1. Introduction
Livy ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered platform for landlords and property managers.
2. Information We Collect
We may collect the following types of information:
- Account Information: Name, email address, company name, and password (stored hashed).
- Property & Tenant Data: Property, tenant, and lease details you upload — names, addresses, contact details, and financial information. You remain the controller for this data; we act as your processor.
- Communication Data: The content of messages processed through connected email and SMS channels.
- Usage Data: Information about how you interact with the Service.
- Technical Data: IP address, browser type, and device information — used for security and abuse prevention under our legitimate interest in protecting the Service.
3. How We Use Your Information
We use the collected information for:
- Providing, operating, and maintaining the Service
- Authenticating you and securing your account
- Processing payments and managing your subscription
- Sending service-related communications (account confirmations, billing receipts, security alerts)
- Improving and developing the Service using aggregated, anonymised usage data
- Ensuring the security and integrity of our platform
- Complying with legal obligations
We do not sell your personal data, and we do not use it for advertising purposes.
4. Legal Basis for Processing
Under GDPR, we rely on the following legal bases:
- Contract: Processing necessary to provide the Service you signed up for.
- Legitimate interests: Securing the Service and preventing abuse (e.g. rate-limiting by IP address), and improving the product.
- Legal obligation: Where required by applicable law, such as bookkeeping records.
- Consent: For optional communications such as product updates, which you can withdraw at any time.
5. Data Sharing and Disclosure
We do not sell your personal information. We may share your information with:
- Service Providers: Third parties that help us operate the Service (see Section 6).
- Legal Requirements: When required by law or to protect our rights.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
6. Third-Party Service Providers
We use the following sub-processors to operate the Service. Each processes data on our behalf under a data processing agreement. Where a provider is based outside the EU/EEA, transfers are safeguarded by Standard Contractual Clauses approved by the European Commission.
- Supabase: Database, authentication, and storage infrastructure (EU region).
- Vercel: Application hosting and deployment.
- Anthropic: AI processing that powers Livy's automation and drafting features (US; SCCs).
- Mailgun (Sinch): Inbound and outbound email processing for the email channel (EU region).
- Twilio: SMS and WhatsApp message delivery (US; SCCs).
- Stripe: Payment processing and subscription billing.
- Upstash: Rate-limiting and abuse prevention (stores IP addresses and account identifiers transiently).
- Google & Microsoft: Optional "Sign in with Google / Microsoft" authentication.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit (TLS) and at rest, access to production systems is restricted and audited, and we follow industry best practices. However, no method of transmission over the Internet or electronic storage is 100% secure.
8. Data Retention
We retain your account data while your account is active. After you close it, we delete or anonymise your data typically within 90 days — except where we must retain it longer to meet legal, accounting, or tax obligations (which may require several years).
9. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data.
- Right to Restrict Processing: Request limitation of data processing.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us using the details below. You also have the right to lodge a complaint with your local data protection authority (in Denmark, Datatilsynet, at datatilsynet.dk).
10. Cookies
We use strictly necessary cookies to maintain your authenticated session and to remember your preferences. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this will prevent you from signing in to the Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, or to exercise your rights, please contact us. The data controller for your personal data is: