Last updated: June 22, 2026 Effective date: June 22, 2026
This Privacy Policy explains how ESOFTVER DOO ("myKlyzo", "we", "us", or "our") collects, uses, stores, shares, and protects personal data in connection with the myKlyzo platform, websites (myklyzo.com, app.myklyzo.com), desktop application, and related services (collectively, the "Service").
We are committed to protecting your privacy and handling your data transparently and lawfully under the EU General Data Protection Regulation (GDPR), the Serbian Law on Personal Data Protection ("Zakon o zaštiti podataka o ličnosti", "Sl. glasnik RS", No. 87/2018) ("ZZPL"), and the developer and data-use policies of the platforms we integrate with (Meta, Google, LinkedIn, X, and others).
1. Who we are (Data Controller)
| Legal entity | ESOFTVER DOO |
| Tax ID (PIB) | 113339582 |
| Registered address | Bavaništanski put 334, 26101 Pančevo, Serbia |
| Website | https://www.esoftver.rs · https://www.myklyzo.com |
| Privacy contact | hi@esoftver.rs |
| Data Protection contact / DPO | hi@esoftver.rs |
If you are located in the European Economic Area (EEA) and we are required to appoint an EU representative under Article 27 GDPR, the representative's details will be published here.
2. Our two roles: Controller and Processor
myKlyzo acts in two distinct capacities, and your rights and our obligations depend on which applies:
- We are the Data Controller for personal data of our account holders — the people who register for and use myKlyzo (e.g., your name, email, login, billing data, support communications, and usage of our Service).
- We are a Data Processor for the data you import through your connected accounts — the content, audience, engagement, and analytics data that you, as our customer, pull from third-party platforms (Facebook, Instagram, LinkedIn, X, YouTube, Google Analytics, Google Ads, Google Search Console). For that data, you (or your organization) are the Controller, and we process it only on your instructions, to provide the Service. The processor terms governing this relationship are set out in our Data Processing Agreement (DPA), which forms part of our agreement with you.
3. Information we collect
3.1 Data you provide to us
- Account data: name, email address, password (stored hashed), organization/company name, role, language preference.
- Billing data: plan, billing contact, and transaction records (card data is handled by our payment processor; we do not store full card numbers).
- Support data: messages, attachments, and information you provide when you contact us.
3.2 Data we collect automatically
- Device and log data: IP address, browser type, operating system, device identifiers, time zone.
- Usage data: features used, pages viewed, actions taken, timestamps, and diagnostic/error logs.
- Cookies and similar technologies: see Section 12.
3.3 Data we collect from connected platforms (via OAuth, with your authorization)
When you connect a third-party account, you authorize us, through that platform's official API, to access data needed to provide the Service. Depending on the platforms you connect, this may include:
- Meta (Facebook & Instagram): Facebook Page data; Instagram professional account data; your posts, comments, reactions and engagement; Page and content insights/analytics; advertising performance data; Page and user access tokens; app-scoped user IDs; profile names and pictures of the connected account and of people who interact with your content.
- LinkedIn: organization (Company Page) data; your posts, comments and reactions; page, follower and visitor statistics; demographic breakdowns; and identifiers (organization, post, and comment URNs).
- X (Twitter): your posts/replies and their metrics, and account identifiers.
- YouTube (via YouTube API Services): your channel, videos, video metrics, comments, and analytics.
- Google Analytics 4, Google Ads, Google Search Console: website/app traffic, audience, conversion, advertising spend/performance, and search-performance metrics for properties you authorize.
We request only the data and permissions (scopes) necessary to provide the features you use, and we use connected-platform data only as described in this Policy and as permitted by each platform.
3.4 AI feature data
When you use AI generation features (e.g., AI images or video), we process the prompts and any images you provide to generate the requested output. See Section 13.
