Skip to content
Back to home
Kivio
Kivio

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Kivio (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our interactive email widget platform (“the Service”).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored securely using bcrypt hashing)
  • Organization and company details
  • Google account information (if using Google OAuth)

2.2 Usage Data

We automatically collect:

  • Widget interaction data (views, submissions, conversions)
  • Feature usage and interaction patterns
  • Browser type, device information, and IP address (anonymized)
  • Pages visited and actions taken within the Service

2.3 Integration Data

When you connect third-party services (Klaviyo, Shopify, WooCommerce), we store OAuth tokens and access credentials securely. We may access product catalog data, email template data, and customer event data as required by the integration.

2.4 Widget Submission Data

When end users interact with your email widgets, we collect the data they submit (e.g., review ratings, survey responses, phone numbers for SMS signup). This data is stored on behalf of your organization.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Send transactional emails (password resets, payment confirmations, usage alerts)
  • Generate analytics and reports for your organization
  • Sync data with connected third-party platforms at your direction
  • Monitor for abuse and enforce our Terms of Service
  • Respond to support inquiries

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Stripe (payments), Mailgun/Postmark (transactional email), Sentry (error monitoring), Upstash (rate limiting)
  • Third-party integrations: Only when you explicitly connect them (Klaviyo, Shopify, WooCommerce)
  • Legal requirements: When required by law, subpoena, or legal process

5. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (TLS/HTTPS)
  • Secure password hashing (bcrypt)
  • OAuth 2.0 with PKCE for third-party integrations
  • Rate limiting to prevent abuse
  • Role-based access control for multi-tenant data isolation

6. Data Retention

We retain your account data for as long as your account is active. Widget submission data is retained for the duration of your subscription. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict certain processing of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, contact us at hello@kivio.io.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use Sentry for error tracking and Vercel Analytics for usage metrics. We do not use advertising cookies or trackers.

9. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for any international data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

12. Contact

For privacy-related questions or concerns, contact us at hello@kivio.io.

See also our Terms of Service.