about serious wrongdoing should ensure they have appropriate internal procedures, designated recipients, and follow-up processes as required by applicable whistleblower protection legislation in their jurisdiction.

GDPR Compliance

Lisa Listener is designed to comply with the EU General Data Protection Regulation (GDPR) and equivalent data protection laws worldwide.

Legal Bases for Processing

Processing ActivityLegal Basis (Art. 6)Justification
Employee voice feedbackLegitimate Interest (Art. 6(1)(f))Organizational improvement; balanced by anonymity protections
Manager account dataContract (Art. 6(1)(b))Necessary to provide the service
Analytics (aggregated)Legitimate Interest (Art. 6(1)(f))Service improvement; no individual impact

Data Protection Principles

Purpose Limitation

Data used only for stated feedback collection purposes

Data Minimization

We collect only what is necessary; no PII from submitters

Accuracy

Managers can update/correct campaign data

Storage Limitation

Data retained only while campaigns are active

Integrity & Confidentiality

Encryption in transit and at rest

Accountability

Documented processing activities and controls

International Data Protection Standards

Our privacy practices are designed to meet or exceed requirements across major international data protection frameworks.

European UnionCompliant

GDPR

United KingdomCompliant

UK GDPR

California, USAAligned

CCPA/CPRA

BrazilAligned

LGPD

South AfricaAligned

POPIA

SingaporeAligned

PDPA

AustraliaAligned

Privacy Act

New ZealandAligned

Privacy Act 2020

CanadaAligned

PIPEDA

Note: "Aligned" indicates our practices meet the core requirements of these frameworks. Organizations should consult local counsel for jurisdiction-specific compliance obligations.

Your Rights

For Employees (Submitters)

Because we collect no personally identifiable information, traditional data subject rights (access, rectification, erasure) do not apply to anonymous submissions—there is no personal data to access, correct, or delete.

Your primary protection is anonymity: Your feedback cannot be traced back to you, and we cannot identify you even if requested by your employer.

For Campaign Managers

As a registered user, you have the following rights:

  • Access: View all your account data
  • Rectification: Update your account information
  • Erasure: Delete your account and all associated campaigns
  • Portability: Export your campaign data

Security Measures

Encryption in Transit

All data transmitted via TLS 1.3 encryption

Encryption at Rest

Database and file storage encrypted with AES-256

Access Controls

Role-based access; campaign isolation between organizations

Secure Authentication

Passwords hashed with bcrypt; optional passcode protection

Infrastructure Security

Hosted on SOC 2 compliant cloud infrastructure

Data Deletion

Campaign deletion cascades to all associated data

Third-Party Data Processors

ProviderPurposeData ProcessedLocation
ElevenLabsVoice AI processingAudio streams (real-time, not stored)USA/EU
SupabaseDatabase & authenticationCampaign data, manager accountsConfigurable
VercelApplication hostingApplication code, edge functionsGlobal (Edge)

All third-party processors are bound by data processing agreements and maintain appropriate security certifications.

Questions or Concerns?

If you have questions about our privacy practices or wish to exercise your data rights, please contact us:

Email: privacy@themotionbridge.com

Company: The Motion Bridge

We aim to respond to all privacy inquiries within 30 days.