Privacy Policy

Last updated: March 2026

1. Who we are

Lyzia is a registered trade name (handelsnaam) at the Dutch Chamber of Commerce (KVK), based in the Netherlands. For questions about this policy, contact us at hello@lyzia.ai.

2. What data we collect

We collect and process the following personal data:

• Account information: name, email address, and company name when you register or contact us.
• Chat history: conversations with the Lyzia assistant are stored on your account so you can continue previous conversations. You can delete your chat history at any time from your account settings.
• Media metadata: Lyzia does not store your original media files (video, audio, photographs). We store only the derived index data such as transcriptions, summaries, thumbnails and metadata generated during the indexing process. Your original files remain on your own storage at all times.
• Contact form submissions: name, email, company name and message content submitted through our website.

3. Legal basis for processing (GDPR)

We process your personal data on the following legal grounds:

• Contract performance: processing necessary to provide you with the Lyzia service (Article 6(1)(b) GDPR).
• Legitimate interest: improving our service, ensuring security, and communicating with you about your account (Article 6(1)(f) GDPR).
• Consent: where you have given explicit consent, for example when submitting a contact form (Article 6(1)(a) GDPR).

4. How we use your data

• To provide, maintain and improve the Lyzia platform.
• To index and analyse your media files using AI models for search, transcription and visual recognition.
• To respond to your enquiries and provide support.
• To send you service-related communications, such as account invitations and security notifications.

5. Third-party processors

We use the following third-party services to operate Lyzia:

• OpenAI: for AI-powered analysis, transcription and chat functionality. Data sent to OpenAI is processed under their data processing agreement and is not used to train their models.
• Anthropic: for AI-powered chat and content generation. Data sent to Anthropic is processed under their data processing agreement and is not used to train their models.
• Hosting provider: for server infrastructure and data storage, located within the EU or with adequate safeguards for international transfers.

We ensure all third-party processors comply with GDPR requirements through appropriate data processing agreements.

6. Data retention

We retain your data for as long as your account is active or as needed to provide the service. When your account is deleted, all associated personal data, including chat history and preferences, is removed immediately. No personal data is retained after deletion, unless we are legally required to do so.

7. Your rights

Under the GDPR, you have the following rights:

• Access: request a copy of your personal data.
• Rectification: request correction of inaccurate data.
• Erasure: request deletion of your data ("right to be forgotten").
• Restriction: request restriction of processing.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interest.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@lyzia.ai. We will respond within 30 days.

8. Data security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted connections (HTTPS) for all data in transit.
• Passwords are hashed using industry-standard algorithms (bcrypt) and are never stored in plain text.
• Role-based access controls to limit data access to authorised users.
• Strict data isolation between organisations: each client's media, archives and metadata are stored in separate databases and are never accessible to other clients.

9. Cookies

The Lyzia platform uses essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

10. International transfers

Some of our third-party processors (such as OpenAI and Anthropic) are based in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Supervisory authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the platform or by email. The date at the top of this page indicates when this policy was last revised.

Questions? Contact us at hello@lyzia.ai.