Lurni — career intelligence platform with Career GPS

Privacy Policy

Last updated: 15 May 2026

General

1. About Lurni

Lurni is operated by LURNI AI LIMITED, a private limited company registered in England and Wales (company number 16483590, incorporated 29 May 2025). The Lurni name and mark are registered with the UK Intellectual Property Office under trade mark UK00004211235 (effective 29 May 2025, registered 22 August 2025). Contact: hello@lurni.ai. Hosting: Vercel, edge-served in the EU.

2. When you browse the site

We use Vercel Analytics and Vercel Speed Insights to gather aggregated, anonymous metrics: total visitors, page views, country (not city or IP), referrer, time on page, and Web Vitals (LCP / INP / CLS). We do NOT see your IP address, identifiers, or browsing history outside Lurni. No cookies are set. This is permitted under the strictly-necessary / aggregated statistics exemption in UK PECR and EU ePrivacy.

We also fire anonymous custom events when you interact with the site — clicks on the “Get Started” / “Get Early Access” buttons, scroll depth, career card “View More” clicks, and waitlist form interactions. No personal identifiers are attached. These events feed the same Vercel dashboard as the metrics above.

3. When you submit the waitlist form

We collect the email address you enter, the date of submission, and whether you ticked the optional “career interest” checkbox. Legal basis: your consent (you submitted the form). Purpose: to notify you when Lurni launches and to send relevant product updates. Retention: until you ask us to delete it, or 3 years from your last interaction with us, whichever is earlier.

4. What we do not collect

  • We do NOT use cookies for tracking.
  • We do NOT share your data with advertising platforms (Meta, Google, etc.) at present. We will update this policy AND request your explicit consent via a cookie banner BEFORE any advertising tracking is enabled.
  • We do NOT sell your data.
  • We do NOT use your email for marketing other companies' products.

5. Your rights (GDPR + UK GDPR)

You may at any time:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your data (right to be forgotten).
  • Object to processing or restrict processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent at any time (where consent is the legal basis).
  • Complain to your local data protection authority (ICO in the UK; the relevant DPA in your EU member state).

To exercise any of these rights, email hello@lurni.ai. We will respond within 30 days.

6. International transfers

Vercel processes data primarily in the EU but may route through US infrastructure for global edge delivery. This transfer is covered by Vercel's Data Processing Addendum and Standard Contractual Clauses. No data leaves the EU / UK for any other processor at present.

7. Children

Lurni is not directed at users under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data to us, email hello@lurni.ai and we will delete it.

8. Security

All data is transmitted over HTTPS. Submitted emails are held on the Lurni backend in encrypted database storage with PII envelope encryption (AES-GCM at the field level, key separated from data store). We follow industry-standard security practices including HSTS preload, Content Security Policy with per-request nonce, strict referrer policy, modern HTTP security headers (Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, Permissions-Policy), and refuse server-side optimisation of SVG uploads to mitigate XSS vectors.

9. Changes to this policy

We may update this policy as Lurni evolves. We will post the new effective date at the top of the page. For material changes (new processors, new data categories, new sharing partners) we will notify waitlist subscribers by email at least 14 days before the changes take effect.

10. Contact

Questions, complaints, data requests: hello@lurni.ai.