Privacy Policy

Last updated: March 2025

1. Introduction

This Privacy Policy ("Policy") describes how Kliovo Technologies ("Kliovo," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our WhatsApp Business API SaaS platform and related services (collectively, the "Service"). Kliovo is an authorized WhatsApp Business Solution Provider that enables businesses to communicate with their customers through the WhatsApp Business API. This Policy applies to all users of the Service, including account holders, administrators, and end users who interact with businesses through WhatsApp messages facilitated by Kliovo. By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

We collect several categories of information to provide, maintain, and improve our Service. The types of information we collect depend on how you interact with us.

2.1 Account Information

When you create an account with Kliovo, we collect the following personal and business information:

  • Full name and job title
  • Email address
  • Phone number
  • Business name and legal entity name
  • Business address
  • Industry and business category
  • Company website URL

2.2 WhatsApp Business Account Data

To connect your WhatsApp Business Account to our platform, we collect and process:

  • WhatsApp Business Account (WABA) ID
  • Phone number(s) registered with your WABA
  • Display name associated with your WhatsApp business profile
  • Business verification status with Meta
  • Quality rating and messaging tier information
  • Message template submissions and approval statuses

2.3 Message Data

When you use our Service to communicate with your customers via the WhatsApp Business API, we process the following message data:

  • Message content (text, images, documents, videos, audio, location, and other media types supported by the WhatsApp Business API)
  • Message templates and template parameters
  • Delivery receipts, read receipts, and message status updates
  • Timestamps of sent and received messages
  • Sender and recipient phone numbers
  • Conversation metadata (session type, conversation category)

2.4 Usage Data

We automatically collect certain technical and usage information when you access and use our Service:

  • Login times and session duration
  • Features and pages accessed within the platform
  • IP address and approximate geolocation
  • Browser type, version, and language settings
  • Device type, operating system, and screen resolution
  • Referring URLs and exit pages
  • Actions taken within the platform (e.g., creating templates, configuring automations)

2.5 Payment Information

When you subscribe to a paid plan or make purchases through our Service, we collect billing-related information:

  • Billing name and address
  • Payment method type (e.g., credit card, bank transfer)
  • Transaction history and invoice records
  • Subscription plan details and renewal dates

2.6 Contact Lists

When you use our Service to manage customer communications, we may process:

  • Customer phone numbers uploaded to or collected through the platform
  • Customer names and any labels or tags you assign
  • Opt-in and opt-out status for WhatsApp communications
  • Custom attributes you associate with your contacts
  • Conversation history linked to individual contacts

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Service, including processing and delivering WhatsApp messages through the official WhatsApp Business API
  • Managing your account, including authentication, billing, and subscription management
  • Processing transactions and sending related billing and payment notifications
  • Providing customer support and responding to your inquiries
  • Sending technical notices, security alerts, and service-related announcements
  • Analyzing usage patterns and trends to improve and optimize the Service
  • Developing new features, products, and services
  • Detecting, preventing, and addressing fraud, abuse, security issues, and technical problems
  • Ensuring compliance with Meta Platform Terms, WhatsApp Business Policy, and WhatsApp Commerce Policy
  • Complying with legal obligations and enforcing our terms of service
  • Generating aggregated, anonymized analytics and reporting for internal business purposes
  • Communicating with you about product updates, promotional offers, and company news (with your consent, where required by applicable law)

4. WhatsApp Business API Data

As an authorized WhatsApp Business Solution Provider, Kliovo operates under specific obligations regarding the handling of data processed through the WhatsApp Business API.

4.1 Authorized Solution Provider

Kliovo is an authorized WhatsApp Business Solution Provider operating under agreement with Meta Platforms, Inc. All messages sent and received through our platform are processed via the official Meta WhatsApp Business API infrastructure.

4.2 Compliance with Meta Policies

We strictly comply with the following Meta policies and terms:

  • Meta Platform Terms of Service
  • WhatsApp Business Messaging Policy
  • WhatsApp Commerce Policy
  • Meta Data Use Policy
  • WhatsApp Business Solution Provider Terms

4.3 Message Content Usage

Message content processed through our platform is used solely to deliver the Service. Specifically:

  • Message content is not used for advertising or ad-targeting purposes
  • We do not sell message content to third parties
  • We do not use message content to build advertising profiles
  • Message content is processed and stored only as necessary to deliver messages, provide customer support, and maintain service reliability

4.4 Conversation Data Retention

Conversation data is retained in accordance with the data retention periods described in Section 7 of this Policy. Messages are stored on our secure servers to enable you to access conversation history within the platform. When you delete your account, conversation data is permanently removed in accordance with our retention schedule.

5. Data Sharing

We do not sell your personal data to third parties. We may share your information in the following limited circumstances:

5.1 Meta / WhatsApp

We share data with Meta Platforms, Inc. as required for the operation of the WhatsApp Business API. This includes message content, sender and recipient information, and business account details necessary to process and deliver WhatsApp messages.

