Privacy Policy

Welcome to ktzir-socials ("we," "our," "us," or "Company"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media automation platform (the "Service"). This policy applies to all users of our Service, regardless of their location.

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, ktzir-socials is the data controller of your personal information.

2.1 Information You Provide Directly

• Account Information: Name, email address, password (hashed), phone number (optional), profile photo
• Profile Information: Preferences, timezone, language settings, notification preferences
• Content: Posts, captions, images, videos, scheduled content, templates, campaign data
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors), transaction history
• Team Information: Team member details, roles, permissions (if using team features)
• Communications: Support tickets, feedback, survey responses, email correspondence
• Business Information: Company name, industry, business type (if provided)

2.2 Automatically Collected Information

• Device Information: IP address, device type, operating system, browser type and version, device identifiers, mobile carrier
• Usage Data: Pages visited, features used, time spent, clickstream data, search queries, interactions with content
• Location Data: General geographic location based on IP address (country, city level)
• Cookies and Tracking Technologies: See our Cookie Policy for details
• Log Files: Server logs, error logs, performance metrics, access timestamps
• Analytics Data: User behavior patterns, feature adoption rates, performance metrics

2.3 Social Media Account Information

When you connect your social media accounts (Facebook, Instagram, TikTok, LinkedIn, YouTube, Twitter, Snapchat), we collect and store the following information in accordance with each platform's terms and your permissions:

• Account credentials and access tokens (encrypted and securely stored)
• Profile information (username, profile picture, follower count, etc.)
• Content published through our platform
• Analytics and engagement data (likes, comments, shares, views, reach, impressions)
• Account settings and preferences

We only access and collect data from your social media accounts that is necessary to provide our Service. You can revoke access to your social media accounts at any time through your account settings or the respective platform settings.

2.4 Third-Party Information

We may receive information about you from third-party services that you use in connection with our Service:

• Social media platforms (when you connect accounts)
• Payment processors (transaction confirmations, payment status)
• Authentication providers (if you use social login)
• Analytics and advertising partners (aggregated and anonymized data)

We use the information we collect for the following purposes:

3.1 Service Provision

• Create and manage your account
• Authenticate and authorize access to the Service
• Connect and manage your social media accounts
• Schedule, publish, and manage content across platforms
• Provide AI-powered features (content generation, optimization, recommendations)
• Generate analytics and performance reports
• Enable team collaboration features
• Process payments and manage subscriptions

3.2 Communication

• Send you service-related notifications (account updates, security alerts, system maintenance)
• Respond to your support requests and inquiries
• Send you administrative information (changes to terms, policies, or services)
• Provide customer support and technical assistance

3.3 Service Improvement

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Conduct research and analytics
• Personalize your experience
• Optimize performance and fix bugs

3.4 Security and Compliance

• Detect, prevent, and address security threats and fraudulent activities
• Enforce our Terms of Service and other policies
• Comply with legal obligations and respond to legal requests
• Protect the rights, property, and safety of our users and third parties
• Investigate and resolve disputes

3.5 Marketing and Promotions (with your consent)

• Send you promotional communications about new features, products, or services
• Share updates, tips, and best practices
• Invite you to participate in surveys or feedback programs
• Display personalized advertisements (you can opt out at any time)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal information based on the following legal bases:

• Contract Performance: To perform our contract with you (providing the Service)
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud (we balance our interests against your privacy rights)
• Consent: When you have given clear consent (e.g., marketing communications, optional cookies)
• Legal Obligation: To comply with legal requirements (tax obligations, law enforcement requests)
• Vital Interests: To protect your vital interests or those of another person

You have the right to object to processing based on legitimate interests. If you wish to object, please contact us at privacy@ktzir-socials.com.

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers and Data Processors

We share your information with trusted third-party service providers who assist us in operating our Service. These providers are contractually obligated to protect your information and only use it for specified purposes:

• Cloud Hosting: Azure, AWS, or similar cloud infrastructure providers
• Payment Processors: Paystack, Flutterwave, Stripe, or other payment providers
• Email Services: Email delivery and management services (Resend, SendGrid, Mailgun, AWS SES)
• Analytics: Analytics and monitoring services (Google Analytics, Sentry, etc.)
• Customer Support: Customer support and helpdesk platforms
• AI Services: OpenAI or other AI service providers for content generation features
• Social Media Platforms: When you authorize us to publish content to your connected accounts

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities:

• To comply with legal obligations, court orders, or legal processes
• To respond to government requests or regulatory inquiries
• To enforce our Terms of Service or other agreements
• To protect our rights, property, or safety, or that of our users or others
• To investigate potential violations or fraud

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our Service of any such change in ownership or control.

4.4 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as when you choose to integrate third-party services or share content publicly.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or other business purposes.

When we share your information with third-party service providers, we enter into data processing agreements (DPAs) that require them to:

• Process your information only for the purposes specified in the agreement
• Implement appropriate technical and organizational security measures
• Comply with applicable data protection laws
• Notify us of any data breaches
• Delete or return your information upon termination of the agreement

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: Data encryption in transit (TLS/SSL) and at rest
• Access Controls: Role-based access controls and authentication mechanisms
• Secure Storage: Secure cloud infrastructure with industry-standard security practices
• Password Security: Passwords are hashed using industry-standard algorithms (Argon2)
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Security awareness training for employees with access to personal data
• Incident Response: Procedures for detecting, responding to, and mitigating security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

If we become aware of a security breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

Depending on your location, you may have various rights regarding your personal information. We will honor your requests to the extent required by applicable law.

