How we handle your data

Last updated: 7 July 2026

Everything on one page for office managers. If you want the formal versions, see Privacy policy and Terms of service.

Where it lives

Your organisation's data is stored in a UK/EU region on managed cloud infrastructure with encryption at rest and in transit. Attachments (like fit notes) are held in a private bucket and only served through short-lived signed URLs.

Who can see what

Audit trail

Every meaningful action — request created, approved, rejected, sickness logged, attachment deleted — is written to an audit log that admins can view and export as CSV.

Export

Admins can export the whole organisation's data as a set of CSV files from Settings → Data & privacy. Individual employees can request a copy via their admin.

Deletion

Admins can request full organisation deletion from Settings → Data & privacy. Once confirmed, we remove your data within 30 days, keeping only what the law requires (e.g. SSP-related records for their statutory minimum period).

Sub-processors

We use a small set of infrastructure providers to run Leavo (hosting, database, transactional email, error monitoring). Full list on request.

Questions

Email privacy@leavo.app.