4. How and why we use information (purposes), mapped to permissions
We use personal data for the following purposes. For data accessed from connected platforms, each purpose maps to the specific permission/scope we request:
| Purpose | Connected-platform permissions used (examples) |
|---|---|
| Show your accounts, content and analytics in dashboards | pages_show_list, pages_read_engagement, read_insights, instagram_basic, instagram_manage_insights, LinkedIn read scopes, Google read-only scopes, YouTube read scopes |
| Publish and schedule content on your behalf | pages_manage_posts, instagram_content_publish, LinkedIn/X/YouTube publishing scopes |
| Manage comments and engagement | pages_manage_engagement, instagram_manage_comments, LinkedIn comment scopes |
| Manage assets across your Business account | business_management |
| Read advertising performance for reporting | ads_read, Marketing API, Google Ads read scope |
We also use account, usage and device data to: operate, secure and improve the Service; authenticate you; provide customer support; process billing; prevent fraud and abuse; comply with legal obligations; and communicate service and (with your consent, where required) marketing messages.
We do not sell your personal data, and we do not use connected-platform data for advertising, profiling unrelated to the Service, or any purpose other than the permitted purposes for which each permission was approved.
5. Legal bases for processing (GDPR / ZZPL)
- Performance of a contract (Art. 6(1)(b)): to create and manage your account, connect your accounts, publish content, deliver analytics, and provide support and billing.
- Consent (Art. 6(1)(a)): for connecting third-party accounts; non-essential cookies and analytics; optional features, including AI features that send content to third-party model providers; and marketing communications. You may withdraw consent at any time.
- Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud and abuse, maintain and improve the Service using aggregated data, and conduct limited B2B communications with existing customers. We balance these interests against your rights.
- Legal obligation (Art. 6(1)(c)): to keep accounting/tax records and to respond to lawful requests from authorities.
6. How we share and disclose information
We share personal data only as follows:
- Service providers (sub-processors): cloud hosting and infrastructure, database and storage, email delivery, error monitoring, payment processing, and AI model providers — each bound by a written agreement to process data only on our instructions and to protect it. A current list of sub-processors is available at https://www.myklyzo.com/sub-processors.
- Connected platforms: when you publish or manage content, we transmit it to the relevant platform (Meta, LinkedIn, X, YouTube) at your direction.
- Legal and safety: where required by law, legal process, or to protect rights, safety, and security.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy and applicable law.
We never sell, rent, or license personal data, and we never sell or transfer access tokens, user IDs, or app secrets, except to a service provider that helps us operate the Service under contract.
7. Third-party platform policies (Limited Use and compliance)
Our access to and use of information from third-party platform APIs complies with each platform's developer terms and data-use policies, including the following:
Google API Services — Limited Use. myKlyzo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we use Google user data only to provide or improve user-facing features that are prominent in the myKlyzo interface; we do not transfer or sell this data except as necessary to provide those features (with your consent), for security, to comply with law, or in a merger/acquisition with your consent; we do not use it for advertising; we do not allow humans to read the data except with your affirmative consent, for security, to comply with law, or where the data is aggregated for internal operations; and we do not use it to train generalized artificial-intelligence or machine-learning models. These limits apply to raw data and to data derived from it.
YouTube API Services. Our Service uses YouTube API Services. By using these features you agree to be bound by the YouTube Terms of Service. The use of YouTube data is also subject to the Google Privacy Policy. You can review and revoke myKlyzo's access to your data via the Google security settings. For EU users, our handling complies with Google's EU User Consent Policy.
Meta Platform Terms. Our handling of Facebook and Instagram data complies with the Meta Platform Terms and Developer Policies. We maintain safeguards that meet or exceed industry standards, we do not sell Platform Data, we obtain valid consent before connecting accounts, and we honor data-deletion requests (see Section 11).
LinkedIn. We use LinkedIn member and organization data solely to manage your LinkedIn Pages within myKlyzo. We do not export, sell, or combine LinkedIn member data, do not use it for advertising or prospecting, and we enforce LinkedIn's data-retention limits (for example, non-authenticated members' profile data is cached for no more than 24 hours, social-activity data for no more than 48 hours, and Page reporting data for up to 1 year), in accordance with the LinkedIn API terms and LinkedIn Privacy Policy.
