← Back to Leva

Privacy Policy

Last updated: 15 April 2025 · Orbixa Technologies Limited

1. Introduction

Orbixa Technologies Limited (“Orbixa”, “we”, “us”, or “our”) operates Leva, an autonomous AI business team platform (“the Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use the Service. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

By accessing or using Leva, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately. We encourage you to review this policy periodically, as it may be updated to reflect changes in our practices or applicable law.

Orbixa Technologies Limited is registered in England and Wales. Our data protection contact is reachable at legal@getleva.ai. For the purposes of UK GDPR, Orbixa Technologies Limited is the data controller for personal data collected through the Service.

2. Information We Collect

We collect information you provide directly, information collected automatically, and information from third parties. The categories include:

  • Account information: name, email address, company name, billing address, and payment information when you register or subscribe.
  • Goal and configuration data: business goals, objectives, OKRs, and preferences you provide to configure your AI team.
  • Usage data: pages visited, features accessed, time spent, clicks, and interactions within the platform.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Communications: messages, support requests, and feedback you send to us.
  • Cookies and tracking data: as described in our Cookie Policy below.

We do not intentionally collect special category personal data (such as health, biometric, or political data). If you provide such data, you do so at your own discretion and we will treat it in accordance with this policy.

3. How We Use Your Information

We use the information we collect to provide, operate, improve, and personalise the Service. Specific purposes include:

  • Creating and managing your account and subscription.
  • Configuring and deploying AI agents in accordance with your stated goals.
  • Processing payments and managing billing.
  • Sending transactional communications, including receipts, security alerts, and product updates.
  • Providing customer support and responding to enquiries.
  • Analysing usage to improve product features and user experience.
  • Complying with legal obligations and enforcing our Terms of Service.
  • Detecting and preventing fraud, abuse, or security incidents.

Our lawful bases for processing under UK GDPR are: performance of a contract (providing the Service), legitimate interests (fraud prevention, security, product improvement), compliance with legal obligations, and, where required, your consent. Where we rely on legitimate interests, we have conducted a balancing test and concluded that our interests do not override your fundamental rights and freedoms.

4. Sharing Your Information

We do not sell your personal data. We share information only in the following circumstances:

  • Service providers: We engage third-party processors (e.g., cloud infrastructure, payment processors, analytics) who act under our instructions and are bound by data processing agreements.
  • AI model providers: Goal and configuration data may be processed by third-party large language model providers to operate the AI agent functionality. These providers act as sub-processors.
  • Legal requirements: We may disclose data to comply with a legal obligation, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to continued protection under this policy.
  • With your consent: We will share data for other purposes only with your explicit consent.

5. International Data Transfers

Some of our service providers are located outside the UK and European Economic Area. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs), or transfers to countries with an adequacy decision. You may request details of these safeguards by contacting us at legal@getleva.ai.

6. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Account data is retained for the duration of your subscription and for up to 24 months thereafter to allow account reactivation and meet legal obligations. Usage and analytical data may be retained in aggregated or anonymised form indefinitely. When data is no longer required, it is securely deleted or anonymised.

You may request deletion of your data at any time by contacting us at legal@getleva.ai. We will action deletion requests within 30 days, subject to any legal obligations that require us to retain certain data.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data in certain circumstances.
  • Right to restriction: Request that we restrict processing of your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: Not be subject to solely automated decisions that produce significant effects.

To exercise any of these rights, contact us at legal@getleva.ai. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. Essential cookies are necessary for the Service to function and cannot be disabled. Analytics cookies help us understand how users interact with the platform. Marketing cookies, if used, support our advertising activities. You can manage your cookie preferences through your browser settings or our cookie consent banner. Refusing non-essential cookies will not prevent you from using the core Service.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training. No system is entirely secure; we cannot guarantee absolute security but commit to responding promptly to any breach and notifying affected individuals and the ICO where required by law.

10. Children's Privacy

The Service is intended for use by individuals aged 18 and over operating in a business context. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with data, please contact us at legal@getleva.ai.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

12. Marketing Communications

We may send you marketing communications about Leva and related Orbixa products where you have given consent or where we have a legitimate interest in doing so under PECR. You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or contacting us at legal@getleva.ai. Opting out of marketing communications does not affect transactional communications relating to your account.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. The “Last updated” date at the top of this policy indicates when it was last revised. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Orbixa Technologies Limited
Email: legal@getleva.ai
Registered in England and Wales

We take all privacy enquiries seriously and will respond within a reasonable timeframe. If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner's Office.

Terms of Service →Back to Leva