Privacy Policy for Carna Technologies LTD

Last Updated: 9 August 2025

Introduction

Welcome to Carna. Your privacy is critically important to us. This Privacy Policy explains what personal data Carna Technologies LTD ("Carna," "we," "us," or "our") collects from you, how we use it, and what rights you have in relation to it.

This policy applies to all our services, including the Carna mobile applications, our websites (including carna.ai and its subpages), the Carna English Test, and other products (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Who We Are and How to Contact Us

Data Controller: The entity responsible for your personal data is Carna Technologies LTD.
Our Address: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX.
Contact Us: For any questions about this Privacy Policy or your data protection rights, please email our Data Protection team at privacy@carna.ai.

You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), at www.ico.org.uk.

2. The Personal Data We Collect

We collect data to operate effectively and provide you with the best experiences with our services.

Information You Provide Directly:

Account Information: When you create an account, we collect your name, email address, and password.
Payment Information: When you purchase a subscription, our third-party payment processors (e.g., Stripe) collect your payment card information. Carna does not store your full payment card details.
User Content: We collect content you create while using the Service, such as your answers to exercises, written essays, and practice sentences. This is essential for tracking your progress and personalizing your learning.
Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.

Information We Collect Automatically:

Usage Data: We collect data about your interactions with our Service, such as the features you use, the lessons you complete, time spent on the platform, and your performance data.
Device and Connection Information: We collect information about your computer or mobile device, including your IP address, operating system, and browser type.
Cookies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Please see our Cookie Policy for more details.

Information Specific to the Carna English Test:

Test Responses: We collect your answers to all test questions.
Voice Recordings: For pronunciation assessment, we may collect short recordings of your voice. These are used solely to score your speaking skills and improve our AI models.
Test Environment Data: To ensure test integrity, we may collect data about your device and environment during the test session.

3. How and Why We Use Your Personal Data (Our Lawful Bases)

We only use your personal data when we have a valid legal reason to do so under UK GDPR. Here are the purposes for which we process your data and the legal bases we rely on:

To Provide and Manage the Service: We use your Account Information, User Content, and Usage Data to deliver our core services, such as tracking your learning progress and managing your account settings. Our lawful basis for this is the performance of our contract with you.
To Process Payments: We process your Payment and Account Information to manage your subscriptions. Our lawful basis for this is the performance of our contract with you.
To Personalize Your Learning Experience: We use your User Content and Usage Data to tailor lessons, exercises, and feedback specifically to you. Our lawful basis for this is our legitimate interest in providing a more effective and engaging service.
To Improve and Develop Our Services: We use anonymised or aggregated Usage Data, User Content, and Voice Data to analyze trends and enhance our platform's features and AI models. Our lawful basis for this is our legitimate interest in developing our business and improving our products for all users.
To Communicate With You: We use your Account Information to send you important service-related communications (like password resets or subscription updates), for which our lawful basis is the performance of our contract. For marketing communications, such as newsletters, our lawful basis is your consent, which you can withdraw at any time.
To Ensure Security: We use Device Information and Usage Data to monitor for and prevent fraudulent or illegal activity. Our lawful basis is our legitimate interest in protecting our Service, business, and users.
To Comply with Legal Obligations: We may need to process any of your data to comply with legal or regulatory requirements. Our lawful basis for this is legal obligation.

4. How We Share Your Personal Data

We do not sell your personal data. We only share it in the following circumstances:

Service Providers: We share data with third-party companies that help us operate our business, such as payment processors, cloud hosting providers (e.g., AWS), and analytics services (e.g., Google Analytics).
Business Users: If you use Carna through your school or employer, we will share your progress and usage data with the administrators of your organization's account as part of our contractual agreement with them.
Legal Compliance and Safety: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect the safety of any person, or protect our rights or property.
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred.

5. International Data Transfers

Carna operates globally, which means your personal data may be transferred to and stored in countries outside of the United Kingdom. When we do this, we ensure a similar degree of protection is afforded to it by using specific contracts approved by the UK authorities which give personal data the same protection it has in the UK (known as Standard Contractual Clauses or an International Data Transfer Agreement).

6. Your Data Protection Rights under UK GDPR

You have the following rights regarding your personal data:

The right to be informed about how we are using your data.
The right of access to request a copy of the data we hold about you.
The right to rectification to have inaccurate data corrected.
The right to erasure to have your data deleted (the "right to be forgotten").
The right to restrict processing to limit how we use your data.
The right to data portability to receive your data in a machine-readable format.
The right to object to the processing of your data (e.g., for direct marketing).
Rights in relation to automated decision-making and profiling.

To exercise any of these rights, please contact us at privacy@carna.ai.

7. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your personal data from accidental loss and from unauthorized access, use, alteration, or disclosure. These measures include data encryption and access controls.

8. Data Retention

We will only retain your personal data for as long as is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, this means we will keep your data for as long as your account is active.

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For more detailed information about the cookies we use and your choices regarding cookies, please see our separate Cookie Policy.

10. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

Privacy Policy for Carna Technologies LTD

Last Updated: 9 August 2025

Introduction

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Who We Are and How to Contact Us

Data Controller: The entity responsible for your personal data is Carna Technologies LTD.
Our Address: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX.
Contact Us: For any questions about this Privacy Policy or your data protection rights, please email our Data Protection team at privacy@carna.ai.

You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), at www.ico.org.uk.

2. The Personal Data We Collect

We collect data to operate effectively and provide you with the best experiences with our services.

Information You Provide Directly:

Account Information: When you create an account, we collect your name, email address, and password.
Payment Information: When you purchase a subscription, our third-party payment processors (e.g., Stripe) collect your payment card information. Carna does not store your full payment card details.
User Content: We collect content you create while using the Service, such as your answers to exercises, written essays, and practice sentences. This is essential for tracking your progress and personalizing your learning.
Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.

Information We Collect Automatically:

Usage Data: We collect data about your interactions with our Service, such as the features you use, the lessons you complete, time spent on the platform, and your performance data.
Device and Connection Information: We collect information about your computer or mobile device, including your IP address, operating system, and browser type.
Cookies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Please see our Cookie Policy for more details.

Information Specific to the Carna English Test:

Test Responses: We collect your answers to all test questions.
Voice Recordings: For pronunciation assessment, we may collect short recordings of your voice. These are used solely to score your speaking skills and improve our AI models.
Test Environment Data: To ensure test integrity, we may collect data about your device and environment during the test session.

3. How and Why We Use Your Personal Data (Our Lawful Bases)

We only use your personal data when we have a valid legal reason to do so under UK GDPR. Here are the purposes for which we process your data and the legal bases we rely on:

To Provide and Manage the Service: We use your Account Information, User Content, and Usage Data to deliver our core services, such as tracking your learning progress and managing your account settings. Our lawful basis for this is the performance of our contract with you.
To Process Payments: We process your Payment and Account Information to manage your subscriptions. Our lawful basis for this is the performance of our contract with you.
To Personalize Your Learning Experience: We use your User Content and Usage Data to tailor lessons, exercises, and feedback specifically to you. Our lawful basis for this is our legitimate interest in providing a more effective and engaging service.
To Improve and Develop Our Services: We use anonymised or aggregated Usage Data, User Content, and Voice Data to analyze trends and enhance our platform's features and AI models. Our lawful basis for this is our legitimate interest in developing our business and improving our products for all users.
To Communicate With You: We use your Account Information to send you important service-related communications (like password resets or subscription updates), for which our lawful basis is the performance of our contract. For marketing communications, such as newsletters, our lawful basis is your consent, which you can withdraw at any time.
To Ensure Security: We use Device Information and Usage Data to monitor for and prevent fraudulent or illegal activity. Our lawful basis is our legitimate interest in protecting our Service, business, and users.
To Comply with Legal Obligations: We may need to process any of your data to comply with legal or regulatory requirements. Our lawful basis for this is legal obligation.

4. How We Share Your Personal Data

We do not sell your personal data. We only share it in the following circumstances:

Service Providers: We share data with third-party companies that help us operate our business, such as payment processors, cloud hosting providers (e.g., AWS), and analytics services (e.g., Google Analytics).
Business Users: If you use Carna through your school or employer, we will share your progress and usage data with the administrators of your organization's account as part of our contractual agreement with them.
Legal Compliance and Safety: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect the safety of any person, or protect our rights or property.
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred.

5. International Data Transfers

6. Your Data Protection Rights under UK GDPR

You have the following rights regarding your personal data:

The right to be informed about how we are using your data.
The right of access to request a copy of the data we hold about you.
The right to rectification to have inaccurate data corrected.
The right to erasure to have your data deleted (the "right to be forgotten").
The right to restrict processing to limit how we use your data.
The right to data portability to receive your data in a machine-readable format.
The right to object to the processing of your data (e.g., for direct marketing).
Rights in relation to automated decision-making and profiling.

To exercise any of these rights, please contact us at privacy@carna.ai.

Privacy Policy for Carna Technologies LTD

Introduction

1. Who We Are and How to Contact Us

2. The Personal Data We Collect

Information You Provide Directly:

Information We Collect Automatically:

Information Specific to the Carna English Test:

3. How and Why We Use Your Personal Data (Our Lawful Bases)

4. How We Share Your Personal Data

5. International Data Transfers

6. Your Data Protection Rights under UK GDPR

7. Data Security

8. Data Retention

9. Cookies and Similar Technologies

10. Children's Privacy

11. Changes to This Privacy Policy

Explore More

Terms of Service

Contact Us

Privacy Policy for Carna Technologies LTD

Introduction

1. Who We Are and How to Contact Us

2. The Personal Data We Collect

Information You Provide Directly:

Information We Collect Automatically:

Information Specific to the Carna English Test:

3. How and Why We Use Your Personal Data (Our Lawful Bases)

4. How We Share Your Personal Data

5. International Data Transfers

6. Your Data Protection Rights under UK GDPR

7. Data Security

8. Data Retention

9. Cookies and Similar Technologies

10. Children's Privacy

11. Changes to This Privacy Policy

Explore More

Terms of Service

Contact Us