Privacy Policy

Levoron takes user privacy seriously. This policy explains what data we collect, how we use it, with whom we share it, and what rights you have over it.

The data controller is the operator of the Levoron system, identified on the public home page. For privacy inquiries, contact us via the “Report issue” button at the bottom of the sidebar or the published email.

• Account data: email, name, hashed password, agency, role.
• Agency data: business name, tax ID, address, phone numbers, social networks, logo, seller photo.
• End-client (passenger) data that you upload: name, contact, passport, date of birth. This data is yours and you are the controller before those people — Levoron acts as processor.
• Operational data: quotes, files, payments, receipts, attachments.
• Technical data: IP address, browser, OS, language, usage logs.

• To provide the Service (display your information, execute your instructions).
• To process payments through third-party providers (we do not touch card data).
• To send you operational emails (password recovery, receipts, plan alerts).
• To improve the system (aggregated usage analytics, without identifying users).
• To respond to support tickets you open.

The Service uses Anthropic (Claude) models to generate text. When you use AI features, the input (e.g., quote destination and services) is sent to Anthropic with the sole purpose of generating the response. It is NOT used to train models and is not stored beyond processing.

If you have sensitive information you don't want to send to AI, you can disable “optimize with AI” mode where it appears, or not use AI features.

We share data only with processors that need to process it for the Service to function:

• Supabase: database hosting and file storage.
• Anthropic: AI text generation.
• Vercel: web application hosting.
• MercadoPago / PayPal: payment processing.
• Resend / transactional email provider: sending operational emails.

Each has its own privacy policy. We do NOT sell your data or share it with third parties for marketing purposes.

Under applicable legislation (Law 25.326 in AR, LGPD in BR, GDPR in EU, etc.) you have the right to:

• Access: request a copy of the data we hold about you.
• Rectification: correct inaccurate data.
• Erasure: request that we delete your account and data (subject to legal retention obligations).
• Portability: receive your data in a structured format.
• Opposition: object to processing on legitimate grounds.

To exercise these rights, contact us via the “Report issue” button or the contact email. We respond within 30 calendar days.

• Operational data is kept while your account is active.
• If you cancel the account, we archive the data for 6 months to support reactivation; we then delete it.
• We keep payment receipts for the time required by your country's tax law (typically 5-10 years).
• Technical logs: 90 days by default.

• All connections use HTTPS / TLS.
• Passwords are stored hashed with bcrypt.
• Access to your database is restricted by Row-Level Security: no other agency can see your data.
• We make periodic encrypted backups.
• If we detect a security breach affecting your data, we notify you within 72 hours as required by GDPR.

We use cookies strictly necessary to maintain your session and remember preferences (language, theme). We do not use advertising or third-party tracking cookies. More detail in our cookie policy.

We may update this policy. We will notify material changes via email or in the dashboard. The last-updated date is always shown at the top.