1. Who are we?
Levia (“we”, “our service”) is a multi-tenant HR management SaaS published from Tunis, targeting the Maghreb (Tunisia, Algeria, Morocco, Libya) and France. The data controller within the meaning of GDPR is Levia SAS (corporate name to be confirmed at registration), registered office in Tunis, Tunisia.
GDPR contact: <email1/> · External DPO: <email2/>.
2. What data do we collect?
2.1 Data provided by the client organization
When an organization subscribes to Levia, it shares with us about its employees:
- Identity: last name, first name, email, phone, date of birth, profile photo (optional), ID number/passport.
- Professional profile: position, department, manager, start date, contract type.
- Payroll: base salary, IBAN, BIC, social security number, number of dependents, allowances, deductions. IBAN, BIC and ID number are encrypted in the database via AES-256-GCM.
- Time tracking: clock-in/clock-out timestamps, geolocation (only with employee consent), selfies (only if enabled by admin), biometric references (not templates, see §6).
- Leave and absences: types, dates, reasons (optional), medical certificates encrypted at the application level (GDPR Art. 9 · health data).
- Performance and training: objectives, KRs, reviews, declared skills, training enrollments.
2.2 Data provided by prospects (contact form)
If you fill out a form on our marketing site, we collect: name, business email, phone (optional), company (optional), estimated headcount, current solution, free-form message, conversion source. See §10 for lead retention.
2.3 Technical data (logs and cookies)
- Server logs: IP address, user-agent, visited pages, timestamps · retained 90 days for attack detection and debugging.
- Session cookies: an encrypted authentication cookie (Better-Auth) to maintain the connection. Strictly necessary · no banner required (CNIL).
- Language cookie (
levia-locale): saves your FR/AR/EN choice. Duration 1 year. Non-sensitive. - No third-party tracking cookies (Google Analytics, Meta Pixel, etc.) · see cookies policy.
3. Why do we process this data?
GDPR Art. 6 legal basis:
- Contract performance (Art. 6.1.b): provide the Levia service subscribed by the organization. Most processing falls under this basis.
- Legal obligation (Art. 6.1.c): generation of payslips, CNSS/DSN declarations, retention of employment contracts.
- Legitimate interest (Art. 6.1.f): service security, fraud prevention (time tracking anti-fraud), anonymized product improvement.
- Explicit consent (Art. 6.1.a + Art. 9): biometric data, health data (sick leave, medical certificates), employee geolocation.
4. Who has access to your data?
- The employee: their own data via their space.
- Their direct manager: data needed for management (attendance, leave, performance).
- HR/ORG administrators of their organization: full access to the organization's HR data.
- The Levia team: strictly limited access for support engineers, on explicit client request (access procedure via signed ticket). All accesses are audited.
- Subprocessors: see §5.
Data is never sold, rented or shared with third parties for commercial purposes.
5. Subprocessors (GDPR Art. 28)
| Subprocessor | Role | Location | Compliance |
|---|---|---|---|
| Vercel Inc. | Application hosting | Europe (Paris) | DPA · ISO 27001 · SOC 2 |
| Neon Inc. | Postgres database | eu-west-3 (Paris) | DPA · SOC 2 Type II |
| Cloudflare | File storage (R2) + CDN | Europe | DPA · ISO 27001 |
| Resend | Transactional email delivery | Europe | DPA |
| Stripe | Billing (paying customers) | Ireland | DPA · PCI-DSS Level 1 |
| Anthropic (Claude) | AI assistant | EU (Frankfurt region) | DPA · SOC 2 · no training |
| Inngest | Async jobs | Europe | DPA |
All subprocessors have signed a Data Processing Agreement with Levia in accordance with Article 28 of GDPR.
6. Biometric data (GDPR Art. 9)
Levia stores no biometric template (fingerprints, faces, iris). Templates remain on the client's physical time clocks (ZKTeco, Suprema, Hikvision, etc.).
Levia only stores:
- A reference "employee X is enrolled on device Y" to link clock-ins
- The clock-in timestamp
- The written consent signed by the employee (PDF in encrypted R2 storage)
Before any biometric enrollment, the client must have the employee sign an explicit consent form (automatically generated by Levia). For Tunisia, a declaration to INPDP is recommended beyond 100 enrolled employees.
7. Health data (GDPR Art. 9)
Medical certificates uploaded by employees (sick leave) are stored encrypted and accessible only to:
- The employee
- Their direct manager (for leave validation)
- HR_ADMIN and ORG_ADMIN of their organization
HTTP cache: private, no-store · never cached by an intermediate proxy.
8. Your rights (GDPR Art. 15-22 + local laws)
- Right of access: copy of your data in a structured format (CSV, JSON).
- Right of rectification: correction of inaccurate data (accessible directly in /settings/profile).
- privacyPage.right3
- Right to portability: full export in CSV/JSON format within 30 days.
- Right to object: marketing, profiling. Unsubscribe in one click.
- Right to restriction of processing: possible in case of dispute.
To exercise these rights: <email/>. Reply within 30 days as per Art. 12 GDPR.
You may lodge a complaint with:
- 🇹🇳 INPDP (Tunisia): inpdp.nat.tn
- 🇫🇷 CNIL (France): cnil.fr
- 🇲🇦 CNDP (Morocco): cndp.ma
- 🇩🇿 ANPDP (Algeria): authority being structured (law 18-07 of June 10, 2018)
9. Security
- Encryption at-rest: encrypted disks (Neon, R2). Sensitive fields additionally encrypted at the application level via AES-256-GCM.
- Encryption in-transit: TLS 1.2+ required on all routes. HSTS enabled.
- MFA: required for HR_ADMIN, PAYROLL_ADMIN, ORG_ADMIN, Platform Owner roles. TOTP via Google Authenticator/Microsoft Authenticator.
- Audit log: every sensitive action (payroll validation, IBAN modification, biometric access) is logged with automatic masking of encrypted data in payloads.
- Penetration testing: annual (starting 2026, by external firm).
- Secret rotation: application encryption keys rotated annually with data migration.
- Backups: daily, retained 30 days. Restorable within 4 hours.
10. Retention periods
| Data type | Duration | Reason |
|---|---|---|
| Active user account | As long as the client is subscribed | Contract performance |
| Deleted user account | 90 days then purge | Recovery possibility |
| Payslips | 5 years | TN/FR legal obligations |
| Employment contracts | 5 years after contract end | Labor code |
| Audit log | 3 years | GDPR + security compliance |
| Backups | 30 days rolling | Incident recovery |
| Server logs | 90 days | Intrusion detection |
| Marketing leads (form) | 3 years after last contact | Sales follow-up |
| Biometric data (references) | As long as employee is active + 30 days | Historical anti-fraud |
11. International transfers
All our subprocessors host data in Europe (Paris, Frankfurt, Dublin). No transfer to the United States or China is performed as part of the Levia service.
Exception: if you are based outside Europe and use the AI assistant, requests to Anthropic Claude transit through Anthropic's EU infrastructure (Frankfurt region). Anthropic does not reuse client data to train its models (contractual clause).
12. Minors
Levia is not intended for minors under 16. If an employed minor is registered (apprentice for example), parental consent is required for biometric enrollment in accordance with Art. 8 GDPR.
13. Modifications to this policy
We may modify this policy. In case of substantial change, we notify client organizations by email 30 days in advance. The current version is always dated at the top of this page.
14. Contact
Levia SAS · Tunis, Tunisia
Email: <email1/> · DPO: <email2/>
Reply within 30 days.