6.1 General Rights (All Users)

• Access: Request access to your personal information and receive a copy
• Correction/Rectification: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Account Closure: Close your account at any time through account settings
• Cookie Preferences: Manage cookie preferences through our Cookie Policy page
• Marketing Opt-Out: Unsubscribe from marketing communications at any time

6.2 GDPR Rights (EU/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following additional rights:

• Right to Access: Obtain confirmation and a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure ("Right to be Forgotten"): Request deletion under certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correction: Request correction of inaccurate personal information

You can designate an authorized agent to make requests on your behalf. We may require verification of your identity and the agent's authorization.

6.4 PIPEDA Rights (Canadian Residents)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Access to your personal information
• Correction of inaccurate information
• Withdrawal of consent (subject to legal requirements)
• Right to file a complaint with the Privacy Commissioner of Canada

6.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@ktzir-socials.com or through your account settings. We will respond to your request within 30 days (or as required by applicable law).

For security purposes, we may need to verify your identity before processing your request. We may ask you to provide additional information to confirm your identity.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your authority at edpb.europa.eu.

We use cookies and similar tracking technologies to collect and store information. For more detailed information about our use of cookies, please see our Cookie Policy.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

• Account Information: Retained while your account is active and for a reasonable period after account closure (typically 90 days) to allow account recovery
• Content: Retained while your account is active. You can delete content at any time
• Payment Information: Retained as required by financial regulations (typically 7 years for tax and accounting purposes)
• Usage Data: Retained for up to 2 years for analytics and service improvement
• Communication Records: Retained for up to 3 years for customer support purposes
• Legal Requirements: Some information may be retained longer if required by law, court order, or to resolve disputes

8.2 Deletion

When we no longer need your information or upon your request (subject to legal requirements), we will:

• Securely delete or anonymize your personal information
• Remove your data from active systems
• Retain only information necessary for legal compliance or dispute resolution

8.3 Backup Data

Information stored in backup systems may be retained for up to 90 days before being permanently deleted. Deleted information may persist in backup copies for a limited period but will not be used for processing.

Our Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@ktzir-socials.com. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information from our servers.

In the United States, our Service is not directed to children under 13, and we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13.

Our Service uses automated decision-making and profiling in the following ways:

• AI Content Generation: We use AI to generate captions, hashtags, and content suggestions based on your content and preferences
• Engagement Prediction: We analyze patterns to predict optimal posting times and content performance
• Personalization: We customize your experience based on your usage patterns and preferences
• Recommendations: We provide content and feature recommendations based on your behavior

If you are located in the EEA or UK, you have the right to:

• Request human intervention in automated decision-making processes
• Express your point of view regarding automated processing
• Contest decisions made solely by automated means that have legal or similarly significant effects

To exercise these rights, contact us at privacy@ktzir-socials.com.

In the event of a data breach that may affect your personal information, we will:

• Notify relevant supervisory authorities within 72 hours (as required by GDPR for EU residents)
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Provide clear information about the nature of the breach and steps being taken to address it
• Recommend measures users can take to protect themselves

Notification methods may include email, in-app notifications, or prominent notice on our website, depending on the severity and nature of the breach.

Your information may be transferred to and processed in countries other than your country of residence, including the United States, Canada, and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your country.

10.1 Safeguards for International Transfers

When we transfer your personal information outside the EEA, UK, or other jurisdictions with strict data protection laws, we implement appropriate safeguards to ensure your information remains protected:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses when transferring data from the EEA/UK
• Adequacy Decisions: We rely on adequacy decisions where available
• Data Processing Agreements: We enter into agreements with service providers that include data protection obligations
• Binding Corporate Rules: Where applicable, we may rely on binding corporate rules
• Certification Schemes: We may use certified service providers (e.g., Privacy Shield-certified, though Privacy Shield was invalidated, we use alternative safeguards)

10.2 Your Rights Regarding Transfers

If you are located in the EEA, UK, or other jurisdictions with strict data protection laws, you have the right to obtain information about the safeguards we use for international transfers. Contact us at privacy@ktzir-socials.com for more details.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our Service (for material changes)

Your continued use of our Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the changes, you may stop using the Service and close your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Our Service may contain links to third-party websites, services, or applications that are not owned or controlled by us. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party services you access through our Service, including social media platforms, payment processors, and other integrated services.

Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Our Service does not currently respond to DNT browser signals or mechanisms. However, you can manage your cookie preferences through our Cookie Policy page and opt out of certain tracking through your browser settings.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For requests to exercise your privacy rights, please include:

• Your full name and email address associated with your account
• Description of the right you wish to exercise
• Any additional information that may help us process your request

We will respond to your request within 30 days (or as required by applicable law). For EU residents, you also have the right to lodge a complaint with your local data protection authority.