Privacy Policy

Welcome to Kaizup. The protection of your privacy, the security of your data and the transparency of our processing are at the heart of our priorities.

This Privacy Policy (the "Policy") aims to inform you exhaustively about the way in which Kaizup ("we", "our" or "us") collects, uses, stores, shares and protects your personal data when you use our website, our SaaS application and our associated services (collectively the "Services").

By accessing or using our Services, you acknowledge having read and understood this Policy. We are committed to respecting the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the "GDPR"), as well as any applicable national legislation.

This policy replaces and cancels all previous versions, including those relating to testing phases (Beta).

To facilitate the understanding of this document, here are the definitions of the key terms we use:

Personal Data (or "Data")

Any information relating to an identified or identifiable natural person (the "Data Subject"). This includes your name, email, IP address or social media identifiers.

Processing

Any operation or set of operations performed on personal data, such as collection, recording, organization, storage, modification, extraction, consultation, use or destruction.

Data Controller

The entity that determines the purposes and means of the processing. In the context of your account and your subscription, Kaizup acts as the Data Controller.

Processor

An entity that processes personal data on behalf of the Data Controller (e.g., our hosting providers, our emailing tools).

User

Any natural or legal person creating an account or accessing Kaizup Services.

Personal data is collected and processed by the company publishing the Kaizup solution.

Corporate Name

Kaizup

General contact email

info@kaizup.com

For any specific question relating to data protection, our Data Protection Officer (DPO) can be contacted directly at: info@kaizup.com (indicate "DPO" in the subject line).

In order to provide our Services, we collect different types of data. We apply the principle of minimization: we only collect data that is strictly necessary.

4.1. Identity and Contact Data

This data is collected when you create an account, subscribe to our newsletter or contact us.

• First and Last Name.
• Professional email address.
• Name of your company and your position (in a B2B context).
• Login credentials (encrypted password).

4.2. Financial and Transaction Data

We process data relating to your payments.

Important: Kaizup never stores your full bank card numbers or security codes (CVC) on its own servers. Everything is delegated to our partner payment platform Stripe.

• Purchase history, invoices, and subscription type.
• Billing address and intra-community VAT number.

4.3. Technical and Connection Data

With each use of our Services, we automatically collect certain metadata via our servers and analysis tools.

• IP (Internet Protocol) address.
• Type and version of the browser.
• Operating system.
• Internet Service Provider (ISP).
• Date and time of visit, time spent on pages.
• Error logs and crash reports.

4.4. Social Media Data (API)

The core service of Kaizup being the management and analysis of social networks, we collect data via third-party APIs when you connect your accounts (Facebook, Instagram, LinkedIn, TikTok, etc.).

• Social identifiers: Username, page ID, access tokens (encrypted keys allowing Kaizup to publish on your behalf).
• Public metrics: Number of subscribers, likes, comments, shares, video views.
• Content: Texts, images and videos that you schedule or publish via Kaizup.

4.5. Usage Data (Analytics)

We analyze how you navigate the application to improve ergonomics.

• Mouse paths (heatmaps), clicks on features, use of specific modules.

• Direct interactions: You voluntarily communicate your data to us (registration, contact form, support chat, newsletter registration).
• Automated technologies: During your navigation, we collect technical data via cookies, server logs and tracers (see Section 14).
• Third parties and publicly accessible sources: We may receive technical data from analysis providers (such as Google Analytics) or profile data via the APIs of the social networks you have expressly authorized to connect to Kaizup.

In accordance with the GDPR, we only process your data if we have a valid legal basis.

6.1. Provision of the Service (Contract)

Purpose: Account creation, authentication, access to SaaS features, publication of your posts on social networks, generation of reports.

Legal Basis: Execution of the contract. The processing is necessary to provide you with the service to which you have subscribed.

6.2. Invoicing and Accounting Management (Legal Obligation)

Purpose: Subscription management, collection of payments, issuance of invoices, fight against payment fraud, compliance with tax obligations.

Legal Basis: Legal Obligation. We are required by law to keep proof of financial transactions.

6.3. Customer Support and Assistance (Contract)

Purpose: Responding to your technical requests, resolving bugs, assisting you in the use of the tool.

Legal Basis: Execution of the contract.

6.4. Product Improvement and Security (Legitimate Interest)

Purpose: Analyzing bugs, monitoring server load, detecting intrusion attempts, improving UX, developing new features based on overall usage.