8. International data transfers
We are established in Serbia, which is outside the EEA. Where we transfer personal data between the EEA, Serbia, and other countries (including via service providers in the United States), we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs), the EU-US / UK / Swiss Data Privacy Framework where applicable, and the transfer mechanisms recognized by the Serbian Commissioner under the ZZPL. We will provide information about the safeguards used on request.
9. Data retention
We retain personal data only for as long as necessary for the purposes described in this Policy:
- Account data: for the life of your account and for a limited period after closure to allow reactivation, then deleted or anonymized.
- Connected-platform data: for as long as your account remains connected and as needed to provide the Service; deleted or anonymized when you disconnect the account, delete your myKlyzo account, or request deletion, and in any case within the retention limits required by each platform (see Section 7).
- Billing/accounting records: for the period required by Serbian tax and accounting law.
- Logs and diagnostics: for a limited period for security and troubleshooting.
When data is no longer needed, we delete it or irreversibly anonymize it.
10. Data security
We implement technical and organizational measures designed to meet or exceed industry standards, including encryption of access tokens and sensitive data, access controls and least-privilege principles, network and application security, monitoring, and regular review. We never separately collect your platform login credentials, and we protect access tokens and secrets from unauthorized access, transfer, or sale. No method of transmission or storage is completely secure, but we work continuously to protect your data. You can report a suspected security issue to hi@esoftver.rs.
11. Data deletion and account closure
You can request deletion of your personal data at any time:
- Self-service: disconnect any platform from within myKlyzo (which removes the associated tokens and data), or delete your myKlyzo account from Settings, which triggers deletion of your account and associated personal data.
- By request: email hi@esoftver.rs and we will action your request.
- Via Facebook: if you connected with Facebook Login, you can remove myKlyzo in your Facebook settings and send a data-deletion request; we operate a Data Deletion Request Callback that initiates deletion of your data and provides a confirmation code and a status page where you can check the progress of your request. Our standalone instructions are available at https://www.myklyzo.com/data-deletion.
Deleting your account permanently removes your personal data and the connected-account data we hold for you, except where we are required by law to retain certain records.
12. Cookies and similar technologies
We use cookies and similar technologies in four categories: strictly necessary (required to operate and secure the Service), functional (remember your preferences, e.g., language), analytics/performance (understand how the Service is used, e.g., Google Analytics), and marketing (only where applicable). Strictly-necessary cookies do not require consent; all others are set only after you give prior, granular, opt-in consent. You can change or withdraw your consent at any time via our cookie settings. For details, see our Cookie Policy at [COOKIE POLICY URL].
13. AI features and generated content
myKlyzo offers optional AI features that generate images and video from your prompts and inputs. When you use them:
- Your prompts and any images you provide are processed to generate the requested output and may be sent to third-party AI model providers listed in our sub-processor list. We keep AI features separated from connected-platform (Meta/Google/LinkedIn) data and do not use that platform data to train generalized AI/ML models.
- AI outputs may be inaccurate, incomplete, or similar to outputs generated for others. You are responsible for reviewing, verifying, and ensuring outputs comply with applicable law and the AI/synthetic-media rules of the platforms where you publish them.
14. Children
The Service is a business tool not directed to children. We do not knowingly collect personal data from anyone under the age of 16 (or the age of digital consent in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it.
15. Your rights
Subject to applicable law, you have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right not to be subject to solely automated decisions with legal or similarly significant effects.
To exercise your rights, contact hi@esoftver.rs. We will respond within one month (extendable where permitted). For connected-platform data where we act as processor, we will assist the relevant Controller (you or your organization) in fulfilling such requests.
You may lodge a complaint with a supervisory authority. In Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection ("Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti", https://www.poverenik.rs). If you are in the EEA, you may also contact your local data protection authority.
16. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where the change is material or alters how we use platform data, we will notify you and, where required, obtain renewed consent.
17. Contact us
Questions or requests regarding this Policy or your data: ESOFTVER DOO · hi@esoftver.rs · hi@esoftver.rs · Bavaništanski put 334, 26101 Pančevo, Serbia