Privacy Policy
Last updated: January 2026
At Igloo Labs Limited (“we,” “us,” or “our”), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use Ask Lisa (“Service”).
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (GDPR) where applicable.
1. Data Controller
The data controller responsible for your personal data is:
Igloo Labs Limited
Email: privacy@asklisa.app
For data protection inquiries, you can contact us at the email address above.
2. Information We Collect
Information You Provide
- Account Information: Name, email address, and password when you create an account
- Profile Information: Travel preferences, family composition, dietary requirements, and interests you choose to share
- Trip Data: Destinations, dates, budgets, and other details you provide when planning trips
- Communications: Messages you send to Lisa, feedback, and support inquiries
Information Collected Automatically
- Usage Data: Features you use, pages you visit, time spent on the Service, and interaction patterns
- Device Information: Device type, operating system, browser type, and unique device identifiers
- Log Data: IP address, access times, referring URLs, and crash reports
- Location Data: General location inferred from your IP address (we do not collect precise GPS location)
Cookies and Similar Technologies
We use cookies and similar tracking technologies to operate and improve our Service. See Section 9 for more details about our cookie practices.
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Create and manage your account | Contract performance |
| Generate personalised travel itineraries | Contract performance |
| Process your conversations with Lisa | Contract performance |
| Send service-related communications | Contract performance / Legitimate interests |
| Improve and develop new features | Legitimate interests |
| Analyse usage patterns and trends | Legitimate interests |
| Train and improve AI models | Legitimate interests |
| Prevent fraud and ensure security | Legitimate interests / Legal obligation |
| Send marketing communications (with consent) | Consent |
| Comply with legal obligations | Legal obligation |
4. AI Processing and Automated Decision-Making
Ask Lisa uses artificial intelligence to provide personalised travel recommendations. Here's how your data is used in our AI systems:
- Personalisation:Your preferences, past trips, and chat history are processed by AI to generate tailored recommendations
- Conversation Processing:Messages you send to Lisa are processed by AI models to understand your needs and provide helpful responses
- Model Training:Anonymised and aggregated data may be used to improve our AI models. We do not use your personal conversations to train models without additional consent
No Significant Automated Decisions: We do not make significant decisions solely based on automated processing that produce legal effects or similarly significantly affect you.
5. How We Share Your Information
We do not sell your personal data. We may share your information with:
Service Providers
Third parties who help us operate the Service, including cloud hosting providers, analytics services, and AI model providers. These providers are contractually bound to protect your data and use it only for our specified purposes.
Other Users
When you choose to share itineraries publicly or with specific users, that content becomes visible to them. Your profile information (name, username) may be visible on shared content.
Business Transfers
If Igloo Labs Limited is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
Legal Requirements
We may disclose your data when required by law, in response to valid legal requests, to protect our rights, or in emergency situations to protect safety.
6. International Data Transfers
Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:
- Transfers to countries with adequate data protection (as determined by the UK or EU)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- International Data Transfer Agreement (IDTA) for UK transfers
- Other legally approved transfer mechanisms
You can request more information about our international transfer safeguards by contacting us.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:
- Account Data: Retained while your account is active and for a reasonable period afterwards (typically 2 years) to allow for account reactivation
- Trip and Itinerary Data: Retained while your account is active. You can delete individual trips at any time
- Conversation History: Retained for up to 12 months to provide continuity in your interactions with Lisa, unless you delete it sooner
- Usage and Analytics Data: Typically retained for 26 months in identifiable form, then aggregated or deleted
- Legal Compliance: Some data may be retained longer if required by law or for legitimate business purposes (e.g., resolving disputes)
When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.
8. Your Rights
Under data protection laws, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data in certain circumstances
- Right to Restriction: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests, including profiling
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Rights Related to Automated Decision-Making: Request human review of automated decisions that significantly affect you
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@asklisa.app. We will respond to your request within one month. We may need to verify your identity before processing your request.
Right to Complain: If you are not satisfied with how we handle your data, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk
9. Cookies and Tracking Technologies
We use the following types of cookies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the Service to function (authentication, security) | Session / 1 year |
| Functional | Remember your preferences and settings | 1 year |
| Analytics | Understand how users interact with the Service | 2 years |
Managing Cookies: You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. Essential cookies cannot be disabled as they are necessary for the Service to operate.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication mechanisms
- Regular security assessments and penetration testing
- Access controls limiting who can view your data
- Employee training on data protection
- Incident response procedures
While we take security seriously, no system is completely secure. We cannot guarantee the absolute security of your data. If you become aware of any security issues, please contact us immediately.
11. Children's Privacy
Ask Lisa is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately, and we will take steps to delete that information.
12. Third-Party Links and Services
The Service may contain links to third-party websites, including travel providers, booking services, and affiliate partners. This Privacy Policy applies only to Ask Lisa. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Notify you via email or through the Service for significant changes
- Where required by law, seek your consent to the changes
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Igloo Labs Limited
Privacy Inquiries: privacy@asklisa.app
Data Subject Requests: privacy@asklisa.app
We aim to respond to all inquiries within 30 days. For data subject access requests, we will respond within one month as required by law.