Privacy Policy

1. Information We Collect

Account data: name, email, password (hashed), preferences, language.
Business data: business name, industry, logos, brand description, target audience, and any other information you submit during onboarding.
Generated content: AI-generated images, captions, hashtags, scheduled posts.
Usage data: pages visited, features used, credit consumption, error logs.
Payment data: handled by our payment provider Creem. Kelvyr does not store full credit card numbers; we receive only billing metadata (plan, last 4 digits, subscription status).
Social account tokens: when you connect Instagram, Facebook, X/Twitter, LinkedIn, TikTok, or YouTube, we store OAuth tokens to publish on your behalf within the scopes you approved.

2. How We Use Your Information

To provide the Service (account, AI generation, scheduling, posting), to process payments and subscriptions, to communicate service-related and transactional messages, to detect abuse and fraud, to improve the Service (aggregated analytics), and to comply with legal obligations.

3. Sharing With Third Parties

We share data only with providers strictly necessary to operate the Service:

• Supabase — database, authentication, storage.
• Creem — payment processing and subscription billing.
• Google (Gemini, Imagen) — AI text and image generation.
• Resend — transactional email delivery.
• Vercel — hosting and edge infrastructure.
• Connected social platforms — to publish your posts on your behalf.

We never sell your personal data.

4. Cookies & Tracking

We use strictly necessary cookies for authentication and language preference, and limited analytics to understand product usage. See our Cookie Policy for details.

5. Data Retention

We retain account and business data as long as your account is active. Upon account deletion, we delete or anonymize personal data within 30 days, except where retention is required by law (e.g., tax and billing records, typically 10 years under Turkish commercial law).

6. Your Rights

Depending on where you live (GDPR for EU, KVKK for Turkey, CCPA for California, etc.) you have the right to: access your data, correct inaccurate data, request deletion, restrict or object to certain processing, data portability, and to withdraw consent. To exercise any of these rights, email support@kelvyr.com.

7. Security

We apply industry-standard safeguards: encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, and regular dependency audits. No system is 100% secure; you are responsible for keeping your password confidential.

8. International Transfers

Your data may be processed in countries other than your country of residence (including the United States and the European Union), where our providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or within the Service.

11. Contact

For privacy questions, email support@kelvyr.com.