Privacy Policy

1. Introduction

Kivio (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our interactive email widget platform (“the Service”).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Password (stored securely using bcrypt hashing)
Organization and company details
Google account information (if using Google OAuth)

2.2 Usage Data

We automatically collect:

Widget interaction data (views, submissions, conversions)
Feature usage and interaction patterns
Browser type, device information, and IP address (anonymized)
Pages visited and actions taken within the Service

2.3 Integration Data

When you connect third-party services (Klaviyo, Shopify, WooCommerce), we store OAuth tokens and access credentials securely. We may access:

Klaviyo: profile data, list and segment memberships, email templates, campaign and flow metrics, and account-level settings required to send and track emails
Shopify / WooCommerce: product catalog data, order and transaction events, and customer data as required to power email personalization and automation

2.4 Widget Submission Data

When end users interact with your email widgets, we collect the data they submit (e.g., review ratings, survey responses, phone numbers for SMS signup). This data is stored on behalf of your organization.

3. How We Use Your Information

We use collected information to:

Provide, maintain, and improve the Service
Process transactions and manage subscriptions
Send transactional emails (password resets, payment confirmations, usage alerts)
Generate analytics and reports for your organization
Sync data with connected third-party platforms at your direction
Monitor for abuse and enforce our Terms of Service
Respond to support inquiries

4. Data Sharing

We do not sell your personal information. We may share data with:

Service providers: Stripe (payments), Mailgun/Postmark (transactional email), Sentry (error monitoring), Upstash (rate limiting)
Third-party integrations: Only when you explicitly connect them (Klaviyo, Shopify, WooCommerce)
Legal requirements: When required by law, subpoena, or legal process

5. Data Security

We implement industry-standard security measures including:

Encrypted data transmission (TLS/HTTPS)
Secure password hashing (bcrypt)
OAuth 2.0 with PKCE for third-party integrations
Rate limiting to prevent abuse
Role-based access control for multi-tenant data isolation

6. Data Retention

We retain your account data for as long as your account is active. Widget submission data is retained for the duration of your subscription. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your personal data
Object to or restrict certain processing of your data
Export your data in a portable format
Withdraw consent at any time

To exercise these rights, contact us at hello@kivio.io.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use Sentry for error tracking and Vercel Analytics for usage metrics. We do not use advertising cookies or trackers.

9. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for any international data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

12. Contact

For privacy-related questions or concerns, contact us at hello@kivio.io.