La idea
Cloud EU
Proyectos y tareas
Chat de equipo
Videollamadas
Archivos y documentos
Asistente IA
Todas las funciones
Servicios y soluciones IT
Software & SaaS
Marketing, PR & Agencias creativas
Ciencias de la vida & MedTech
Energías renovables & CleanTech
Startups & Scaleups
EnterprisePolítica de privacidad
Effective: March 2026
1. Controller
Liza GmbH, Aachener-und-Münchener-Allee 1, 52074 Aachen, Germany
Email: privacy@liza.app
2. Data We Collect
2.1 Account Data
Company name, name, email address, and billing address provided during registration and ordering.
2.2 Usage Data
IP address, browser type, access timestamps, and interactions with the platform. These are collected for service operation and security.
2.3 Website Analytics
For website usage analysis, we use Plausible Analytics (Plausible Insights OÜ, Estonia). Plausible does not use cookies, does not store any personal data, and does not create individual user profiles. All analysis is based exclusively on anonymous, aggregated data. No consent is therefore required. The legal basis is our legitimate interest in improving our website (Art. 6(1)(f) GDPR). More information at plausible.io/data-policy.
2.4 Customer Content
Messages, projects, files, and other content you create or upload on the platform are processed solely on your behalf (see Data Processing Agreement). All content created or uploaded by the Customer remains the exclusive property of the Customer. The Provider claims no rights whatsoever to such content. For information on the use of AI interactions for training AI models, see Section 2.5.
2.5 AI-Powered Processing
When the Customer uses AI features of the platform, the content provided by the Customer is transmitted as context to third-party AI model providers. Processing is carried out solely to deliver the requested AI function. The AI providers used are listed in the sub-processor list. The Customer may disable AI features entirely at any time in the platform settings; in this case, no data is transmitted to AI providers. The legal basis for providing AI features is contract performance (Art. 6(1)(b) GDPR).
AI Training: On paid plans (Pro, Max), Customer data is not used to train AI models. On the free plan (Free), content submitted to AI features (inputs and context) may be used to improve our AI models and services; other platform content (e.g., projects, messages, files) is not affected. The legal basis is our legitimate interest in improving our services (Art. 6(1)(f) GDPR). The Customer may object to the use of their data for AI training at any time in the platform settings (Art. 21 GDPR). Upgrading to a paid plan also excludes AI training.
2.6 Newsletter
We send a regular newsletter with product updates, new features, and tips for using the platform. We use Brevo (Brevo GmbH, Berlin) to send our newsletters. Brevo processes your data on our behalf on servers within the EU. A data processing agreement pursuant to Art. 28 GDPR has been concluded. Brevo is listed in our sub-processor list.
a) Newsletter sign-up via the website: When you subscribe to our newsletter through our sign-up form, we process your email address and any voluntarily provided data (first name, last name, company name). The legal basis is your consent (Art. 6(1)(a) GDPR), which you provide through a double opt-in process.
b) Newsletter for registered customers: As a registered customer of our platform, you receive our newsletter on product-related topics. The legal basis is our legitimate interest in keeping our customers informed about product developments and relevant usage tips (Art. 6(1)(f) GDPR) in conjunction with Section 7(3) of the German Unfair Competition Act (UWG) (existing customer exception). Your email address was collected in the context of the contractual relationship and is used exclusively for information about our own similar services.
Unsubscribe: You may stop receiving the newsletter at any time by using the unsubscribe link in any newsletter email or by contacting us at privacy@liza.app. For website sign-ups, this constitutes a withdrawal of consent with future effect; for customer accounts, your unsubscription is treated as an objection pursuant to Art. 21 GDPR. Upon unsubscription, your email address will be removed from the mailing list; records of consent or objections are retained for documentation purposes.
2.7 Payment Data
Billing data is processed through our payment service provider. We do not store complete credit card or bank details.
3. Legal Bases (Art. 6 GDPR)
We process your data on the following bases: contract performance (Art. 6(1)(b) GDPR) for account and usage data necessary to provide the Service; legitimate interest (Art. 6(1)(f) GDPR) for security, fraud prevention, and service improvement; legal obligation (Art. 6(1)(c) GDPR) for tax and commercial retention requirements; and consent (Art. 6(1)(a) GDPR) for optional analytics and marketing communications.
4. Data Recipients
We share personal data with third parties only as necessary to provide the Service. A current list of our sub-processors is available at Subprocessor List. All sub-processors are contractually bound to comply with the GDPR.
5. International Transfers
Data is processed and stored exclusively in the region selected by the Customer when creating their organization on the platform (EU, USA, or Singapore). A change of region occurs only at the Customer's explicit request. When the Customer sends messages or files to external participants located in a different region, this data is also processed and stored in the recipient's region. Where the selected region is outside the EU/EEA, we ensure appropriate safeguards under Art. 46 GDPR (e.g., Standard Contractual Clauses or an adequacy decision of the European Commission).
6. Retention Periods
We retain data only as long as necessary for the respective purpose: account data for the duration of the contractual relationship, usage data for up to 90 days, and billing data as required by law (up to 10 years). Customer content is deleted within 30 days after contract termination, unless legal retention obligations apply.
7. Automated Decision-Making
We do not use solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.
8. Your Rights
You have the following rights: access to your stored data (Art. 15 GDPR), rectification of inaccurate data (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection to processing (Art. 21 GDPR). You may withdraw any consent at any time with future effect.
To exercise your rights, contact: privacy@liza.app
9. Data Breach Notification
In the event of a data breach likely to pose a risk to your rights, we will notify the competent supervisory authority within 72 hours and inform you without undue delay where a high risk exists.
10. Supervisory Authority
You have the right to lodge a complaint with a data protection authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.
11. Changes
We update this Policy as needed and will notify you of material changes by email or through the platform.