Privacy Policy

Last updated: May 2025

This Privacy Policy explains how [Company name, CVR number] ("we", "us", or "our"), operating Livy at app.uselivy.ai, collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish data protection law.

1. Data Controller

The data controller for your personal data is:

[Company name]
CVR: [CVR number]
Address: [Company address]
Email: privacy@uselivy.ai

2. What Data We Collect

Account data

When you create an account, we collect your name, email address, company name, and password (stored in hashed form). This is necessary to provide the Service.

Property & tenant data

As part of the Service, you may upload data about properties, tenants, and leases — including names, addresses, contact details, CPR numbers, and financial information. You are the data controller for this data; we process it on your behalf as a data processor.

Usage data

We collect information about how you use the Service, including pages visited, features used, and actions taken. This helps us improve the product and troubleshoot issues.

Communication data

If you connect email or SMS channels, we process the content of those messages to provide inbox and automation features. Messages are stored securely and not shared with third parties except as necessary to deliver the Service.

3. How We Use Your Data

  • To provide, operate, and maintain the Service
  • To authenticate you and secure your account
  • To process payments and manage your subscription
  • To send you service-related emails (account confirmations, billing receipts, security alerts)
  • To improve and develop the Service using aggregated, anonymised usage data
  • To comply with legal obligations

We do not sell your personal data to third parties, and we do not use your data for advertising purposes.

4. Legal Basis for Processing

  • Contract performance — processing necessary to provide the Service you signed up for
  • Legitimate interests — improving and securing the Service
  • Legal obligation — where required by applicable law
  • Consent — for optional communications such as product newsletters

5. Data Processors & Third Parties

We use the following categories of sub-processors to operate the Service:

  • Supabase — database and authentication infrastructure
  • Vercel — hosting and deployment
  • Anthropic — AI processing for automation features
  • Stripe — payment processing
  • Twilio — SMS channel integration

All sub-processors are bound by data processing agreements and provide adequate data protection guarantees.

6. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will delete or anonymise your data within 90 days, except where we are required to retain it by law (e.g. for accounting purposes, typically 5 years under Danish bookkeeping law).

7. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — request that we limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@uselivy.ai. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this will prevent you from logging in to the Service.

9. Security

We take data security seriously. All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and audited. We conduct regular security reviews and follow industry best practices to protect your data.

10. International Transfers

Some of our sub-processors are based outside the EU/EEA (e.g. in the United States). Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Complaints

If you believe we have handled your data incorrectly, you have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. The latest version is always available at uselivy.ai/privacy.

13. Contact

For privacy-related questions or requests, contact us at privacy@uselivy.ai.