Legal
Privacy policy
Which personal data we process, why we do it, and the rights you have. Written in plain language, no lawyer required.
- Updated
- Jun 19, 2026
- Version
- 1.0
- Read
- ~5 min
This English version is provided for convenience. The Danish version prevails.
Data controller
Levano ApS is the data controller for the personal data we process about you when you use our CRM or visit our website. This means we decide why and how your data is processed, and we are responsible for doing so in line with the rules.
You can reach us at the following address:
- Levano ApS
- CVR no. 46395751
- Lille Torv 2A, 3. tv., 8000 Aarhus C, Denmark
- contact@levano.io
If you have questions about how we process your data, you are always welcome to write to us.
Which personal data we process
We only collect the data we need to deliver our CRM and run our business. Specifically, we process:
- Account and user data: name, email, phone number, job title, company and the login credentials you create.
- Usage data: how you use the system, including log files, IP address, browser type, device and activity timestamps.
- Support requests: the content of the messages and information you send us when you ask for help.
- Payment data: billing details and subscription history. Card details themselves are handled by our payment provider, and we do not store them.
Purposes and legal basis
We only process your data when we have a lawful basis for it. Our processing follows Article 6 of the GDPR, and we typically rely on one of these bases:
- Performance of a contract (Art. 6(1)(b)): to give you access to our CRM, create and manage your account and deliver the agreed service.
- Legitimate interest (Art. 6(1)(f)): to secure, improve and further develop our product, prevent misuse and communicate with our customers in a relevant way.
- Consent (Art. 6(1)(a)): for example for newsletters and non-essential cookies. You can withdraw your consent at any time.
- Legal obligation (Art. 6(1)(c)): when we are required to retain data, for example under the Danish Bookkeeping Act.
How long we keep data
We only keep your personal data for as long as it is needed for the purpose it was collected for, or for as long as the law requires.
- Account and user data is kept for as long as you have an active account. When you close your account, we delete or anonymise the data within a reasonable time, unless we are obliged to keep it.
- Bookkeeping and payment data is kept for five years after the end of the financial year it relates to, in line with the Danish Bookkeeping Act.
- Support requests and log files are kept for a shorter period, typically up to 24 months, and only for as long as they are relevant to operations and security.
Sharing and data processors
We never sell your personal data. We only share it when it is necessary to deliver our service, and only with trusted providers that process data on our behalf.
These providers are our data processors, and they may only process your data on our instructions and under a data-processing agreement. You can find the full list of our sub-processors, so you can always see who has access to what.
We may also disclose data if we are legally required to, for example to public authorities.
Transfers to third countries
As a rule, we process your data within the EU and EEA. If one of our processors transfers data to a country outside the EU and EEA (a third country), it only happens when there is a lawful basis for the transfer.
This means the transfer either goes to a country the European Commission has found to provide an adequate level of protection, or we have entered into the Commission's Standard Contractual Clauses (SCC) with the provider, plus any supplementary measures. You can request a copy of the basis by writing to us.
Your rights
When we process your personal data, you have a number of rights under the data protection rules:
- Access: you can learn which data we process about you and get a copy.
- Rectification: you can have incorrect or incomplete data corrected.
- Erasure: in certain cases you can have your data deleted.
- Restriction: in certain cases you can have our processing restricted.
- Objection: you can object to processing based on legitimate interest.
- Data portability: you can receive your data in a machine-readable format.
To exercise your rights, write to us at contact@levano.io. We will respond as soon as possible and within one month at the latest. If you are unhappy with how we process your data, you can lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark, or via datatilsynet.dk.
Changes to this policy
We update this privacy policy when our processing of personal data changes, or when the law requires it. The date at the top shows when the policy was last revised. For material changes we will let you know before they take effect.
Questions?
Reach our data protection team
If anything in this policy is unclear, we'd be glad to hear from you. We usually reply within two business days.
Levano ApS · Lille Torv 2A, 3. tv. · 8000 Aarhus C, Denmark