Legal Basis: Legitimate Interest. It is vital for Kaizup to maintain a secure and efficient platform.

6.5. Marketing and Communication (Consent & Legitimate Interest)

Purpose: Sending newsletters, product announcements, promotional offers.

Legal Basis: Consent for prospects who have never purchased services. Legitimate Interest for existing customers (soft opt-in), to inform you of products similar to those already purchased. You can always unsubscribe.

We do not directly manage financial transactions. We use a certified payment service provider (PSP): STRIPE.

This provider is audited and certified PCI-DSS (Payment Card Industry Data Security Standard) Level 1, the strictest security level available in the payment industry.

• During payment, you are redirected or connected directly to the secure servers of our provider.
• Kaizup only receives a transaction "token" and the last 4 digits of the card to allow you to recognize your means of payment, but never has access to your full banking information.

Kaizup is a centralized management platform that interacts with social networks via their official programming interfaces (API). By connecting your social accounts to our Application, you establish a direct technical link.

8.1. Meta Services (Facebook & Instagram)

To allow the management of your Facebook Pages and Instagram professional accounts, Kaizup uses Meta APIs via a secure protocol that grants us specific rights, without ever giving us access to your personal password.

• Profile Management and Authentication: We access your email address and public profile to validate your identity and link your digital assets to your Kaizup account.
• Administration of Pages and Accounts: We retrieve the list of Facebook Pages and Instagram accounts for which you are an administrator, including access to basic settings for linking with your Business Manager.
• Publication and Content Management: Kaizup is authorized to publish, schedule or modify content (posts, images, videos) on your behalf. We also access engagement data (likes, reactions) to allow you to monitor your posts.
• Analytics and Statistics: We extract performance data (post reach, impressions, clicks, aggregated audience demographics) to generate analysis reports within your dashboard.

8.2. LinkedIn Services

Kaizup allows the management of your professional presence on LinkedIn, for both individual profiles and organization pages.

• Identity and Connection: We use authentication protocols to verify your profile and your professional email address.
• Social Publication: We are authorized to publish messages, articles and media directly on your personal news feed or on that of the organizations you manage.
• Organization Management: For company pages, Kaizup accesses administration functions to read and publish institutional content on the organization's feed.
• Audience and Performance Measurement: We retrieve reach and interaction metrics for your posts as well as profile and page analytics to help optimize your content strategy.

8.3. TikTok Services

Integration with TikTok is strictly limited to content management and growth tracking features.

• Basic Information and Statistics: We access public information about your account and usage statistics (number of subscribers, profile evolution) to provide an overview of your performance.
• Video Transfer and Publication: Kaizup has the authorizations to upload your video files to TikTok servers and publish them according to your scheduling instructions.

8.4. Privacy Guarantees Related to APIs

Kaizup applies strict rules regarding data obtained via these third-party APIs:

• Purpose Limitation: Data collected via these APIs is only used to provide the publication, moderation and analysis features requested by the user.
• No Resale: Kaizup undertakes never to sell, rent or transfer this data to data brokers, advertising agencies or any other external third party.
• Limited Storage: Only the data necessary for the display of your historical statistics is kept. Access tokens are encrypted and stored securely.
• Right of Revocation: You can revoke Kaizup's access to your social networks at any time: directly from the Kaizup interface (Account settings), or via the security settings of each platform. The revocation results in the immediate deletion of authorization keys and the stop of any future data collection on the account concerned.

Kaizup will never sell your personal data to third parties. However, to operate our service, we share certain information with trusted providers (processors) who act according to our strict instructions.

9.1. Categories of Recipients

• Hosting and Infrastructure: Hetzner to store your data on secure servers.
• Payment Providers: Stripe to manage invoicing.
• Emailing Tools: MailerLite to send you transactional notifications and newsletters.
• Analysis Tools: Google Analytics to understand the use of the application (anonymized data as much as possible).

9.2. Legal Obligations

We may be required to disclose your data if the law requires it (judicial requisition), or to protect the rights, property or security of Kaizup, our users or the public.

9.3. Business Transfer

In the event of a merger, acquisition or sale of all or part of Kaizup's assets, your personal data could be transferred to the acquiring entity, provided that it respects the commitments of this Policy.

Kaizup is a company based in Europe and our main servers are located in the European Economic Area (EEA). However, some of our processors may be located outside the EEA, particularly in the United States.

