Last updated: 15 April 2025 · Orbixa Technologies Limited
Orbixa Technologies Limited (“Orbixa”, “we”, “us”, or “our”) operates Leva, an autonomous AI business team platform (“the Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use the Service. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
By accessing or using Leva, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately. We encourage you to review this policy periodically, as it may be updated to reflect changes in our practices or applicable law.
Orbixa Technologies Limited is registered in England and Wales. You can reach our data protection contact via our . For the purposes of UK GDPR, Orbixa Technologies Limited is the data controller for personal data collected through the Service.
Our role under UK GDPR depends on the data in question. Orbixa is the data controller for the account, billing, usage, and website data we collect directly from account holders and visitors, as described in this policy. Where a customer (a “tenant”) loads contacts, leads, or other third-party personal data into the Service, that tenant is the data controller for that data and decides how it is used; Orbixa acts as a data processor, processing it only on the tenant’s documented instructions and under a data processing agreement. This mirrors the responsibilities set out in section 10 of our Terms of Service. Individuals whose data is held in this way should see our Data Deletion page.
We collect information you provide directly, information collected automatically, and information from third parties. The categories include:
We do not intentionally collect special category personal data (such as health, biometric, or political data). If you provide such data, you do so at your own discretion and we will treat it in accordance with this policy.
We use the information we collect to provide, operate, improve, and personalise the Service. Specific purposes include:
Our lawful bases for processing under UK GDPR are: performance of a contract (providing the Service), legitimate interests (fraud prevention, security, product improvement), compliance with legal obligations, and, where required, your consent. Where we rely on legitimate interests, we have conducted a balancing test and concluded that our interests do not override your fundamental rights and freedoms.
We do not sell your personal data. We share information only in the following circumstances:
The third-party sub-processors we currently rely on to operate the Service are:
In addition, where a tenant chooses to connect a third-party advertising or marketing platform, that platform receives and processes the tenant’s connected-account data to provide the functionality the tenant has requested. These platforms are:
Each sub-processor acts under a data processing agreement and only processes data as necessary to provide its service.
Google API Services User Data Policy. Where a tenant connects a Google account, Leva requests the Google Ads API scope (https://www.googleapis.com/auth/adwords) to manage that tenant’s Google Ads campaigns on their behalf. Leva’s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use data obtained through Google APIs only to provide and improve the connected features you or your tenant have authorised, and we do not transfer or use it for advertising unrelated to the tenant’s own campaigns, sell it, or use it for purposes unrelated to those features.
Some of our service providers are located outside the UK and European Economic Area. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs), or transfers to countries with an adequacy decision. You may request details of these safeguards via our .
We retain personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Account data is retained for the duration of your subscription and for up to 24 months thereafter to allow account reactivation and meet legal obligations. Usage and analytical data may be retained in aggregated or anonymised form indefinitely. When data is no longer required, it is securely deleted or anonymised.
You may request deletion of your data at any time via our . We will action deletion requests within 30 days, subject to any legal obligations that require us to retain certain data.
Account holders can request deletion from within the app at app.getleva.ai or via our . If your personal data is held in Leva because a tenant loaded it into the Service (for example, you are a contact in a customer’s list), use our and we will action your request with the relevant controller. For full step-by-step instructions, including what is deleted versus anonymised, see our Data Deletion page. We action verified requests within 30 days.
Under UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, use our . We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. Essential cookies are necessary for the Service to function and cannot be disabled. Analytics cookies help us understand how users interact with the platform. Marketing cookies, if used, support our advertising activities. You can manage your cookie preferences through your browser settings or our cookie consent banner. Refusing non-essential cookies will not prevent you from using the core Service.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training. No system is entirely secure; we cannot guarantee absolute security but commit to responding promptly to any breach and notifying affected individuals and the ICO where required by law.
The Service is intended for use by individuals aged 18 and over operating in a business context. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with data, please contact us via our .
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party services you access through links on our platform.
We may send you marketing communications about Leva and related Orbixa products where you have given consent or where we have a legitimate interest in doing so under PECR. You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or contacting us via our . Opting out of marketing communications does not affect transactional communications relating to your account.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. The “Last updated” date at the top of this policy indicates when it was last revised. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Orbixa Technologies Limited
Registered in England and Wales
Use our to reach our data protection team.
We take all privacy enquiries seriously and will respond within a reasonable timeframe. If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner's Office.