Klyxor← Back to home

Legal

Privacy Policy

Last updated: May 29, 2026

1. Who we are

Klyxor ("Klyxor", "we", "us") is an AI-powered social media automation platform operated from Tbilisi, Georgia. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our website at klyxor.app and the related dashboard application (the "Service").

For any privacy-related question or to exercise your rights, contact us at privacy@klyxor.app.

2. Data we collect

We collect three categories of data:

  • Account data you provide directly: name, email address, password (hashed), business name, billing details, payment method tokens (handled by Stripe — we never store full card numbers).
  • Content & integration data generated by your use of the Service: brand kit (logo, colors, tone), AI prompts and generated outputs (videos, images, audio), social media account tokens for connected channels (Instagram, Facebook, YouTube, Telegram, etc.), scheduled posts and performance metrics.
  • Usage & technical data collected automatically: IP address, device type, browser, pages visited, clicks, session duration, cookie identifiers, error logs.

3. How we use your data

We process personal data to:

  • Provide, operate, and maintain the Service;
  • Generate AI content on your behalf via third-party AI infrastructure providers;
  • Publish content to your connected social media accounts on the schedule you set;
  • Process payments and prevent fraud (via Stripe);
  • Send transactional emails (sign-up confirmation, post-published notifications, billing receipts) and — only with your consent — product updates;
  • Improve features, debug issues, and ensure platform security;
  • Comply with our legal obligations.

4. Legal basis (GDPR)

For users in the European Economic Area or the United Kingdom, we process personal data on these bases:

  • Contract — to deliver the Service you subscribed to.
  • Legitimate interest — to secure, debug and improve the platform.
  • Consent — for marketing emails, optional cookies, and any sensitive data we may need to process.
  • Legal obligation — for tax, accounting, and law enforcement requests.

5. Third-party processors

We share personal data only with vetted processors:

  • Supabase (database, authentication, file storage) — EU (Frankfurt) region.
  • Vercel (application hosting, CDN, analytics) — EU (Frankfurt) primary region.
  • Stripe (payment processing, invoicing). Stripe processes your card data directly; we never see full PAN.
  • Third-party AI infrastructure providers — receive only the inputs you submit for generation. A current list is available on request at privacy@klyxor.app.
  • Social media platforms (the networks you connect, e.g. Meta, YouTube, TikTok, Telegram, LinkedIn) — receive the content you choose to publish via their APIs.
  • Resend (transactional email).

Each processor is bound by a Data Processing Agreement and processes data only on our documented instructions.

6. International transfers

Some processors (including Stripe and certain AI infrastructure providers) are based in the United States. Transfers outside the EEA rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, supplementary technical measures (encryption at rest and in transit).

7. Retention

We keep account data while your account is active. After deletion we retain a minimal set of data (billing records) for up to 10 years to comply with tax law. Generated content is deleted within 30 days of account deletion. You can export your data at any time from Settings → Data export.

8. Your rights

Depending on your jurisdiction you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. Submit requests to privacy@klyxor.app. We respond within 30 days. You may also lodge a complaint with your local data protection authority.

9. Cookies

Klyxor uses strictly necessary cookies for authentication and session management, and (with your consent) analytics cookies to understand how the Service is used. You can manage cookie preferences via your browser settings.

10. Security

We protect your data with TLS encryption in transit, AES-256 encryption at rest, Row Level Security on our database, periodic backups, and limited access for staff on a need-to-know basis. Social account tokens are encrypted with AES-256-GCM before being stored.

11. Children

The Service is not directed to anyone under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you by email or by a banner in the Service at least 14 days before the changes take effect.

13. Contact

Klyxor — Tbilisi, Georgia.
Privacy questions: privacy@klyxor.app
General contact: hello@klyxor.app