Kivo - Privacy Policy

Effective date: 28 August 2025
Who we are: Kivo is a trading name of LUX GLOBAL LTD (“LUX GLOBAL”, “we”, “us”, “our”).
Registered office: 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom.

Kivo is a professional social media scheduler for small businesses and agencies. It helps teams organize brands in Projects, connect multiple accounts per platform, draft with AI-assisted captions, cross-post with previews, and schedule content across channels. This Privacy Policy explains what we collect, how we use it, and the choices you have.

1) Data Controller & Scope

For users in the UK/EU, LUX GLOBAL LTD is the data controller for personal data processed in connection with Kivo. We handle personal data in line with the UK GDPR and the Data Protection Act 2018 (and, where applicable, the EU GDPR). You may contact us using the details in §15.

This Policy covers our website, app, and related services (the “Service”). If you access social platforms through Kivo, their privacy policies also apply.

2) The data we collect

2.1 Data you provide

Account & profile: email, name, password (hashed), organisation/brand name, language, and notification preferences.
Workspace data: Projects you create (brand/client names), roles you assign, team invites (emails, names).
Channel connections: identifiers and OAuth tokens/refresh tokens required by platforms you choose to connect (e.g., Instagram, TikTok, Pinterest, YouTube, X/Twitter, Facebook Pages, LinkedIn, and select long-tail/fediverse networks).
Content & schedules: post drafts, captions, media you upload, per-channel variants, scheduled times, queues.
Billing: plan, transaction IDs, VAT details, and limited payment metadata via our payment processor (we do not store full card numbers).
Support & surveys: messages, ticket content, feedback, and form responses.

2.2 Data we collect automatically

Usage & device: IP address, device/browser, app version, referral source, feature usage, timestamps, and diagnostic logs.
Delivery & status: posting outcomes returned by social platforms (success/failure codes, rate-limit signals), queue state, and retry metadata.
Cookies & similar tech: essential cookies for sign-in and security; preference cookies (e.g., language); privacy-respecting analytics where used (see §7).

2.3 Data from others

Invitations: if someone invites you to a Project, we receive your email/name from that inviter.
Processors: service providers (hosting, storage, analytics, email, payments, AI inference) may generate operational logs tied to your use.

We do not intentionally collect special category data (e.g., health, religion) or data about criminal convictions.

3) Why we use your data (purposes & legal bases)

We process personal data for:

Provide the Service (Contract): create/manage your account; connect channels you authorize; store drafts; schedule and publish posts on your instruction; show delivery status; maintain Projects; invite teammates/clients.
AI assistance (Contract/Legitimate interests): generate caption ideas, hooks, hashtags, rewrites, and per-channel variants from your prompts; filter abuse; improve suggestion quality. You remain responsible for reviewing outputs before publishing (see §6).
Security & reliability (Legitimate interests/Legal obligation): fraud and abuse prevention, rate-limit protection, error tracking, and service monitoring.
Billing & admin (Contract/Legal obligation): process subscriptions and invoices; handle taxes and accounting; send transactional emails.
Product improvement & communications (Legitimate interests/Consent): analyse feature usage, run experiments, and send tips or updates you can opt out of.
Compliance (Legal obligation): respond to lawful requests, enforce our Terms, and keep required records.

4) AI features — important information

Kivo offers AI-assisted drafting and formatting. AI outputs may be inaccurate, incomplete, or unsuitable for your context. You must review and approve content before publishing and ensure it complies with applicable laws and platform rules. We may use vetted third-party AI providers acting under data-processing terms; we do not permit providers to use your content to train public models beyond what is necessary to operate and improve the Service we provide to you.

5) Platform connections & third-party terms

When you connect a platform, you authorize us to publish on your behalf and retrieve minimal metadata needed for delivery (e.g., account IDs, posting status). Platform APIs, outages, or policy changes may affect scheduling; Kivo provides queue/retry where feasible and surfaces clear status so you can adjust timing or copy. You must comply with each platform’s terms and community rules.

6) Your responsibilities

You are responsible for: - the content you create and publish via Kivo;
- ensuring you have rights to the accounts you connect and to any content you upload;
- reviewing AI outputs and per-channel previews before posting;
- honouring applicable laws (e.g., advertising disclosures) and platform policies.

7) Cookies & analytics

Essential cookies keep you signed in and secure the Service.
Preferences store options like language and UI mode.
Analytics (if enabled) help us understand feature usage and improve reliability; we strive to use lightweight, privacy-respecting tools. You can control cookies via your browser, and where required we request consent for non-essential cookies.

We share personal data only with: - Service providers (processors): hosting, storage/CDN, email, logging/monitoring, analytics, payments, and AI inference—bound by contracts to act on our instructions.
- Social platforms you connect: to publish posts and retrieve status.
- Corporate & legal: as required by law, to protect rights/safety, or in a merger/acquisition (with notice and safeguards).

We do not sell your personal data.

9) International transfers

Your data may be processed outside the UK/EU. Where we transfer personal data internationally, we use adequacy decisions, Standard Contractual Clauses (SCCs) and/or the UK IDTA, plus additional safeguards as appropriate.

10) Security

We implement appropriate technical and organisational measures, including TLS in transit, encryption at rest where applicable, role-based access, and restricted production access. OAuth tokens for connected platforms are stored with industry-standard protections. No system is perfectly secure; please use a strong, unique password and keep your credentials safe.

11) Data retention

We retain data as long as necessary for the purposes in this Policy:

Account & workspace: for the life of your account and a reasonable period after closure (typically up to 24 months), unless law requires longer.
Content & schedules: while your account remains active; scheduled/posting metadata may persist for troubleshooting (up to 24 months).
Telemetry/logs: typically up to 180 days.
Backups: rolling backups typically 30–35 days.
Billing records: as required by law (usually 6–7 years).

We may keep aggregated or anonymised data that does not identify you.

12) Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent where processing is based on consent. To exercise rights, contact us (see §15). You also have the right to complain to your local data protection authority (UK: ICO), but we encourage you to contact us first so we can help.

13) Children

Kivo is intended for users 18+. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

14) Do Not Track & automated decisions

Browsers’ Do Not Track signals are not acted upon by our Service at this time. Kivo does not make automated decisions that produce legal or similarly significant effects about you.

15) Contact

Email (privacy/legal): [email protected]
Email (product/support): [email protected]
Post: LUX GLOBAL LTD (trading as Kivo), 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom.

16) Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we’ll notify you (e.g., by email or in-app). Continued use after the effective date means you accept the revised Policy.

Last updated: 28 August 2025