Back to homepage

Privacy Policy

This privacy policy explains how we process personal data in connection with the Livioris website and service (registration, login, use of the application).

Controller (Art. 13(1)(a) GDPR)

BYOM – Karin Gutenbrunner Byom, Skjoldenveien 9, 1832 Askim, Norway. Org. no.: 923 657 746. Email: karin@byom.com. Phone: +47 473 82 740.

1. Data protection at a glance

General information

The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.

2. Data collection on this website

What data is collected?

On registration: email address, password (stored hashed), optional name. On use: login data, content you enter (clients, appointments, protocols, etc.), technical log data (IP address, timestamp, actions without client content).

3. Purpose and legal basis

Purpose: provision of the service, contract performance, technical stability and security. No sharing for marketing purposes. Legal bases: contract (Art. 6(1)(b) GDPR) for registration and use; legitimate interests (Art. 6(1)(f) GDPR) for technical logs and security measures; consent (Art. 6(1)(a) GDPR) where explicitly obtained. Livioris processes all personal data in accordance with the GDPR and Austrian data protection law (DSG 2018).

4. Confidentiality

As a platform for life and social counselors, Livioris is subject to particularly strict data protection requirements. All client data is stored encrypted and is subject to statutory confidentiality obligations under the Austrian Trade Regulation Act (GewO § 119 para. 4). Livioris processes personal data on behalf of users as a processor pursuant to Art. 28 GDPR. During registration, a data processing agreement (DPA) pursuant to Art. 28 GDPR will be presented for your active confirmation. The current DPA can be accessed at any time at /avv.

5. Retention periods

Account data: as long as your account exists and thereafter only where legal retention obligations apply. Technical logs (IP, timestamps): automatically deleted after 90 days. Invoicing and billing data: 7 years (BAO § 132). Counseling content entered by you: until deletion by you or deletion of your account — no permanent storage beyond your use. Note for life and social counselors: the Austrian Federal Ministry documentation guidelines recommend a minimum retention period of 10 years for counseling documentation. This obligation rests with the counselor, not with Livioris as the software operator.

6. Your rights

You have the following rights under Art. 15–22 GDPR at any time: access to your stored personal data, its origin, recipients and purpose of processing; rectification of inaccurate data; erasure (right to be forgotten); restriction of processing; data portability; objection to processing. Requests by email to: karin@byom.com.

7. Cookies and tracking

Livioris uses technically necessary session cookies required for the operation of the application (authentication, language selection). Additionally, Sentry (Functional Software Inc., USA) is used for error monitoring and service stability. Sentry processes technical error data such as stack traces and anonymized usage data. No advertising trackers or marketing cookies are used. Legal basis for Sentry: legitimate interest (Art. 6(1)(f) GDPR) in technical stability and error diagnosis. Third-country transfer: Sentry Inc. based in the USA — data transfer on the basis of standard contractual clauses (SCC per Art. 46 GDPR).

8. Notifications

Livioris offers an in-app notification feature. Purpose: information about appointments, client assignments, milestones (e.g. practice hours). Recipients: only you as the logged-in counselor. Retention: until manual deletion by you or account deletion. Optional: email notifications (only with explicit consent via Settings). Legal basis: Art. 6(1)(b) GDPR (contract performance) for in-app notifications; Art. 6(1)(a) GDPR (consent) for email notifications. Metadata: notifications contain no personal client data, only IDs (e.g. appointment ID, client code).

9. Service providers and processors

Livioris uses the following service providers: Hetzner Online GmbH (Germany) – server and database hosting, DPA in place, server location: Germany (EU). Vercel Inc. (USA) – web frontend hosting, data location: EU (Frankfurt), DPA in place, standard contractual clauses per Art. 46 GDPR. Google Cloud Platform (Google Ireland Ltd.) – cloud infrastructure, DPA in place, data location: EU. Supabase Inc. (USA) – database and authentication, data location: EU (Frankfurt), DPA in place, standard contractual clauses per Art. 46 GDPR. Sentry (Functional Software Inc., USA) – error monitoring and stability tracking, DPA in place, standard contractual clauses per Art. 46 GDPR, no client content affected. Stripe Inc. (USA) – payment processing and subscription management, DPA in place, standard contractual clauses per Art. 46 GDPR, PCI-DSS certified. GitHub Inc. (Microsoft) – version control of source code (no client data in code repository). All service providers are contractually obliged to process your data exclusively according to our instructions and in compliance with GDPR. No sharing for marketing purposes.

10. Use of AI (Artificial Intelligence)

Livioris uses AI-powered features to improve user experience and support development and quality assurance. AI use includes: code generation and review (GitHub Copilot, OpenAI/Anthropic APIs) – exclusively for development, no client data affected. Documentation and text suggestions (optional, only on user request) – processing is pseudonymized, no retention by AI providers (zero-data-retention models where possible). Purpose: efficiency, error reduction, quality assurance. No automated decisions about client data or counseling content. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) for internal development; consent (Art. 6(1)(a) GDPR) for optional text suggestions. Note: from summer 2026 stricter transparency requirements apply for AI use (AI Act). We will keep you informed of changes.

11. Google Calendar & Google Drive integration

Livioris offers an optional integration with Google Calendar and Google Drive to simplify your daily practice management. Google Calendar: Livioris can read your existing Google Calendar events and create or update new appointments (e.g. client sessions) directly in your Google Calendar. Purpose: centralized appointment management without duplicate entries. Data processed: title, date, time, and description of calendar events. Google Drive: Livioris can store documents (e.g. session notes, reports) in your Google Drive and list or update files that were created by Livioris. We use the restricted scope "drive.file", meaning Livioris only has access to files it has created itself — not to your other Drive content. Purpose: secure document storage in your own Google account. Data processed: file name, content, and folder structure of documents created by Livioris. Legal basis: consent (Art. 6(1)(a) GDPR). The connection to Google is established via OAuth 2.0. You grant consent explicitly through the Google consent screen, which lists all requested permissions. Revocation: you can revoke Livioris's access to your Google account at any time at https://myaccount.google.com/permissions. After revocation, Livioris can no longer access your calendar or Drive. Files already created in your Drive will remain. No AI training: your Google Calendar and Google Drive data is not used for AI or machine learning training. Third-country transfer: data processing is carried out by Google Ireland Ltd. (EU). Standard contractual clauses per Art. 46 GDPR are in place.

Complaint to supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. Competent authority for the controller: Datatilsynet (Norway), https://www.datatilsynet.no. For users based in Austria: Austrian Data Protection Authority (DSB), https://www.dsb.gv.at.

Source: Regulation (EU) 2016/679 (GDPR), EUR-Lex. Not legal advice.