5.2 Payment Processors

We share billing information with third-party payment processors (such as Stripe) to process payments for our Service. These processors handle your payment card details directly and are bound by PCI DSS compliance requirements. We do not store your full credit card numbers on our servers.

5.3 Cloud Infrastructure Providers

We use reputable cloud infrastructure providers to host and operate our Service. These providers process data on our behalf and are contractually obligated to protect your data in accordance with this Policy and applicable data protection laws.

5.4 Analytics Providers

We may share anonymized and aggregated usage data with analytics providers to help us understand how the Service is used and to improve our platform. This data does not identify individual users.

5.5 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

  • Court orders and subpoenas
  • Requests from law enforcement or government agencies
  • Legal proceedings to protect our rights, privacy, safety, or property
  • Situations involving potential threats to the physical safety of any person
  • Prevention of fraud or other illegal activities

5.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

6. Data Security

We implement robust technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

  • Encryption in transit using TLS 1.2 or higher for all data transmitted between your browser and our servers
  • Encryption at rest for all stored data, including message content and personal information
  • Role-based access controls limiting employee access to personal data on a need-to-know basis
  • Multi-factor authentication for administrative access to production systems
  • Regular security audits and vulnerability assessments conducted by internal and third-party security teams
  • Documented incident response procedures for identifying, containing, and resolving security incidents
  • SOC 2 Type II compliance program (in progress) to ensure ongoing adherence to industry-standard security practices
  • Regular employee security awareness training
  • Network segmentation and firewall protections
  • Automated monitoring and alerting for suspicious activity

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

7.1 Account Data

Your account information is retained for as long as your account remains active. If you choose to close your account, we will delete or anonymize your account data within 30 days, unless retention is required for legal or regulatory purposes.

7.2 Message Data

Conversation and message data is retained for the duration of your active subscription. Upon account deletion, message data is permanently removed from our production systems within 30 days. Residual copies in encrypted backups are purged within 90 days.

7.3 Usage and Analytics Data

Anonymized usage and analytics data may be retained indefinitely for product improvement and statistical analysis purposes. This data cannot be used to identify individual users.

7.4 Billing Records

Transaction and billing records are retained for a minimum of 7 years in accordance with applicable tax and financial regulations.

7.5 Backup Retention

Encrypted backups of production data are retained for up to 90 days and are automatically purged thereafter. Backups are stored in geographically separate locations for disaster recovery purposes.

8. Your Rights (GDPR and Applicable Data Protection Laws)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, subject to certain legal exceptions.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to Restrict Processing: You have the right to request restriction of processing of your personal data under certain circumstances.
  • Right to Object: You have the right to object to processing of your personal data for direct marketing or where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

8.1 Exercising Your Rights

To exercise any of the above rights, please contact our Data Protection Officer at privacy@kliovo.com. We will respond to your request within 30 days of receipt. In certain cases, we may need to verify your identity before processing your request. If your request is complex or you have made multiple requests, we may extend the response period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.

8.2 Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

9. International Data Transfers

Kliovo Technologies operates globally, and your personal data may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate safeguards for transfers of personal data outside the EEA.
  • We rely on adequacy decisions issued by the European Commission where applicable.
  • Data processing is primarily conducted within the European Union and the United States, using infrastructure from reputable cloud providers with appropriate data protection certifications.
  • We ensure that all third-party service providers who process personal data on our behalf provide sufficient guarantees regarding the protection of personal data.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about how you interact with our Service.

10.1 Essential Cookies

These cookies are strictly necessary for the operation of our Service. They enable core functionality such as user authentication, session management, and security features. You cannot opt out of essential cookies as they are required for the Service to function.

10.2 Analytics Cookies

We use analytics cookies to understand how visitors interact with our Service, including which pages are visited most frequently and how users navigate through the platform. This data is collected in aggregate form and does not identify individual users. You may opt out of analytics cookies through your browser settings or our cookie preferences panel.

10.3 Third-Party Cookies

Some third-party services integrated into our platform may set their own cookies. These are governed by the respective privacy policies of those third parties. We do not control the use of third-party cookies.

10.4 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain cookies, or delete cookies that have already been set. Please note that disabling essential cookies may affect the functionality of the Service.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@kliovo.com.

12. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications that are not operated by Kliovo. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our website with a revised "Last updated" date and, where required by applicable law, by sending you an email notification or displaying a prominent notice within the Service. Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically to stay informed about how we protect your data.

14. Data Protection Officer

Kliovo Technologies has appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws. You may contact our DPO for any questions, concerns, or requests related to the processing of your personal data or the exercise of your rights under applicable data protection laws.

  • Email: privacy@kliovo.com
  • Subject line: Attn: Data Protection Officer
  • We aim to respond to all inquiries within 30 days of receipt.

15. Contact Information

If you have any questions, concerns, or feedback regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

  • Company: Kliovo Technologies
  • Email: privacy@kliovo.com
  • Website: https://kliovo.com
  • WhatsApp: Available through our website support channel