Privacy Policy

Privacy Policy for Khyal Social
Effective Date: January 1, 2025

---

1. Introduction & Scope

Khyal Social (“we,” “us,” or “our”) provides a unified dashboard and website (https://khyalsocial.com) for businesses and individuals to manage, schedule, and analyze social media content across multiple platforms. This Privacy Policy covers both our web application (the “Tool”) and our public-facing website, and describes how we collect, use, share, and protect your information. It also details your privacy rights under the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Applicability

• GDPR (EU Residents): This policy satisfies our obligations under the GDPR for users in the European Economic Area (EEA), UK, and Switzerland.
• CCPA & CPRA (California Residents): This policy explains California residents’ rights under the CCPA and CPRA.

3. Terms of Service Reference

Our Privacy Policy works in tandem with our Terms of Service. Please review the full Terms of Service for details on user obligations, acceptable use, and disclaimers.

4. Definitions

• Personal Information / Data: Any information that identifies or can identify an individual.
• Processing: Any operation on Personal Information, including collection, storage, usage, disclosure, or deletion.

5. Information We Collect

5.1 Personal Information You Provide

• Account & Profile: Name, email, username, password (hashed), company name, billing address.
• Social Accounts: OAuth tokens, API credentials, profile IDs, and pages/groups you manage.
• Content & Media: Text posts, images, videos, captions, metadata uploaded through the Tool.
• Communications: Support requests, feedback, survey responses.
• Subscription & Billing: We use Stripe for payment processing; we do not store your credit card information—Stripe handles all card data under PCI DSS compliance.

5.2 Automated & Technical Data

• Device & Usage: IP address, browser type, operating system, device identifier, pages visited, timestamps, and error logs.
• Cookies & Tracking: Persistent and session cookies (including Google Analytics cookies), web beacons, and similar technologies to:
  • Analyze website traffic and Tool usage.
  • Optimize site performance.
  • Deliver personalized content.
• Third‑Party Pixels: Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, TikTok Pixel, and other social pixels implemented on our website for advertising and retargeting.
• API Interaction Logs: Records of calls to third‑party APIs (e.g., OpenAI for AI Composer, Adobe Express for editing, social media platforms) executed on your behalf.

6. Legal Bases for Processing (GDPR)

• Contractual Necessity: To provide and maintain the Tool’s features (auto-posting, analytics, scheduling, AI Composer).
• Consent: Where required for marketing communications or non-essential cookies/pixels. You may withdraw consent at any time in your account settings or via cookie controls.
• Legitimate Interests: Improving and securing our services, fraud prevention, platform monitoring.
• Legal Compliance: Fulfilling statutory obligations and responding to lawful requests.

7. How We Use Your Information

• Service Provision & Improvement: Enable auto-posting, analytics dashboards, live streaming, AI content generation, scheduling, calendar views, and team management.
• Website & Tool Analytics: Monitor usage patterns, page performance, and user engagement via Google Analytics and social pixels.
• Personalization & Support: Customize dashboard layout, content suggestions, and respond to support inquiries.
• Marketing & Communications: With your opt‑in consent, send news, product updates, and promotional offers.
• Security & Compliance: Detect unauthorized access, investigate incidents, and comply with legal obligations.

8. Information Sharing & Disclosure

8.1 Third‑Party Service Providers

We share required data with service providers under strict confidentiality:

• Social Media Platforms & APIs: Facebook Graph API, Instagram API, Twitter API (paid tier), TikTok, LinkedIn, YouTube, Pinterest, Reddit, VK, Odnoklassniki, Tumblr—for post scheduling, analytics retrieval, and Page Data Portability.
• AI & Content Services: OpenAI (ChatGPT), Google Gemini, Adobe Express API—for AI-driven text and image generation and editing.
• Payment Processor: Stripe—handles all payment transactions and card data.
• Hosting & Infrastructure: Cloud providers, CDN, database services.
• Analytics & Marketing: Google Analytics, Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, TikTok Pixel.

8.2 Legal & Regulatory

We may disclose Personal Information to comply with subpoenas, court orders, legal processes, or to protect rights and safety.

8.3 Business Transfers

In a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity—subject to the same privacy protections—and we will inform you prior to any such transfer.

9. International Data Transfers

Data may be stored and processed outside your country (including outside the EEA). We apply Standard Contractual Clauses or other approved safeguards to ensure protection of EU Personal Data.

10. Data Retention & Deletion

We retain Personal Information only as long as necessary for the purposes described or to meet legal obligations. When retention is no longer required, we securely delete or anonymize the data.

11. Data Security

We implement technical (TLS encryption, access controls, regular security audits) and organizational measures to protect data. However, no system is entirely secure—always safeguard your account credentials.

12. Your Rights & Choices

12.1 GDPR (EU Residents)

• Access & Portability: Obtain a copy of your data.
• Rectification: Correct inaccurate information.
• Erasure (“Right to be Forgotten”): Request deletion when lawful.
• Restriction & Objection: Limit or object to certain processing (e.g., direct marketing).
• Withdraw Consent: At any time without affecting prior processing.

12.2 CCPA/CPRA (California Residents)

• Right to Know: What categories of Personal Information we collect, use, or share.
• Right to Delete: Delete your Personal Information subject to exceptions.
• Right to Opt-Out: We do not “sell” Personal Information, but may “share” it for advertising; opt‑out via email at hello@khyalsocial.com.
• Non‑Discrimination: No penalty for exercising your CCPA rights.

To exercise rights, please contact us at hello@khyalsocial.com or use your account dashboard.

13. Children’s Privacy

• Under 16 (GDPR): Parental consent required.
• Under 18 (CCPA): We do not knowingly collect data from minors without consent.

Contact us to remove any child’s data.

14. Changes to This Policy

We may revise this policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or in-app notifications, and the Effective Date will be updated.

15. Contact Information

Data Protection Officer: Mohammad Inamullah
Email: hello@khyalsocial.com
Address: Prince Mohammed Bin Abdulrahman Rd, Al Malqa, Riyadh 13521, Saudi Arabia
Phone: +966 55 282 0758