Privacy Policy
Overview
Liwoz Inc. ("we", "us", "our", or "Liwoz") operates the liwoz.com website and the Liwoz service. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our service and the choices you have associated with that data.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Name, email address, password, company name, workspace name
- Payment Information: Billing address, payment method (processed by Stripe)
- Profile Data: Avatar, bio, timezone, locale preference, skills
- Communication: Messages, comments, task descriptions, and workspace data you create
- Support: Inquiries, feedback, support tickets
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, IP address, browser type, device type
- Analytics: Google Analytics 4 (GA4), Google Tag Manager (GTM)
- Cookies: Session cookies, analytics cookies, functional cookies (see Cookie Policy)
- Error Tracking: Sentry for error reporting (no PII unless you provide it in errors)
1.3 Information from Third Parties
- OAuth providers (GitHub, GitLab) if you authenticate via these services
- Payment processor (Stripe) for billing information
2. How We Use Your Information
| Purpose | Legal Basis (GDPR) | Retention |
|---|---|---|
| Provide and maintain the service | Contract performance | Duration of service |
| Billing and payment processing | Contract performance | As required by law (7 years for invoices) |
| Send service updates and security alerts | Legitimate interest | Until unsubscribed |
| Improve service through analytics | Legitimate interest | Aggregated, 13 months |
| Customer support and troubleshooting | Contract performance | Until issue resolved + 1 year |
| Detect abuse, fraud, security issues | Legitimate interest + Legal obligation | As needed for security |
3. Data Storage and Security
Your data is stored on Amazon Web Services (AWS) in the eu-west-3 region (Paris, France). We use industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit).
- Infrastructure: AWS RDS (MySQL 8.0) for database, AWS S3 for file storage
- Encryption: Sensitive fields (API keys, passwords) encrypted at rest
- Access Control: 2FA-protected admin access, role-based access control
- Audit Trail: All data modifications logged via soft deletes (never permanently deleted)
- Backup: Daily automated backups, 30-day retention
4. Data Retention
When You Delete Your Account
- Soft Delete: Your account is marked as deleted but not permanently removed for 90 days
- After 90 Days: Account can be permanently deleted upon request
- Your Data: You can export all your data before deletion
- Payment Records: Retained for 7 years as required by law
Default Retention Periods
- Active account: Duration of service + 30 days after deletion
- Error logs: 90 days
- Analytics: 13 months
- Backup data: 30 days
5. Your Rights (GDPR + CCPA)
Under GDPR (if you're in the EU)
- Right of Access: Get a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete your data (with exceptions)
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data in a machine-readable format
- Right to Object: Object to processing for marketing or legitimate interest purposes
Under CCPA (if you're in California)
- Right to Know: Know what personal information is collected
- Right to Delete: Request deletion of collected data
- Right to Opt-Out: Opt out of "sale" of personal information (we do not sell data)
- Right to Non-Discrimination: No discrimination for exercising your rights
How to Exercise Your Rights
Email: privacy@liwoz.com with proof of identity. We respond within 30 days.
6. Cookies & Tracking
We use cookies for:
- Essential: Session management (laravel_session)
- Analytics: Google Analytics 4, Google Tag Manager
- Functional: Remember preferences (dark mode, locale)
You can opt out of analytics cookies: Google Analytics Opt-Out
7. Third-Party Services
We use the following third-party services (your data may be shared):
- Stripe: Payment processing (PCI-DSS compliant)
- Google Analytics: Usage analytics
- Google Tag Manager: Event tracking
- Sentry: Error tracking (no PII in errors)
- AWS: Infrastructure and data storage
8. Data Transfers (EU to US)
Your data is stored in the EU (AWS eu-west-3). However, some third-party services (Google, Stripe, Sentry) may process data in the US. We have Standard Contractual Clauses in place for these transfers.
9. Contact
Data Protection Officer (DPO)
Email: dpo@liwoz.com
Address: Liwoz Inc., Delaware, United States
For General Privacy Questions
Email: privacy@liwoz.com
10. Changes to This Policy
We may update this policy. We will notify you of significant changes via email. Continued use of Liwoz after updates constitutes acceptance of the new policy.