Klippo – Privacy Policy

2. Data We Collect

The data we collect depends on the service model in use:

(a) Client-Owned Channel Model

When the client owns the TikTok account and grants Klippo access, we may collect:

• name, email address, and contact details provided during onboarding;
• streaming platform usernames and channel links;
• TikTok account authorization tokens (OAuth) for managing the channel;
• stream recordings and video content provided for clipping;
• channel performance data via TikTok API (views, followers, engagement); and
• communication records (emails, messages).

(b) Klippo-Owned Channel Model

When Klippo creates and owns the TikTok account on behalf of the client, we do not collect the client's personal data through the TikTok account itself. In this model, we collect only:

• name, email address, and contact details provided during onboarding;
• stream recordings and video content provided or made accessible by the client for clipping;
• channel performance data (as the account holder, this data belongs to Klippo); and
• communication records (emails, messages).

In both models, payment information is processed by third-party providers (e.g., Stripe, PayPal) and is not stored directly by Klippo.

3. How We Use Your Data

We process your data solely for the following purposes:

• to deliver the managed clip farming and channel management service;
• to publish content to the designated TikTok channel;
• to monitor channel performance and provide reports to clients;
• to manage billing and subscriptions;
• to communicate with you about the service; and
• to comply with legal obligations.

We do not use your data for advertising, profiling, or any purpose unrelated to the service.

4. Legal Basis for Processing

Our legal bases under GDPR are:

• Contract performance (Art. 6(1)(b)): processing necessary to deliver the agreed service;
• Legitimate interest (Art. 6(1)(f)): channel performance analytics and fraud prevention; and
• Legal obligation (Art. 6(1)(c)): compliance with applicable laws.

5. TikTok API Data Usage

Where Klippo accesses TikTok via API (in the client-owned channel model), we confirm that:

• we access only the permissions necessary to publish content, manage videos, and retrieve performance data;
• TikTok API data is used exclusively to provide the service to the authorizing client;
• we do not sell, share, or use TikTok API data for any purpose outside direct service delivery;
• API access tokens are stored securely and revoked upon service termination; and
• we comply with TikTok's Developer Terms of Service and Platform Data Use policies.

In the Klippo-owned channel model, Klippo is the registered account holder and operates the TikTok account directly. No client personal data is transmitted through or collected via TikTok APIs in this model.

6. Data Sharing

We do not sell your personal data. We may share data with:

• TikTok: via API, to publish and manage content on designated channels;
• payment processors (e.g., Stripe, PayPal) for billing purposes;
• internal Klippo team members who need access to deliver the service; and
• legal authorities if required by applicable law or court order.

All third-party processors are GDPR-compliant or operate under appropriate data processing agreements.

7. Data Retention

• Client contact and onboarding data is retained for the duration of the engagement plus 12 months;
• TikTok API tokens (client-owned model) are deleted within 30 days of service termination;
• Stream recordings and source content are deleted within 60 days of use or service termination; and
• Payment records are retained as required by applicable accounting law.

You may request deletion of your data at any time by contacting klippo.help@gmail.com.

8. Data Security

• encryption of data in transit (TLS/HTTPS);
• restricted access controls – only authorized Klippo staff access client data;
• secure storage of credentials and access tokens; and
• regular review of security practices.

9. Your Rights Under GDPR

As a data subject, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. To exercise any of these rights, contact klippo.help@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian data protection authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it.

10. International Transfers

Some data may be processed outside the EU (e.g., by TikTok's servers). Where this occurs, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Cookies

Klippo's website may use essential cookies for functionality only. We do not use advertising or tracking cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on our website and communicated to active clients. Continued use of the service after changes constitutes acceptance.

13. Contact

For any privacy-related questions or requests:

Klippo – klippo.help@gmail.com – Milan, Italy