Privacy Policy

1. Data controller

The data controller for personal data processed through this website is Lina AI Ltd, with registered office at [TO BE COMPLETED — registered office in England and Wales; see the live Companies House record] (registration: Companies House, England and Wales (company number 17218368); incorporated 13 May 2026 as a private company limited by shares under the Companies Act 2006). For any question relating to this policy or to exercise your rights, contact privacy@lina.legal.

This policy covers only the marketing website at www.lina.legal. Engagement with Lina’s regulated law firms (lina.law and partner firms) is covered by separate privacy notices issued by those firms.

2. What we process and why

We keep data collection deliberately narrow. The table below lists every category of personal data we process through this website, the purpose, the UK GDPR legal basis, and how long we keep it.

Contact form submissions

Name, email, professional context, and message you submit through the application form on /join, or by emailing one of the contact addresses on the site.

Purpose: Respond to your enquiry; assess interest in a partner conversation; take pre-contractual steps at your request.

Legal basis: Art. 6(1)(b) UK GDPR — pre-contractual steps; Art. 6(1)(f) — our legitimate interest in evaluating prospective partners and clients.

Retention: Active correspondence + 24 months from the last contact, then deletion (or longer if a contractual relationship begins, governed by the firm’s engagement-letter retention rules).

Locale and country preferences

Two first-party cookies — NEXT_LOCALE and NEXT_COUNTRY — storing the language and jurisdiction you selected in the site header.

Purpose: Remember your language and country choice so the site renders correctly on return visits.

Legal basis: Art. 6(1)(f) UK GDPR — legitimate interest. These are strictly-functional cookies that do not track you across sites; no consent banner is required for them.

Retention: 12 months from your last visit, then they expire automatically.

Server logs

Standard request logs collected by our hosting provider (Vercel), including IP address, user-agent, referring URL, and request path/timestamp.

Purpose: Operate and secure the site (debug errors, mitigate abuse and DDoS attacks, measure availability).

Legal basis: Art. 6(1)(f) UK GDPR — legitimate interest in operating a secure, reliable website.

Retention: Up to 30 days by default at the hosting provider, longer only where a security incident requires it.

Email correspondence

Any email you send to contact@lina.legal, privacy@lina.legal, or other published addresses, including its contents and attachments.

Purpose: Handle your enquiry, complaint, or data-subject request.

Legal basis: Art. 6(1)(b) UK GDPR (pre-contractual or contractual steps), Art. 6(1)(c) UK GDPR (legal obligation, e.g. responding to a rights request), or Art. 6(1)(f) UK GDPR (legitimate interest) — depending on the subject of your email.

Retention: Active correspondence + 24 months, then deletion, unless retained longer to comply with a legal obligation.

3. What we do not do

3.1We do not run third-party analytics, tracking pixels, advertising tags, or social-media plugins on this website.
3.2We do not sell your personal data, ever.
3.3We do not use your data to train AI models.
3.4We do not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR on the basis of data collected through this site.

4. Recipients and sub-processors

We rely on a small number of trusted service providers to operate the site. Each acts as a processor under Art. 28 UK GDPR and is bound by a written data-processing agreement.

Vercel Inc.

Hosting and edge delivery for the website. European traffic is served from EU regions (primarily Frankfurt).

Purpose: Website hosting and delivery.

Legal basis: Art. 28 UK GDPR processor; the UK International Data Transfer Agreement (IDTA) — or the UK Addendum to the EU Standard Contractual Clauses — applies for any data flow to the United States.

Retention: Logs retained up to 30 days; project data per Vercel’s retention policy.

Email provider

The provider hosting the lina.legal email domain (e.g. Google Workspace), which receives messages sent to our published addresses.

Purpose: Receive, store, and reply to email correspondence.

Legal basis: Art. 28 UK GDPR processor.

Retention: Per provider retention and per section 2 of this policy.

5. International transfers

Lina AI Ltd is established in the United Kingdom. Where personal data is transferred outside the UK, we rely on the following safeguards: (i) transfers to the European Economic Area are covered by the UK Government’s adequacy regulations recognising the EEA, so no additional transfer instrument is required (this is the case for our primary hosting region in Frankfurt); (ii) transfers to the United States (for example to our hosting provider Vercel Inc., headquartered in California) are made under the UK International Data Transfer Agreement (the “IDTA”) or the UK Addendum to the EU Standard Contractual Clauses, supplemented where appropriate by additional safeguards, and on the UK Extension to the EU-U.S. Data Privacy Framework where the recipient is certified. You can request a copy of the safeguards in place by writing to privacy@lina.legal.

6. Your rights as a data subject

Subject to the conditions set out in Arts. 15–22 UK GDPR (read together with the Data Protection Act 2018), you have the following rights with respect to your personal data:

AccessConfirm whether we process data about you and obtain a copy (Art. 15).
RectificationCorrect inaccurate or incomplete data (Art. 16).
ErasureHave your data deleted, where one of the grounds in Art. 17 applies.
RestrictionRestrict processing in the cases listed at Art. 18.
Data portabilityReceive your data in a structured, commonly-used, machine-readable format (Art. 20).
ObjectionObject to processing based on legitimate interest, including direct marketing (Art. 21).
Automated decisionsNot be subject to a decision based solely on automated processing that produces legal effects (Art. 22). We do not engage in such processing on this website.
Withdraw consentWithdraw your consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, email privacy@lina.legal with enough detail for us to identify you and your request. We respond within one month, extendable by two further months for complex requests as permitted by Art. 12(3) UK GDPR.

7. Right to lodge a complaint

If you believe our processing infringes the UK GDPR or the Data Protection Act 2018, you have the right to lodge a complaint with our supervisory authority, the United Kingdom Information Commissioner’s Office (the “ICO”), at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom — ico.org.uk.

If you are based in the European Economic Area, you may also lodge a complaint with the supervisory authority of your Member State of habitual residence, place of work, or place of the alleged infringement (Art. 77 EU GDPR). We would, however, ask you to contact us first at privacy@lina.legal so we can try to resolve the issue directly.

8. Security

We apply technical and organisational measures appropriate to the risk, including HTTPS in transit, EU-region hosting for European traffic, restricted access to the inboxes that receive form submissions, and confidentiality obligations on personnel and processors. No internet service is risk-free; we will notify the ICO and, where required, affected individuals in accordance with Arts. 33–34 UK GDPR in the event of a personal-data breach.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected on this page with an updated “last updated” date. Previous versions are available on request.

Last updated: 29 May 2026.

Privacy Policy.