Privacy Policy
Last updated: April 2026
1. What Data We Collect
When you use LIA, we may collect the following categories of personal data: • Identity data: name, email address, phone number. • Account data: login credentials, role and permissions within the platform. • Business data: information you enter about your business, locations, staff, products, recipes, stock, sales and financials. • Usage data: pages visited, features used, session duration, IP address, browser type and device information. • Communication data: messages or enquiries you send to our support team. • Booking data: meeting booking information collected when you schedule a call via our booking system.
2. How We Use Your Data
We use the data we collect to: • Provide, operate and maintain the LIA platform and its features. • Manage your account and subscription. • Process payments and billing. • Send transactional emails such as invitations, confirmations and account notifications. • Respond to support requests and enquiries. • Analyse platform usage to improve performance and user experience. • Comply with legal obligations. We do not sell your personal data to third parties.
3. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR (Regulation EU 2016/679): • Contract performance: processing necessary to deliver the service you have subscribed to. • Legitimate interests: improving the platform, preventing fraud and ensuring security. • Legal obligation: compliance with applicable laws and regulations. • Consent: where we explicitly request your consent, such as for optional communications. You have the right to withdraw consent at any time where consent is the legal basis for processing.
4. Third-Party Providers
LIA uses the following third-party services which may process your personal data: • Supabase (supabase.com) — database hosting and authentication infrastructure. Data is stored in Supabase-managed PostgreSQL databases. Supabase complies with GDPR. • Google Auth (accounts.google.com) — optional OAuth sign-in. If you choose to sign in with Google, Google processes your authentication data in accordance with Google's Privacy Policy. • Cal.com (cal.com) — meeting scheduling. When you book a meeting with our team, Cal.com collects your name, email and booking details. • Resend (resend.com) — transactional email delivery. Email notifications such as invitations and confirmations are sent via Resend. Each provider operates under their own privacy policy and data processing agreements. We encourage you to review them.
5. Data Storage and Retention
Your data is stored in cloud infrastructure provided by Supabase. Servers may be located within the European Union. We retain your data for as long as your account is active or as necessary to provide the service. Upon account termination, you may request a data export within 30 days. After this period, your data may be permanently deleted from our systems. Backups may retain data for a limited additional period in line with our technical recovery procedures.
6. Your Rights
Under applicable data protection law, you have the following rights: • Right of access: request a copy of the personal data we hold about you. • Right to rectification: request correction of inaccurate or incomplete data. • Right to erasure: request deletion of your personal data, subject to legal constraints. • Right to restriction: request that we limit how we process your data. • Right to data portability: receive your data in a structured, machine-readable format. • Right to object: object to processing based on legitimate interests. • Right to withdraw consent: where consent is the legal basis. To exercise any of these rights, contact us at privacy@liassistant.com.
7. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include encrypted data transmission (HTTPS/TLS), access controls, and row-level security in our database layer. While we take security seriously, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and to report any suspected security issues promptly.
8. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection contact at: Email: privacy@liassistant.com Website: liassistant.com [PLACEHOLDER: Add company legal name, registered address, supervisory authority details, and DPO information if applicable before publishing.]