Privacy Policy
Last updated: July 7, 2026
1. Who this Policy applies to
This Policy applies to: visitors to our websites and marketing pages; Creators and their authorized users who register for or use the Service; and people who contact us, apply to our early-access program, or interact with our communications. It does not apply to fan personal data processed within the Service on a Creator’s behalf (see the note above).
2. Personal information we collect
2.1 Information you provide.
Account and profile details (name, email, business name, role); early-access or waitlist information; communications you send us (support, sales, feedback); and, when paid plans launch, billing contact and plan information. Kliio does not store full payment-card numbers; payment processing for any Kliio fees is handled by our payment processor.
2.2 Information we collect automatically.
When you use our websites or the Service, we collect usage and device information such as IP address, browser and device type, pages viewed, referring URLs, and product interactions, using cookies and similar technologies (see Section 5).
2.3 Information from third parties.
We may receive limited information from analytics providers, our infrastructure and security vendors, and, for prospects, from business-contact sources, consistent with applicable law.
2.4 Connected platforms.
When a Creator connects a platform to the Service, Kliio receives data through that integration to operate the Service. To the extent that data includes fan personal data, Kliio processes it as a processor under the DPA, not as a controller under this Policy.
3. How we use personal information
We use the personal information for which we are the controller to:
provide, operate, secure, and improve our websites and the Service;
create and administer accounts and respond to requests and support;
communicate about the Service, including service and security notices, and — where permitted — marketing about Kliio;
understand product usage and develop new features;
prevent fraud and abuse and maintain the security and integrity of our systems; and
comply with legal obligations and enforce our terms.
4. Legal bases (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR: contract (to provide the Service and account to you); legitimate interests (to secure, operate, analyze, and improve our products and to send business-to-business marketing, balanced against your rights); consent (where required, for example for certain cookies or marketing — you may withdraw it at any time); and legal obligation (to meet our legal and regulatory duties).
5. Cookies and similar technologies
We use cookies and similar technologies for essential site functionality, to remember preferences, to measure and analyze usage, and, where applicable, for limited marketing. You can control non-essential cookies through our cookie banner or settings and through your browser. Where required, we obtain consent before setting non-essential cookies. We honor recognized opt-out signals (such as Global Privacy Control) where required by law. Details are in our Cookie Notice / cookie settings.
6. How we share personal information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising in the sense those terms are used under U.S. state privacy laws. We disclose personal information only as follows:
Service providers / processors:
Vendors that host, support, secure, and help us operate our websites and the Service, under contracts that limit their use of the information (see our Sub-processor list for Service-related vendors).
Professional advisors and payment processing:
Auditors, lawyers, and our payment processor for Kliio’s own billing when paid plans launch.
Legal and safety:
Where required by law, to respond to lawful requests, to protect rights, safety, and the integrity of our systems, or to enforce our terms.
Business transfers:
In connection with a merger, financing, acquisition, or sale of assets, subject to appropriate confidentiality and continuity protections.
Consistent with our infrastructure positioning, Kliio does not sell Creator Data and does not use a Creator’s data to enrich, train, or build products for the benefit of other parties except as that Creator permits in writing.
7. International transfers
We may transfer, store, and process personal information in the United States and other countries. Where we transfer personal information from the EEA, UK, or Switzerland to a country without an adequacy determination, we use appropriate safeguards such as the Standard Contractual Clauses and the UK International Data Transfer Addendum. You may request more information using the contact details below.
8. Data retention
We keep personal information for as long as needed for the purposes described in this Policy — for example, for the life of your account and a reasonable period afterward — and as required to meet legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context. For Creator Data within the Service, retention and deletion follow the Agreement and DPA, including the export and wind-down provisions.
9. Security
We maintain technical and organizational measures designed to protect personal information appropriate to the risk. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. The security measures applicable to Creator Data within the Service are described in the DPA.
10. Your rights and choices
10.1 General.
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, to withdraw consent, and to opt out of marketing. You can exercise marketing opt-out using the unsubscribe link in our emails.
10.2 EEA/UK (GDPR).
You have the rights to access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority. We will respond consistent with the GDPR.
10.3 California and other U.S. state laws.
Subject to the applicable law and verification, you have the right to know/access, to delete, to correct, and to opt out of the sale or sharing of personal information and certain profiling. We do not sell or share your personal information, so no opt-out of sale/sharing is required, but you may still exercise your other rights. We will not discriminate against you for exercising your rights. You may use an authorized agent where permitted.
10.4 How to exercise rights.
Contact us at [PRIVACY EMAIL] or [REQUEST LINK]. We will verify your request as required by law before responding. If we cannot fulfill a request for fan personal data because Kliio is only the processor, we will direct you to the relevant Creator.
11. Children’s privacy
Our websites and the Service are intended for businesses and adults and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
12. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new “last updated” date and, for material changes, provide additional notice where required. Your continued use of our websites or the Service after the effective date means you acknowledge the updated Policy.
13. Contact us
Kliio, Inc.
[REGISTERED ADDRESS]
Privacy contact: [PRIVACY / DPO EMAIL]
EEA/UK representative (if appointed under Article 27): [REPRESENTATIVE NAME AND ADDRESS]
Annex — California (CCPA) Collection Notice
Identifiers (name, email, IP, account ID)
Collected: Yes. Source: You; automatically; vendors. Purpose: Provide and secure the Service; communications; fraud prevention.
Customer records (business contact, billing contact)
Collected: Yes. Source: You. Purpose: Account administration; billing when paid plans launch.
Commercial information (plan, usage of the Service)
Collected: Yes. Source: Automatically; you. Purpose: Operate, analyze, and improve the Service.
Internet/network activity (usage, device, cookies)
Collected: Yes. Source: Automatically. Purpose: Analytics; security; product improvement.
Geolocation (approximate, from IP) — Professional/business info (role, company) — Sensitive personal information: Not collected by Kliio about Creators/visitors. Inferences: Limited, derived from the above for product analytics and improvement.
Sold or shared: None. Retention: as described in Section 8. Sensitive personal information is not used for purposes requiring a right to limit.
© 2026 Kliio · The customer record creators own · We never sell your data