In the case of a data transfer outside the EEA, we ensure that the transfer is framed by appropriate guarantees in accordance with the GDPR:

• The recipient country benefits from an adequacy decision from the European Commission.
• Or, we have signed Standard Contractual Clauses (SCC) approved by the European Commission, guaranteeing a level of protection equivalent to that of Europe.
• We prioritize providers adhering to the EU-US Data Privacy Framework.

We implement robust technical and organizational measures to protect your data against loss, unauthorized access, disclosure, alteration or destruction.

• Encryption: All data transiting between your browser and our servers is encrypted via SSL/TLS (HTTPS). Sensitive data stored in the database is also encrypted at rest.
• Access control: Access to your personal data is strictly limited to Kaizup employees and contractors who need it for their work. They are subject to strict confidentiality obligations.
• Monitoring: We carry out regular security audits and use intrusion detection tools.
• Passwords: We do not have access to your password in clear text; it is hashed (transformed into an unreadable string of characters) before being stored.

Despite these measures, no transmission over the Internet is 100% secure. We encourage you to use a strong and unique password, and to activate two-factor authentication if the option is available.

We only keep your data for the time necessary for the purposes for which it was collected, or to respect our legal obligations.

• Active account data: Kept as long as your account is active.
• Data after account deletion: If you delete your account, your personal data is erased from our active databases within 30 days (technical backups included).
• Billing data: Kept for 10 years, in accordance with current accounting and tax obligations.
• Marketing data (Prospects): Kept for 3 years after the last contact from you.
• Technical logs: Kept for a sliding duration of 6 to 12 months for security reasons.

In accordance with the GDPR, you have extensive rights over your data:

• Right of access: You can ask if we hold data about you and, if so, obtain a copy of it in a readable format.
• Right of rectification: You can correct inaccurate or incomplete data directly in your account settings or by contacting us.
• Right to erasure ("Right to be forgotten"): You can request the deletion of your data if it is no longer necessary, if you withdraw your consent, or if you object to the processing. Note that this right is not absolute (e.g., we must keep your invoices).
• Right to restriction of processing: You can ask to "freeze" the use of your data in certain cases (e.g., while we verify the accuracy of a contested piece of data).
• Right to portability: You can ask to recover your raw data (CSV or JSON format) to transfer it to another provider.
• Right of opposition: You can object at any time to the processing of your data for direct marketing purposes (newsletter).
• Right to withdraw your consent: For processing based on consent, you can withdraw it at any time. This does not call into question the legality of the processing carried out before the withdrawal.

To exercise your rights, send an email to info@kaizup.com with the subject "DPO Request". We undertake to respond within one month. For security reasons, we may ask you for proof of identity.

If you believe your rights are not respected, you have the right to lodge a complaint with the competent supervisory authority (e.g., the CNIL in France, the APD in Belgium).

During your first visit, a cookie banner allows you to accept or refuse non-essential cookies.

14.1. What is a cookie?

A cookie is a small text file placed on your terminal (computer, tablet, mobile) when visiting a site. It allows user data to be kept in order to facilitate navigation and enable certain features.

14.2. Types of cookies used

• Strictly necessary cookies: Essential for the operation of the application (connection, security, shopping cart). They cannot be deactivated.
• Preference cookies: Allow your choices to be remembered (language, display).
• Analytical cookies: Help us understand the site's audience (Google Analytics). This data is anonymized.
• Marketing cookies: Used to display relevant advertisements on other sites (retargeting).

You can at any time modify your preferences via the cookie management tool present on the site or via your browser settings.

In the event of a data breach (illegal access, leak, loss) presenting a risk to your rights and freedoms, Kaizup undertakes to:

• Notify the competent supervisory authority within 72 hours of becoming aware of the breach.
• Inform you as soon as possible if the breach presents a high risk for you, indicating the nature of the breach and the measures taken to remedy it.

Our Services are exclusively intended for a professional audience and for adults capable of entering into a contract. We do not knowingly collect personal data from minors under 16. If you are a parent or guardian and you think your child has provided us with personal data, please contact us so that we can delete this information.

Kaizup being in constant evolution (addition of new features, AI, new social networks), this policy may be updated.

• Minor changes: The "Last updated" date will be modified at the top of the document.
• Major changes: If the changes significantly impact your rights, we will actively inform you by email or via a visible notification in the application before the changes come into effect.

We invite you to consult this page regularly.

For any question, comment or concern regarding this Policy or our privacy practices, do not hesitate to contact us.

By email: info@kaizup.com (Subject: DPO / Privacy)