L
Livius

Privacy Policy

Last updated: 6 June 2026

Livius is committed to protecting your personal data and your right to privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have in relation to it — in compliance with the General Data Protection Regulation (GDPR) and the Portuguese Data Protection Law (Lei n.º 58/2019).

1Data Controller

Entity: Livius (operated by Kriol Animation Studio)

Portugal, European Union

[email protected]

As the data controller, we determine the purposes and means of processing your personal data. You may contact us at any time using the details above.

2Data We Collect

Data you provide directly

  • Account information: Full name, email address, password (hashed and salted), profession, and country.
  • Document content: Text, files, and images you upload for document generation. This data is processed to produce your documents and is associated with your account.
  • Profile settings: Writing persona preferences and document configuration choices.
  • Feedback: Any feedback, bug reports, or pricing preferences you submit.

Data collected automatically

  • Usage data: Which features you use, token consumption, and timestamps. This is used to improve Livius and is not shared externally.
  • Device information: Device type (desktop/mobile/tablet) and browser User-Agent string (truncated). We do not collect precise device identifiers.
  • Approximate location: Country-level location derived from browser language settings or server headers. We do not use IP-based geolocation services.

What we do NOT collect

  • We do not track you across other websites
  • We do not collect financial or payment card data (payments are handled by third-party processors)
  • We do not use advertising trackers or share data with ad networks
  • We do not sell, rent, or trade your personal data — ever

3Legal Basis for Processing

Under Article 6 of the GDPR, we process your data based on the following legal grounds:

PurposeLegal Basis
Account creation and authenticationPerformance of a contract (Art. 6(1)(b))
Document generation and storagePerformance of a contract (Art. 6(1)(b))
Usage analytics (anonymised)Consent (Art. 6(1)(a))
Functional preferences (theme, language)Consent (Art. 6(1)(a))
Service security and fraud preventionLegitimate interest (Art. 6(1)(f))
Email verification and notificationsConsent / Performance of contract

4Cookies & Local Storage

Livius uses a minimal number of cookies and local storage entries. We categorise them as follows:

🔒 Strictly Necessary

Session authentication token, CSRF protection, cookie consent preference. These are required for the platform to function and cannot be disabled.

Retention: Session / until logout

⚙️ Functional

Theme preference (light/dark), display settings. Used to remember your visual preferences across sessions.

Retention: Persistent (local storage)

📊 Analytics

Feature usage tracking (which tools you use, how often). All analytics are first-party, anonymised, and processed internally. We do not use Google Analytics or any third-party tracking scripts.

Retention: Aggregated data retained for service improvement

Marketing cookies: Livius does not use marketing, advertising, or cross-site tracking cookies. None are deployed.

5Data Sharing & Third Parties

We share your data only with the minimum necessary service providers, and only for the purposes described below:

  • Cloud infrastructure: Your documents and account data are stored on secure cloud servers (AWS) within encrypted environments.
  • Language model providers: Document content is sent to LLM APIs for generation. This data is processed transiently and is not stored by the model provider beyond the request.
  • Email delivery: Your email address is shared with our email service provider solely for verification and transactional messages.

We require all third-party processors to comply with GDPR standards. We do not sell, rent, or trade your data to any party.

6Data Retention

  • Account data: Retained for the duration of your account. Deleted upon account deletion request.
  • Documents and projects: Stored for as long as your account is active. You may delete individual documents or projects at any time.
  • Usage analytics: Aggregated, anonymised analytics data is retained for up to 24 months for service improvement.
  • Unverified accounts: Accounts that are not verified within 30 days may be automatically deleted.

7Your Rights Under GDPR

As a data subject in the European Union, you have the following rights under Articles 15–22 of the GDPR:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data ("right to be forgotten").

Right to Restriction

Limit how we process your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time without affecting prior lawfulness.

Right to Complain

Lodge a complaint with the CNPD (Portuguese DPA) or your local authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by law.

8Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Passwords are hashed using bcrypt with a cost factor of 12
  • All communications are encrypted via TLS/HTTPS
  • Data is stored in encrypted-at-rest cloud databases
  • API keys and secrets are never exposed to client-side code
  • Access to production systems is restricted and logged

9International Data Transfers

Some of our service providers (cloud infrastructure, LLM processing) may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.

10Children's Privacy

Livius is designed for professional use and is not directed at individuals under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The "Last updated" date at the top reflects the most recent revision.

12Contact & Supervisory Authority

Data Controller

Livius / Kriol Animation Studio

Portugal, EU

[email protected]

Supervisory Authority

Comissão Nacional de Proteção de Dados (CNPD)

Lisbon, Portugal

www.cnpd.pt

© 2026 Livius. Developed for Global Professional Standards. All rights reserved.