Privacy Policy
1. Who We Are
This Privacy Policy explains how LIA S.R.L. ("LIA", "we", "us", or "our") collects, uses, and protects your personal data when you use the LIA platform and websites, including withlia.ai and creators.withlia.ai (together, the "Platform"). LIA is the data controller for the personal data described in this Policy.
We are committed to protecting your personal data and respecting your rights under the EU General Data Protection Regulation (GDPR) and applicable Italian data protection law. Our full company and contact details are in the Legal Notice and in Section 13 below.
2. Scope of this Policy
This Policy applies to all visitors, brands, and creators who use the Platform. It covers personal data we process as a controller. Where we process personal data on behalf of a brand customer (for example, data a brand uploads about its own contacts), that brand is the controller and its own privacy policy applies; we act as a processor under our agreement with that brand.
3. What We Mean by "Personal Data"
"Personal data" means any information relating to an identified or identifiable natural person. It does not include anonymised or aggregated data that can no longer be used to identify you.
4. Personal Data We Collect and Why
We collect the following categories of personal data, depending on how you use the Platform:
- Account & identity data — name, email address, password (stored hashed), and your brand or organisation affiliation. Used to create and secure your account.
- Authentication data — when you sign in with Google, Microsoft, or Meta (Facebook/Instagram), we receive basic profile information, your email, and access tokens. Used to authenticate you and connect the relevant services.
- Creator & social data — social media handles, connected Instagram Business account insights and audience metrics, YouTube channel/video data, and profile pictures. Used for creator onboarding, campaign matching, marketplace discovery, and performance measurement.
- Content data — images, videos, captions, and scripts you submit, and content generated for your campaigns. Used to run content submission, review, and approval workflows.
- Communications data — messages exchanged between brands and creators on the Platform, and related email correspondence. Used to operate messaging and support.
- Payment & payout data — payout preferences and account identifiers needed to pay creators. Payments are processed by our payment providers (Stripe, PayPal); we do not store full card details.
- Safety & AI-derived data — brand-safety scores, content analysis, and transcripts of submitted audio/video, produced by automated analysis. Used for brand-safety verification and content validation.
- Technical & usage data — IP address, device and browser information, session identifiers, and logs of how you interact with the Platform. Used for security, fraud prevention, and to operate and improve the service.
5. How We Use Your Data
- To provide, operate, and secure the Platform and your account.
- To match creators with brand campaigns and run campaign, content, and payment workflows.
- To perform brand-safety verification, content validation, and fraud prevention.
- To enable communication between brands and creators.
- To measure campaign and content performance and provide analytics.
- To provide AI-assisted features (e.g. content analysis, caption/script and media generation).
- To respond to your requests and provide support.
- To comply with our legal, accounting, and tax obligations.
6. Legal Bases for Processing
Under the GDPR, we rely on the following legal bases:
- Performance of a contract — to provide the Platform and the services you or your brand have requested.
- Legitimate interests — to secure the Platform, prevent fraud, verify brand safety, and improve our services, balanced against your rights.
- Consent — when you connect a social or third-party account, or opt in to marketing communications. You may withdraw consent at any time.
- Legal obligation — to meet accounting, tax, and other legal requirements.
7. Who We Share Your Data With
We do not sell your personal data. We share it only as needed to run the Platform: with brands and creators you collaborate with on the Platform, and with the service providers (sub-processors) listed below, who process data on our instructions under appropriate contractual safeguards.
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting, storage, email delivery, queues, AI inference, transcription | All categories | EU (Frankfurt, Ireland) |
| Stripe | Creator payments & payouts | Payout & identity data | EU / US (SCCs) |
| PayPal | Creator payouts | Payout & identity data | EU / US (SCCs) |
| Meta Platforms (Facebook / Instagram) | Login, Instagram Business insights, content publishing | Authentication & social data | EU / US (SCCs) |
| Login, AI media generation (Vertex AI / Gemini), YouTube data | Authentication, social & content data | EU / US (SCCs) | |
| Microsoft | Login | Authentication data | EU / US (SCCs) |
| Brave Search | Brand-safety web search | Creator handle / public web data | US (SCCs) |
We may also disclose data where required by law, to enforce our agreements, or in connection with a corporate transaction (e.g. merger or acquisition).
8. International Data Transfers
Our core infrastructure is hosted in the European Union. Some of our sub-processors are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.
9. How Long We Keep Your Data
We keep personal data for as long as your account is active and for a reasonable period afterwards to operate the Platform, resolve disputes, and meet our legal obligations. Financial and transaction records are retained for the period required by Italian accounting and tax law. When data is no longer needed, we delete or anonymise it. See our Data Deletion Policy to request deletion.
10. Your Rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- request restriction of, or object to, processing;
- receive your data in a portable format;
- withdraw consent at any time, where processing is based on consent; and
- lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.
To exercise any of these rights, contact us using the details in Section 13.
11. Cookies
The Platform uses essential cookies and similar technologies that are strictly necessary to keep you signed in and to keep the service secure. You can control cookies through your browser settings; disabling essential cookies may prevent you from logging in or using parts of the Platform.
12. Security & Children
We protect your data with technical and organisational measures, including encryption of data in transit (TLS), access controls, and secure cloud infrastructure. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant authority of any breach as required by law.
The Platform is not directed to children. Creators must be at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal data from children.
13. Changes & Contact
We may update this Policy from time to time. We will post the updated version here and revise the "Last updated" date above. For any privacy question or to exercise your rights, contact: