This Privacy Policy explains how Kllivo (“Kllivo”, “we”, “us”) handles personal information when you visit kllivoapp.com, sign up for an account, run a restaurant storefront on our platform, or place an order through a restaurant that uses Kllivo. It is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA / CPRA).
We have deliberately written this in plain English so you can see exactly what data we hold and why. If anything is unclear, email us at support@kllivoapp.com and we will explain.
1. Who we are
Kllivo is a software-as-a-service platform that helps independent restaurants run their own branded ordering website, manage their menu and operations, and accept direct online or in-store payments. The full feature set is described on our About, Website Ordering, Payments, Multi-Branch, Customer & Staff Accounts and Analytics pages.
For the purposes of GDPR / UK GDPR, the data controller for the kllivoapp.com marketing site, the dashboard at the same domain, and the control panel is:
- Kllivo — contact: support@kllivoapp.com
- For GDPR / UK GDPR data-rights requests, use the same address or visit our contact form.
2. Scope & controller / processor roles
Kllivo handles two distinct types of personal data, and our role is different for each. Knowing which case applies to you tells you who is legally responsible for your data.
| Data flow | Our role | Who is the controller |
|---|---|---|
| You visit kllivoapp.com (marketing pages, the public site). | Controller | Kllivo |
| You sign up as a restaurant owner / staff member to use our dashboard. | Controller | Kllivo |
| You subscribe to our newsletter from the footer form. | Controller | Kllivo |
| You contact us via the website contact form. | Controller | Kllivo |
| You order food on a restaurant’s storefront powered by Kllivo (e.g. a sub-path or custom domain running our software). | Processor | The restaurant you ordered from |
3. What data we collect
The list below mirrors the actual database columns our software writes to. We keep it specific so you know exactly what we have.
3.1 Account data (when you sign up)
- Email address — required, used as your login identifier and for product / account email.
- First and last name — required, used in the dashboard UI and on outgoing email.
- Password — stored only as a one-way hash (we never see your plaintext password).
- “How did you hear about us?” — optional answer used for product analytics.
- Phone number, avatar, role and two-factor settings — collected later as you fill out your profile or enable 2FA.
- Sign-in metadata — email-verification timestamp, last-active timestamp and account creation / update timestamps.
3.2 Sign-in with Google (optional)
If you choose Continue with Google, Google sends us your Google account ID, email, first name, last name and profile picture URL. We use these to create or look up your Kllivo account. Google’s use of your data is governed by Google’s own privacy policy.
3.3 Restaurant profile data (provided in the dashboard)
- Restaurant name, public slug, tagline, business phone, business email, business address.
- Operating hours, logo, banner imagery, social media handles.
- Menu items, prices, categories, allergens, photos.
- Tax configuration, currency, delivery options, custom pages and policies.
Some of these items can contain personal data (e.g. an owner’s phone number used as the business contact line). They are treated with the same care as account data.
3.4 End-customer order data (when someone orders from a restaurant)
When a guest places an order on a restaurant’s storefront, we record the following on the restaurant’s behalf:
- Customer name, email, phone, delivery address (and structured delivery details).
- Order items, quantities, totals, taxes, tips, payment method and special instructions.
- The order channel (web or QR code) and order type (delivery, pickup, dine-in/table).
Repeat customers are also kept in the restaurant’s customer list with order count, total spent and last-order date so the restaurant can recognise them. This data belongs to the restaurant and is segregated per tenant in our database.
3.5 Newsletter subscribers (footer form)
- Your email address.
- Your IP address at the time of subscription (for spam / abuse prevention).
- The page or source you subscribed from.
3.6 Contact-form submissions
- Your name, email, optional subject, and the message you wrote.
- The submission is delivered to our team via email. We may keep a copy for follow-up.
3.7 Site analytics (only with your consent)
If, and only if, you click Accept on the cookie banner, our first-party analytics records the following per page view:
- An anonymous, client-generated session identifier — not linked to any name or email.
- Page path and page title.
- HTTP referrer.
- Any standard UTM marketing parameters that were present in the URL you arrived with (these are values you sent us when you clicked a marketing link — they are recorded as part of the page-view row, not stored separately).
- Coarse device type (mobile / tablet / desktop) computed from your viewport width.
- Browser family (Firefox / Chrome / Edge / Opera / Safari / Other) parsed from the user-agent string.
