Privacy Policy
This Privacy Policy explains how Klioso ("App", "Service") collects, uses, shares, and protects personal data when you use our mobile app, PWA, websites, booking pages, and notification features.
1. Controller
Klioso — operated by Individual Entrepreneur Hosporian Alina in Ukraine.
Location: Mykolaiv, Ukraine
Contact: support@klioso.app
This Policy is governed by the laws of Ukraine, with mandatory application of the GDPR for users in the EEA and UK where applicable.
2. Scope
This Policy applies to: the Klioso iOS app, Klioso PWA / web app and websites, booking pages accessible via shared links, optional notification features (e.g., Telegram reminders), and optional calendar features (ICS).
3. Types of users
We process data related to Professionals (account holders) and Clients/visitors accessing booking pages via a professional's link.
4. Data you provide
Depending on use, you may provide: name (optional), email address, phone number, profile photo (optional), business name and service descriptions (optional), work address/location (optional), working hours, service prices, client notes and service history, in-app messages/content.
5. Data collected automatically
We may collect: IP address, device type and OS version, time zone and system language, app/site interaction events (analytics), crash logs and diagnostics.
Identifiers: We may use Apple IDFV for app functionality. We do not use IDFA.
6. Booking pages
Professionals may share booking links. Clients may provide booking-related data (name, phone, email, appointment details) to schedule an appointment.
7. Authentication SMS (Firebase)
We may send SMS verification codes for sign-in via Google Firebase Authentication and its SMS delivery partners. By using verification features, you agree to the processing of your phone number by these providers.
8. Notifications & reminders
A) Telegram reminders (optional)
If a client opts in via @klioso_notify_bot, the bot sends appointment reminders (24h and 2h before). We process: Telegram user/chat ID, appointment date/time, time zone. Messages are delivered via Telegram under Telegram's policies.
B) Other messaging
Additional reminder channels (e.g., WhatsApp) may be offered. If enabled, necessary data (phone number, message content) will be shared with the selected provider solely for delivery.
9. Calendar features (ICS)
You can add appointments to your calendar via an ICS file. We do not access your calendar and do not sync events automatically after import.
10. Payments & subscriptions
A) Web/PWA (Creem)
Payments on our website/PWA are processed by Creem (Merchant of Record). By purchasing, you agree to Creem's Terms and Privacy Policy.
B) iOS (Apple In-App Purchase)
iOS subscriptions are processed by Apple Inc. under Apple's Media Services Terms. Managed via your Apple ID settings.
C) Android (Google Play Billing)
Android subscriptions are processed by Google via Google Play Billing under Google's terms. Managed via your Google account.
D) Payment security
We do not store full payment card details. All sensitive financial data is handled exclusively by Creem, Apple or Google.
11. Storage & processing (Firebase)
We use Google Firebase (Authentication and Firestore). Data may be stored/processed in the United States and/or Europe.
12. Data retention
We retain data while your account is active. After deletion request, personal data is removed within 30 days, unless retention is required by law. We may retain limited purchase/transaction references for legal or accounting reasons.
13. Sharing with service providers
We share data only with trusted providers to operate the Service: Google (Firebase, Analytics), Microsoft (Clarity), Apple (iOS subscriptions), Creem (payments), SMS delivery partners, Telegram, email/push providers. We do not sell personal data.
14. Communications
We may send push notifications, transactional emails, optional marketing emails, verification SMS, and Telegram bot messages (if opted in).
15. Cookies & web tracking
We use essential cookies, Google Analytics, and Microsoft Clarity (session replays, heatmaps) on our websites. You can opt out via browser extensions or settings.
16. Your rights (GDPR)
Where applicable, you may access, correct, delete, export your data, object to or restrict processing, and withdraw marketing consent. Contact support@klioso.app.
17. Children
Klioso is not intended for individuals under 18. We do not knowingly collect data from minors.
18. Security
We use SSL/TLS encryption in transit, encryption at rest, and access controls.
19. Changes
We may update this Policy. Material changes may be communicated via in-app notice or email.