liqaa. Back to home
Legal · Privacy Policy

Privacy Policy

Liqaa is a tool for capturing and organizing the people you meet. That only works if we treat your data, and your contacts' data, with care. This policy explains what we collect, why we collect it, how long we keep it, and the choices you have, in plain language.

Effective: 1 May 2026 Last updated: 7 May 2026 Version 1.0

Who we are

Liqaa is operated by LIQAA, INC. ("Liqaa," "we," "us," or "our"), a Delaware corporation. We are the data controller for personal data processed through the Liqaa mobile and web applications and any related websites or services (collectively, the "Service").

Questions about this policy or about your data go to support@liqaa.app. We answer from a real person, not an autoresponder.

Scope of this policy

This policy covers personal data we process about three groups of people:

  • Account holders — anyone who signs up for Liqaa, free or paid;
  • Workspace members — people invited into a team workspace by an account holder;
  • Captured contacts — people whose details an account holder has saved into Liqaa, for example after meeting at an event.

If your information is inside Liqaa because someone you met saved it, you are a captured contact. You still have rights, and we explain them in Section 11.

Data we collect

We try to collect as little as possible, and to be specific about why. Here is the full list:

You give us directly

Category
Examples
Source
Account profile
Name, email, phone, password hash, profile photo, job title.
Sign-up, settings.
Workspace data
Workspace name, role assignments, event labels, field mappings.
Admin setup.
Captured contacts
Names, roles, companies, emails, phones, photos, notes, custom tags.
Voice capture, card scan, typed entry.
Voice and image content
Audio clips you record, photos of business cards, transcripts and OCR output.
In-app capture.
Communications
Support emails, in-app messages, survey responses.
When you contact us.
Billing
Billing name, address, last 4 digits and brand of payment card, invoices. Full card numbers are handled by our payment processor and are not stored on Liqaa servers.
Subscription checkout.

We collect automatically

Category
Examples
Source
Device and app
Device model, OS version, app version, language, time zone, crash reports.
SDK on your device.
Usage
Captures per day, feature toggles, error events, latency measurements (no content of captures).
Product analytics.
Authentication
IP address, login timestamp, session token, fraud-prevention signals.
Auth service.
Approximate location
City-level location derived from IP address. We do not collect precise GPS location unless you grant the permission for a specific feature.
Server logs.

We receive from third parties

  • Phone contacts — only the entries you choose to import, only at the moment you import them.
  • Identity providers — if you sign in with Apple or Google, we receive the email and the unique identifier they return, nothing else.
  • Payment processor — confirmation that a payment succeeded, plus the masked card metadata listed above.
What we don't collect We do not buy contact lists, scrape public directories, harvest information from your inbox, or train large language models on the content of your captures. We do not use your data, or your captured contacts' data, to advertise to you or to anyone else.

How we use your data

We use personal data for the purposes below, and only those:

  • Provide the Service. Capture, transcribe, store, and display your contacts; sync them to integrations you connect; back them up.
  • Authenticate and secure accounts. Log you in, prevent fraud, detect abuse, enforce rate limits.
  • Improve the product. Aggregate usage analytics so we can see which flows are slow or failing. We use the smallest set of events that answer the question.
  • Communicate with you. Service emails (receipts, security alerts, policy changes) you cannot opt out of, and product emails you can.
  • Support you. Respond to questions, debug issues, and follow up on bug reports.
  • Comply with the law. Tax records, lawful requests, accounting, audit trails.

We do not use audio, transcripts, or photos of business cards to train third-party AI models. Speech-to-text and OCR are run through processors who are contractually prohibited from retaining or training on your content beyond the time required to return the result.

Who we share data with

We do not sell personal data, and we do not share it for cross-context behavioral advertising. We share it only with:

Sub-processors who help us run Liqaa

These vendors process data on our behalf, under written contracts that bind them to confidentiality, security, and our instructions:

  • Cloud infrastructure — compute, object storage, managed databases (United States and European Union regions);
  • Speech-to-text and OCR processors — convert audio to text and read business cards;
  • Email and push notification providers — transactional and product communications;
  • Customer support tooling — helpdesk and ticketing;
  • Analytics and error monitoring — aggregate product analytics and crash reporting;
  • Payment processor — handles card data so we don't have to.

The current list of sub-processors, with locations, is available on request from support@liqaa.app. We update the list before we add a new sub-processor and notify enterprise customers of the change.

Integrations you connect

If you connect a CRM (HubSpot, Salesforce, and similar — coming soon), Liqaa sends contact records to that CRM at your direction. Once a record reaches your CRM, it is governed by that CRM's privacy policy and your account there, not by us.

