Privacy Policy

1. Who We Are

Lyra is an AI-powered recruitment platform operated by Norgic Ltd, a company registered in England and Wales (“we”, “us”, or “our”). Our platform is available at hilyra.com.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Lyra Service.

2. Data We Collect

We collect the following categories of personal data:

3. How We Collect Your Data

• Directly from you — when you sign up, upload a CV, or interact with Lyra via any channel.
• From third-party platforms — LinkedIn (public profile data), WhatsApp (via Twilio), GitHub (public developer profiles used for candidate sourcing), and Adzuna (public job listings).
• Automatically — via server logs and standard web technologies when you visit hilyra.com.

4. How We Use Your Data

We use your personal data for the following purposes:

• To operate the Lyra platform and provide recruitment services
• To power Lyra's AI responses and match Candidates with relevant Employers
• To communicate with you about your account, job matches, and platform updates
• To improve the accuracy and quality of our AI models
• To comply with legal obligations
• To detect and prevent fraud or abuse of the Service

Our lawful basis for processing is: contract (to deliver the Service you signed up for), legitimate interests (to operate and improve our platform), and legal obligation where required by law.

5. AI Processing & Lyra

Lyra is powered by large language model technology provided by Anthropic (Claude). When you interact with Lyra, your messages are processed by Anthropic's API to generate responses. Anthropic does not use API data to train their models. For more information, see Anthropic's Privacy Policy.

Voice calls are processed using LiveKit (real-time audio infrastructure) and ElevenLabs (voice synthesis). Audio is processed in real time and is not permanently stored by Lyra.

6. Sharing Your Data

We do not sell your personal data. We share data only in the following circumstances:

• With Employers — Candidate profile data is shared with Employers who may be a suitable match, with your awareness that you are using a recruitment platform.
• With service providers — We use third-party processors including Anthropic (AI), Twilio (WhatsApp), LiveKit (voice), ElevenLabs (voice synthesis), DigitalOcean (cloud hosting), and Vercel (frontend hosting). All processors are bound by data processing agreements.
• For legal reasons — If required by law, court order, or to protect the rights and safety of Norgic Ltd or others.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for up to 7 years).

Conversation history with Lyra may be retained to improve response quality and provide continuity of service. You may request deletion of your conversation history at any time.

8. Your Rights

Under UK GDPR, you have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Ask us to correct inaccurate data.
• Erasure — Request deletion of your personal data (“right to be forgotten”).
• Restriction — Ask us to limit how we use your data.
• Portability — Request a machine-readable copy of your data.
• Objection — Object to processing based on legitimate interests.
• Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at legal@norgic.org. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We take the security of your personal data seriously. We use industry-standard measures including encrypted storage (AES-256), HTTPS throughout, and access controls to protect your data. Third-party API keys and credentials are stored encrypted in our database and never in code or environment files.

No system is 100% secure. If you become aware of any security concern, please notify us immediately at legal@norgic.org.

10. International Transfers

Some of our third-party processors are based outside the UK, including in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), in accordance with UK GDPR requirements.

11. Cookies

Lyra uses only essential cookies required for the platform to function (e.g. session management). We do not use third-party advertising or tracking cookies. You can control cookie settings through your browser preferences.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

For any privacy-related questions, data requests, or complaints, please contact our data controller at: