Skip to main content
parlance — home

Privacy policy

Last updated: 9 June 2026

This policy explains how parlance handles your personal data across our website at parlancelabs.net, the parlance platform, our REST API at api.parlancelabs.net, and our native applications for Apple platforms (iOS, iPadOS, macOS and visionOS), distributed through the App Store. We refer to all of these together as the “service”. We are committed to processing your personal data lawfully, fairly and transparently. For the terms governing your use of the service, see our terms of service; for how we use cookies and similar technologies on our website, see our cookie policy.

Who we are

parlance is a design-to-code contract platform that audits design files, code, live products and native apps against shared UI contracts, glossaries, design tokens and accessibility standards. For the purposes of UK data protection law, parlance is the data controller of the personal data described in this policy. You can reach our privacy team at privacy@parlancelabs.net.

Data we collect

We collect and process the following categories of data:

  • Account data. Your name, email address, hashed password or authentication provider identifiers, workspace and team membership, role, and billing details needed to manage your subscription.
  • Content you submit for auditing. Design files, component libraries, code references, repository metadata and live product URLs that you connect to the service so we can run audits against your contracts. We process this content to provide the service and do not use it to train models or for any purpose unrelated to your audits.
  • Usage and diagnostic data. Limited technical information needed to operate and secure the service, such as the type of device or browser you use, and the security and audit logs generated when you sign in or call our API (including the IP address recorded by our authentication provider for security purposes). We keep this to what is necessary to run the service reliably and securely.
  • Invitations. When you invite a teammate, we store the email address and role you provide so we can send the invitation. Invitations expire after seven days.
  • Profile image and API keys. If you upload a profile image it is stored so it can be displayed, and is served from a publicly addressable URL. API keys you generate for the extensions and the auditor app are stored as a one-way hash, alongside the time each key was last used, so you can manage and revoke them.
  • Support and communications. Any information you share with us when you contact support, respond to a survey, or correspond with us by email.

How we use it

We use personal data to:

  • provide, operate and secure the service, including running and storing audit results;
  • authenticate you and manage your account, workspaces and teams;
  • process payments and administer your subscription;
  • respond to your requests and provide customer support;
  • monitor, debug and improve the reliability and performance of the service;
  • send you essential service messages and, where you have not opted out, occasional product updates;
  • comply with our legal obligations and enforce our terms.

Our native applications

Our native applications for Apple platforms (the parlance auditor) let you audit web pages and products for accessibility and design-contract conformance from your Apple device. When you use a native app, the following applies in addition to the rest of this policy.

  • Audited URLs and findings. When you run an audit, the web address you choose to audit and the resulting findings are sent to your parlance account through our API at api.parlancelabs.net and stored against your workspace so you can review and sync your results. We process this content to provide the service and do not use it to train models or for any purpose unrelated to your audits.
  • API key on your device. To connect a native app to your account, an API key is stored securely in the Apple Keychain on your device. It is used only to authenticate your requests to our API and is never synced to iCloud by the app. You can disconnect at any time, which removes the key from your device.
  • Camera, for QR codes only. If you choose to hand a page between your own devices, the app can use your device camera to read a QR code. The camera is used solely to decode the QR code on your device; no photo or video is captured, stored or transmitted. We ask for camera permission only when you use this feature.
  • App settings.Your in-app preferences are stored locally on your device in the app’s own storage and are not transmitted to us.
  • No tracking.Our native apps contain no third-party advertising, analytics or tracking software. We do not track you across other companies’ apps or websites, and we do not use the Apple advertising identifier. This is reflected in the app’s privacy information on the App Store.

Legal bases

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contract. Processing necessary to provide the service you have signed up for, including account management, auditing your submitted content and billing.
  • Legitimate interests. Processing necessary to secure, maintain and improve the service, prevent abuse, and communicate with you about your account, balanced against your rights and freedoms.
  • Consent.Where the law requires it, we rely on your consent — for example, your operating-system permission for camera access in our native apps (used only to read QR codes). If and when we introduce optional analytics cookies on our website, we will ask for your consent first. You can withdraw consent at any time without affecting the lawfulness of earlier processing.
  • Legal obligation. Processing necessary to comply with applicable laws, including tax and accounting requirements.

Sub-processors

We work with a small number of trusted service providers who process personal data on our behalf, under contracts that require appropriate safeguards. Our current sub-processors are:

  • Supabase — database, authentication and file storage.
  • Vercel — application hosting and content delivery.
  • Apple — distribution of our native apps through the App Store. Apple processes your download and any App Store account interactions under its own privacy policy.
  • Stripe — payment and subscription processing for our web platform. Where you purchase a paid plan on the web, Stripe processes your billing details as a processor on our behalf.
  • Resend — transactional and service email delivery.
  • Error monitoring and analytics — if and when we enable error-monitoring or product-analytics providers to help us diagnose faults and improve the service, we will name them here and, where the law requires it, ask for your consent first. We do not use any such providers in our native apps.

We will update this list when our sub-processors change. If you would like advance notice of changes, please contact us at privacy@parlancelabs.net.

International transfers

Some of our processors — including Supabase, Vercel and Apple, and Stripe where you purchase a paid plan — may process personal data outside the United Kingdom. Where this happens, we ensure an appropriate safeguard is in place, such as the UK International Data Transfer Agreement, the International Data Transfer Addendum to the EU Standard Contractual Clauses, or transfers to a country covered by UK adequacy regulations, so that your data receives an equivalent level of protection.

Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy. Account data is kept for the life of your account and deleted or anonymised within a reasonable period after closure. Content submitted for auditing is retained while it remains connected to your workspace and is removed when you delete it or close your account, subject to short-lived backups. We may retain certain records for longer where required to meet legal, tax or accounting obligations.

Audit results you create — including those uploaded from our native apps — are retained in your workspace until you, or your workspace owner, delete them or the workspace is closed. When you deactivate your account, we delete your account and erase the personal data associated with it after a thirty-day grace period; where you own a workspace, contact us so we can also remove or reassign its content as part of that process. Data held only on your device, such as your API key and in-app settings, remains on your device until you disconnect or remove the app.

Your rights

You have the right to access the personal data we hold about you, to have it corrected, to have it deleted, to receive a copy in a portable format, to restrict or object to certain processing, and to withdraw consent where we rely on it. To exercise any of these rights, email us at privacy@parlancelabs.net. You can also action many of these yourself in the platform: update your profile in account settings, and deactivate your account to begin deletion. We will respond within the time limits set by applicable law and may need to verify your identity first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk, although we would welcome the chance to resolve any concerns first.

If you are a California resident, you have the right to know what personal information we collect and how we use and share it, to request access to and deletion of that information, and to correct inaccurate information. We do not sell or share your personal information for cross-context behavioural advertising, and we will not discriminate against you for exercising your rights. To make a request, contact us at privacy@parlancelabs.net.

Security

We take the security of your data seriously and maintain appropriate technical and organisational measures to protect it against unauthorised access, loss or misuse. These include encryption in transit, role-based access controls, row-level security on stored data, and continuous monitoring. In our native apps, your API key is stored in the Apple Keychain, the operating system’s protected credential store on your device. No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to any incident.

Children

The service is intended for use by businesses and professionals and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

Changes

We may update this policy from time to time to reflect changes to the service or to legal requirements. When we make material changes, we will update the “last updated” date above and, where appropriate, notify you through the service or by email. We encourage you to review this page periodically.

Contact

If you have any questions about this policy or how we handle your personal data, please contact our privacy team at privacy@parlancelabs.net.