Other circumstances

  • Within your workspace. If you are part of a team workspace, the workspace owner and admins can see captures made by members for that workspace.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, your data may transfer. We will notify you and any new owner is bound by this policy or one no less protective.
  • Legal requests. We disclose data when required by law, valid legal process, or to protect the rights, safety, and property of Liqaa, our users, or the public. We push back on overbroad requests and publish a transparency note when we can.

International transfers

Liqaa is a US-based company, and some of our sub-processors are also based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States and other countries.

For transfers out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum where applicable) to provide appropriate safeguards. A copy of the SCCs we use is available on request.

Retention

We keep personal data only as long as we need it. The defaults are:

  • Account profile and captured contacts — for as long as your account is active. If you delete your account or a specific capture, see our data-deletion page for the timeline.
  • Voice recordings and OCR images — kept only until the transcript or text is extracted and confirmed, then deleted from the processor and stored only on the user-controlled record. You can change this behaviour in workspace settings.
  • Authentication and security logs — up to 12 months in immutable storage.
  • Backups — encrypted and overwritten on a rolling 35-day cycle.
  • Billing and tax records — for the period required by tax law (typically 7 years).
  • Support tickets — up to 24 months after the ticket is closed.

Your rights

Depending on where you live, you have some or all of the rights below. We honour these rights for everyone, regardless of jurisdiction:

  • Access — get a copy of your personal data, in a portable format.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data. See the data-deletion page.
  • Restriction or objection — pause or limit certain processing, including processing based on legitimate interests.
  • Portability — receive a machine-readable copy of data you have given us, and ask us to transmit it to another controller where technically feasible.
  • Withdraw consent — for any processing that relied on consent, with effect going forward.
  • Lodge a complaint — with your national data-protection authority (in the EU, the supervisory authority where you live or work).

To exercise any of these, email support@liqaa.app from the address on file, or use Settings → Account → Privacy in the app. We respond within 30 days. There is no charge for a first request in any 12-month period.

California rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and retain; the right to delete; the right to correct; the right to limit our use of sensitive personal information; and the right to non-discrimination for exercising any of these.

Liqaa does not sell or share personal information as those terms are defined under the California Consumer Privacy Act, including for cross-context behavioral advertising. We do not knowingly collect personal information of consumers under 16 for sale or share. We do not use sensitive personal information for purposes other than those permitted by the CPRA without explicit opt-in consent.

To exercise California rights, email support@liqaa.app with the subject "California privacy request." We may take reasonable steps to verify your identity and will not discriminate against you for making a request. You may also designate an authorized agent in writing.

Captured contacts

If your information is in Liqaa because someone you met saved your details, this section is for you.

The Liqaa user who captured you is the data controller for that record under most data-protection laws. Liqaa is the processor. That said, we hold the data on our infrastructure and we will help you exercise your rights directly:

  • Access — we will tell you what fields we hold and how they were captured;
  • Correction — we will fix inaccurate fields, or pass the request to the user who captured you;
  • Deletion — we will remove your record from every workspace that holds it. See the data-deletion page for the timeline.

To make any of these requests, email support@liqaa.app with your full name, the email address that was likely saved, and the event or company context if you remember it. We will not name the user who saved your record.

Children

Liqaa is built for working professionals and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information to us, contact support@liqaa.app and we will delete it.

Security

We protect your data with industry-standard controls:

  • encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);
  • least-privilege access controls and audit logging on production systems;
  • SSO and hardware-backed multi-factor authentication for our team;
  • regular vulnerability scanning, dependency monitoring, and third-party penetration testing;
  • SOC 2 Type II in progress; we will publish the report when complete.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant authorities without undue delay, and within the time frames required by applicable law.

Cookies and analytics

We use a small number of cookies and similar technologies. They fall into three buckets:

  • Strictly necessary — login, session, security. These cannot be turned off.
  • Functional — remember preferences such as theme and language.
  • Analytics — aggregate, IP-anonymised usage measurement. You can opt out at any time on the website cookie banner or in Settings → Privacy in the app.

We do not use advertising cookies, and we do not share data with ad networks. We honour the Global Privacy Control (GPC) signal as a valid opt-out of analytics for your browser.

Changes to this policy

If we change this policy, we will post the updated version here and bump the effective date at the top. For material changes, we will notify active account holders by email and, where required, ask for your consent. The most recent version always governs.

How to contact us

For any privacy question, request, or complaint, reach our team at support@liqaa.app. We respond within 30 days.

Contact details

You can reach us by email or post. EU and UK residents may also contact our representative at the address below.

Privacy team

support@liqaa.app

Mailing address

LIQAA, INC.
Attn: Privacy
Delaware, United States

EU representative

To be appointed before EU launch. Contact support@liqaa.app in the meantime.

Delete your data

Open the deletion page →