If you click Decline, no page-view records are written and no behavioural analytics is collected. Your decline decision itself is stored locally so we don’t ask again.
3.8 Audit logs (security)
Sensitive actions in the dashboard and control panel — for example connecting a payment gateway, changing roles, or deleting a record — are written to an internal security log with the user identifier, action and timestamp. This is retained for security and compliance purposes (see retention).
4. How we use your data
We use personal data for the following purposes, and nothing else:
- Provide the service. Authenticate you, render your dashboard, run your restaurant’s storefront, route orders, send order confirmations, calculate taxes.
- Process payments. Create checkout sessions on Stripe, Paystack, Flutterwave or POK Payments and verify the result. We never see card numbers (see section 10).
- Send transactional email. Order confirmations, payment receipts, password resets, sign-in alerts, billing invoices.
- Operate the platform. Detect and prevent abuse (rate limits, login throttling, audit logs), keep the service running, fix bugs.
- Improve the platform. Aggregate, anonymous analytics about which pages and features are used (only when you have given consent).
- Marketing — only if you opted in to our newsletter or otherwise gave consent. You can unsubscribe at any time using the link in any newsletter email.
- Legal compliance. Tax records, accounting records, lawful requests from authorities.
5. Legal bases (GDPR / UK GDPR)
| Activity | Legal basis |
|---|---|
| Creating and operating your Kllivo account; processing payments you initiate. | Contract (Art. 6(1)(b)) |
| Security, fraud prevention, audit logging, rate limiting. | Legitimate interests (Art. 6(1)(f)) |
| Site analytics cookies and the page-view tracker. | Consent (Art. 6(1)(a)) |
| Newsletter / marketing emails. | Consent (Art. 6(1)(a)) |
| Tax, accounting, anti-money-laundering record keeping. | Legal obligation (Art. 6(1)(c)) |
| Responding to a contact-form message. | Legitimate interests (Art. 6(1)(f)) |
Where we rely on consent, you can withdraw it at any time from the Cookie settings link in the footer (for cookies) or by clicking unsubscribe in any marketing email.
6. Who we share data with
We do not sell personal data. We share it only with the sub-processors below, each under a written contract that requires them to handle the data only for the agreed purpose:
| Provider | Purpose | Where |
|---|---|---|
| Stripe | Card payments (hosted checkout) | USA / EU / global |
| Paystack | Card payments (inline iframe) | Nigeria / global |
| Flutterwave | Card payments (hosted checkout) | Nigeria / global |
| POK Payments | Card payments (SDK iframe) | EU |
| Optional “Sign in with Google” OAuth | USA / global | |
| Cloud infrastructure provider | Cloud hosting and storage | Disclosed on request |
| Email service provider | Transactional and marketing email delivery | Disclosed on request |
Each of the four payment providers above is independently PCI DSS Level 1 certified; cardholder data goes directly to them and never touches our servers (see section 10).
Restaurant storefronts can also embed third-party analytics or pixels that the restaurant chooses (e.g. Meta Pixel, Google Analytics). Those are configured by the restaurant and disclosed in the restaurant’s own privacy notice.
We may also disclose data when required by law (court orders, valid regulator requests), or in connection with a corporate sale, merger or insolvency — in which case the buyer must honour this Privacy Policy.
7. International transfers
Some of our sub-processors are based outside of the EEA / UK. Where personal data leaves the EEA / UK, we rely on:
- The European Commission’s Standard Contractual Clauses (SCCs) and the UK’s International Data Transfer Addendum (IDTA); or
- An adequacy decision (e.g. EU-US Data Privacy Framework) where one is in force.
A copy of the safeguards is available on request from support@kllivoapp.com.
8. How long we keep data
| Category | Retention |
|---|---|
| Active account data (users, restaurants). | For as long as the account is active. |
| Closed-account data. | Deleted within 30 days of closure, except for items required by law. |
| Order records and payment transactions. | Up to 7 years (or longer if required by tax / accounting law in your jurisdiction). |
| Audit logs (security). | Minimum 12 months; up to 24 months. |
| Cookie consent records. | Up to 12 months from your decision. |
| Site-analytics page views (consented). | Up to 24 months, then aggregated / deleted. |
| Newsletter subscribers. | Until you unsubscribe. |
| Contact-form messages. | Up to 24 months after the conversation closes. |
9. Cookies & similar technologies
We use a small number of cookies and browser-storage entries. The categories are:
9.1 Strictly necessary (no consent required)
- Authentication / session — keeps you signed in to the dashboard or control panel.
- Theme preference — remembers your choice of light or dark mode.
- Cookie-consent record — remembers your accept / decline choice so we don’t ask again.
- Page-transition state — drives the smooth page-transition animation between routes.
9.2 Analytics (consent required)
- An anonymous, per-tab session identifier (cleared when you close the tab).
- If you arrived through a marketing link with UTM parameters in the URL, those parameters are kept in browser storage for the duration of your visit so the same campaign can be attributed to any page you view in the same session. UTM parameters in the URL itself are not personal data; only the act of storing them on your device requires consent, which is why this entry is in the consent-required category.
- The server-side records described in section 3.7.
You can change your cookie decision at any time using Cookie settings in the footer.
10. Payment data & PCI DSS
Kllivo never sees, stores, or transmits your full card number, expiry, or CVV. All four supported payment routes are designed so that card data goes directly to the gateway:
- Stripe — you are redirected to Stripe’s hosted checkout; the card form is on Stripe’s own domain.
- Paystack — the card form is rendered inside an iframe served by Paystack.
- Flutterwave — you are redirected to Flutterwave’s hosted checkout.
- POK Payments — the card form is rendered inside an iframe served by POK Payments.
Our servers only ever receive a gateway-issued reference plus the amount, currency and outcome status — never raw cardholder data. As a result we are eligible for SAQ A, the simplest PCI DSS self-assessment, because all card-handling functions are outsourced to PCI DSS Level 1 validated providers.
11. Security measures
- HTTPS-only. All production traffic is forced to TLS, with HSTS, and modern TLS protocol versions only.
- Passwords are stored as salted one-way hashes; plaintext is never written to disk.
- Sensitive secrets (payment-gateway API keys, webhook secrets) are encrypted at rest with industry-standard authenticated encryption. The encryption key is held in an environment variable and is never committed to source control.
- Webhook signature verification on every incoming gateway notification, using each gateway’s recommended HMAC scheme and constant-time comparison.
- Tenant isolation. Every order and customer record is scoped to its restaurant; cross-tenant queries are not possible from the API layer.
- Login throttling and audit logging on sensitive actions.
- Strict Content-Security-Policy on storefront pages, allow-listing only the payment-gateway origins that need to load scripts or render iframes.
No system is perfectly secure. If you believe you have found a vulnerability, please report it to support@kllivoapp.com; we operate a coordinated disclosure policy.
12. Your rights
Subject to applicable law (and depending on whether we are the controller for the data in question — see section 2), you have the following rights:
- Right of access — ask for a copy of your personal data.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure (“right to be forgotten”) — ask us to delete your personal data, subject to legal retention requirements.
- Right to restriction — ask us to stop certain processing while a dispute is resolved.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — in particular, to direct marketing or to processing based on legitimate interests.
- Right to withdraw consent — for any processing based on consent.
- Right not to be subject to automated decision-making — we do not make legally significant decisions about you using purely automated means.
To exercise any of these rights, email support@kllivoapp.com or use our data request form. We respond within 30 days.
If you are in the EEA or UK and believe we have not handled your data correctly, you can complain to your local data protection authority (e.g. the UK ICO at ico.org.uk).
13. California privacy rights (CCPA / CPRA)
If you are a California resident, you also have the right to:
- Know what personal information we collect, use, share or sell.
- Request deletion of your personal information.
- Correct inaccurate personal information.
- Opt out of “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined under CCPA / CPRA.
- Limit the use of sensitive personal information.
- Not be discriminated against for exercising your rights.
Submit California requests to support@kllivoapp.com. We may need to verify your identity before responding.
14. Children
The Kllivo platform is intended for restaurant owners, their staff, and adult customers ordering food. We do not knowingly collect personal data from children under 13 (or under 16 in jurisdictions where that is the digital age of consent). If you believe a child has provided us with personal data, contact us and we will delete it.
15. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. For material changes (e.g. new categories of data, new sub-processors, new purposes), we will notify you by email and / or by an in-product banner before the change takes effect. Older versions are kept on file and available on request.
16. Contact us
Questions, complaints or data-rights requests:
- Email: support@kllivoapp.com
- Security disclosures: support@kllivoapp.com
- General contact form: kllivoapp.com/contact
