Privacy & transparency

Privacy Policy

Last updated: 21.03.2026

1. Data Controller

Liro I/S is the data controller for personal data processed in connection with the use of our chatbot and related services.

Company name: Liro I/S

Address: Møllehatten 21

CVR: 45829634

Email: contact@liro.dk

We are not required to appoint a Data Protection Officer (DPO). For any privacy-related inquiries, please contact us at the email above.

2. Purpose of Processing

We process personal data for the following purposes:

  • To provide and operate the chatbot service
  • To maintain and improve functionality and performance
  • To enable customer support, including handoff to human agents
  • To ensure system security and prevent misuse

3. Types of Data Processed

We may process the following categories of personal data:

  • Chat messages entered by users
  • Contact information (such as name and email) when voluntarily provided
  • Order-related data if shared during support interactions
  • Technical identifiers such as session IDs

We do not actively collect personal data beyond what is necessary to deliver the service.

4. Legal Basis

Processing of personal data is based on:

  • Article 6(1)(b) – Contractual necessity (to provide the service)
  • Article 6(1)(f) – Legitimate interests (service improvement, security, support)
  • Article 6(1)(a) – Consent (when users voluntarily provide contact information)

5. Data Processors and Transfers

We use trusted subprocessors to deliver our services, including:

  • Supabase (EU) for database infrastructure
  • Amazon Web Services (AWS, EU-North-1) for hosting
  • OpenAI (USA) for AI processing

Where personal data is transferred outside the EU/EEA (e.g. OpenAI), such transfers are safeguarded using appropriate legal mechanisms, including Standard Contractual Clauses (SCCs).

We have entered into Data Processing Agreements (DPAs) with all relevant subprocessors.

A list of subprocessors is available upon request.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes described above.

Conversation data may be stored to enable service functionality, including analytics and customer support. Businesses using Liro can configure retention periods (e.g. 30 days, 60 days, 90 days, 6 months, 1 year, or longer).

Data is deleted or anonymized in accordance with the selected retention settings.

Accounting data is stored in accordance with applicable Danish law.

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Receive your data in a structured, machine-readable format (data portability)

You may also withdraw consent at any time where processing is based on consent.

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk

Requests can be sent to: contact@liro.dk

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest
  • Role-based access control (Row Level Security)
  • Logging and monitoring of system activity
  • Internal access policies based on least privilege

9. AI Usage

We use AI systems to generate responses within the chatbot.

We do not use customer data or conversation logs to train external AI models.

AI responses are generated automatically and should be considered assistive. Final responsibility for decisions and communication remains with the business using the service.

10. Changes

We may update this Privacy Policy from time to time. The latest version will always be available on our website.