The Idea
EU Cloud
Projects & Tasks
Team Chat
Video Meetings
Files & Docs
AI Assistant
All Features
IT Services & Solutions
Software & SaaS
Marketing, PR & Creative Agencies
Life Sciences & MedTech
Renewable Energy & CleanTech
Startups & Scaleups
EnterprisePrivacy Policy
Effective: March 5, 2026
1. Controller
Liza GmbH, Aachener-und-Münchener-Allee 1, 52074 Aachen, Germany
Email: privacy@liza.app
2. Data We Collect
2.1 Account Data
Company name, name, email address, and billing address provided during registration and ordering.
2.2 Usage Data
IP address, browser type, access timestamps, and interactions with the platform. These are collected for service operation and security.
2.5 Website Analytics
For website usage analysis, we use Plausible Analytics (Plausible Insights OÜ, Estonia). Plausible does not use cookies, does not store any personal data, and does not create individual user profiles. All analysis is based exclusively on anonymous, aggregated data. No consent is therefore required. The legal basis is our legitimate interest in improving our website (Art. 6(1)(f) GDPR). More information at plausible.io/data-policy.
2.3 Customer Content
Messages, projects, files, and other content you create or upload on the platform are processed solely on your behalf (see Data Processing Agreement). All content created or uploaded by the Customer remains the exclusive property of the Customer. The Provider claims no rights whatsoever to such content. Customer content is not used for training AI models unless the Customer explicitly consents.
2.4 AI-Powered Processing
When the Customer uses AI features of the platform, the content provided by the Customer is transmitted as context to third-party AI model providers. Processing is carried out solely to deliver the requested AI function. AI providers are contractually prohibited from using Customer data to train their models. The AI providers used are listed in the sub-processor list. The Customer may disable AI features entirely at any time in the platform settings; in this case, no data is transmitted to AI providers. The legal basis is contract performance (Art. 6(1)(b) GDPR).
2.5 Payment Data
Billing data is processed through our payment service provider. We do not store complete credit card or bank details.
3. Legal Bases (Art. 6 GDPR)
We process your data on the following bases: contract performance (Art. 6(1)(b) GDPR) for account and usage data necessary to provide the Service; legitimate interest (Art. 6(1)(f) GDPR) for security, fraud prevention, and service improvement; legal obligation (Art. 6(1)(c) GDPR) for tax and commercial retention requirements; and consent (Art. 6(1)(a) GDPR) for optional analytics and marketing communications.
4. Data Recipients
We share personal data with third parties only as necessary to provide the Service. A current list of our sub-processors is available at Subprocessor List. All sub-processors are contractually bound to comply with the GDPR.
5. International Transfers
Data is processed and stored exclusively in the region selected by the Customer when creating their organization on the platform (EU, USA, or Singapore). A change of region occurs only at the Customer's explicit request. When the Customer sends messages or files to external participants located in a different region, this data is also processed and stored in the recipient's region. Where the selected region is outside the EU/EEA, we ensure appropriate safeguards under Art. 46 GDPR (e.g., Standard Contractual Clauses or an adequacy decision of the European Commission).
6. Retention Periods
We retain data only as long as necessary for the respective purpose: account data for the duration of the contractual relationship, usage data for up to 90 days, and billing data as required by law (up to 10 years). Customer content is deleted within 30 days after contract termination, unless legal retention obligations apply.
7. Automated Decision-Making
We do not use solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.
8. Your Rights
You have the following rights: access to your stored data (Art. 15 GDPR), rectification of inaccurate data (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection to processing (Art. 21 GDPR). You may withdraw any consent at any time with future effect.
To exercise your rights, contact: privacy@liza.app
9. Data Breach Notification
In the event of a data breach likely to pose a risk to your rights, we will notify the competent supervisory authority within 72 hours and inform you without undue delay where a high risk exists.
10. Supervisory Authority
You have the right to lodge a complaint with a data protection authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.
11. Changes
We update this Policy as needed and will notify you of material changes by email or through the platform.