Privacy Policy

1. Who We Are

Yozzly LTD (Company No. 15131694 in the United Kingdom) is a multifaceted social media and marketing Software as a Service (SaaS) provider. Our registered office is located at 128 City Road, London, United Kingdom, EC1V 2NX. We specialize in helping businesses streamline their engagement and communications across various social media platforms, offering tailored marketing, automation, and analytics tools.

By leveraging our platform, users can optimize customer outreach, enhance brand visibility, and gain insights into social media interactions. We remain committed to operating transparently and in compliance with all applicable data protection laws, ensuring that any collected personal data is handled responsibly and securely.

2. Purpose of This Privacy Policy

This Privacy Policy aims to inform users about how Yozzly LTD collects, processes, stores, and shares personal data. Our goal is to ensure that all stakeholders, including users of our platform, understand the nature of data collection, how their personal information is used, and their rights under relevant data protection laws.

We value your privacy and are committed to safeguarding your personal data while providing the best possible services. This document outlines the legal framework under which we operate and explains the measures we take to protect your data. Additionally, it clarifies our compliance with various data protection regulations, such as the General Data Protection Regulation (GDPR) and the UK Data Protection Act.

Furthermore, this Privacy Policy covers our use of cookies and other tracking technologies, which help us enhance user experience and improve our services. By providing this comprehensive overview, we aim to maintain transparency and build trust with our users.

3. Scope of Data Collection

Yozzly collects personal data to provide high-quality services that help businesses engage with their audiences on social media. We collect personal information through direct user input, user authentication processes, and social media integrations. This includes, but is not limited to, data such as email addresses, IP addresses, and information from connected social media profiles.

Types of Data Collected

• Device Information: We collect device type, operating system, and browser type to enhance security, detect malicious activity, and provide analytics. This information is also collected from short URL visits to prevent spam and abuse. While system, browser, and device type information may be shared with users, IP addresses are used internally and never shared.
• Cookies: We use cookies for authentication and analytics purposes. These cookies help us improve user experience and service functionality. We do not use cookies for tracking or advertising purposes.
• Usage Data: We collect data on how users interact with our platform, such as pages visited, time spent on the site, and features used. This data helps us improve the app and tailor the user experience.
• Location Data: We collect IP-based location data for two-factor authentication (2FA) and to provide analytics for short URLs. IP addresses are used internally and are never shared with third parties. We do not collect precise location data.
• Communication Data: We collect chat logs from support interactions for quality assurance and training purposes. These logs are not shared with any third parties.
• Financial Data: Billing information is collected by Stripe on our behalf. We do not store any billing information other than card type, last four digits, and expiration date for security purposes.
• User-Generated Content: We do not collect any user-generated content. We only collect the data necessary for the service to function and for analytics to improve the service.

Data Collection Methods

• Direct Input from Users: When users create an account, interact with our platform, or subscribe to our services, they provide personal data directly.
• Social Media Connections: Users may connect their social media accounts, providing us access to information from those platforms in accordance with user permissions.
• Authentication Events: Information may also be collected during login and authentication events to ensure security and provide service continuity.
• Cookies and Analytics: We use cookies for authentication and analytics purposes, collecting data to improve user experience and service functionality.

By collecting this data, we aim to provide customized experiences, secure accounts, and improve the functionality of our platform. We do not collect unnecessary data and only gather information that is directly relevant to the service we provide.

4. Personal Data We Collect

Yozzly collects various types of personal data to provide and improve our services. This section outlines the specific categories of data we collect, how we collect it, and the purposes for which it is used.

4.1 Types of Personal Data Collected

• Email Address: Collected for account creation, communications, service-related notifications, and newsletters. Users can opt out of newsletters via the dashboard or the email itself. We never share email addresses with third parties.
• IP Address: Collected for security purposes, including two-factor authentication (2FA), tracking new devices or networks, and rate limiting to prevent spam and abuse. IP addresses are used temporarily and are never saved or shared with third parties.
• Social Media Data: Collected when users link their social media accounts to our platform. This includes all data that the platform and user have permitted us to access, such as profile information, posts, likes, and other metadata. This data is used to provide analytics and enhance service functionality. It is never shared with third parties and is removed when the user disconnects the account or as required by the social media platform's data retention policies.
• Device Information: Collected to enhance security and provide analytics. This includes device type, operating system, and browser type. This information is shared with users for transparency but is never shared with third parties.
• Usage Data: Collected to improve the app and user experience. This includes error logs, button clicks, page visits, time spent on pages, and other analytics data.
• Location Data: Collected based on IP addresses for 2FA and short URL analytics. This data is used internally for security and rate limiting purposes and is never shared with third parties.
• Communication Data: Collected from chat logs with support for quality assurance and training purposes. This data is not shared with third parties.
• Financial Data: Collected by Stripe on our behalf. We store Stripe events related to failed and successful subscriptions, adding and removing payment methods, but do not store any billing information other than the last four digits of the card, card type, and expiration date for security purposes.
• User-Generated Content: We do not collect or store user-generated content beyond what is necessary for the service to function. This data is scoped to the user's workspace and is never shared with third parties.

4.2 How We Collect Personal Data

• Direct Input from Users: When users create an account, interact with our platform, or subscribe to our services, they provide personal data directly.
• Social Media Connections: Users may connect their social media accounts, providing us access to information from those platforms in accordance with user permissions.
• Authentication Events: Information may also be collected during login and authentication events to ensure security and provide service continuity.
• Cookies and Analytics: We use cookies for authentication and analytics purposes, collecting data to improve user experience and service functionality.

By collecting this data, we aim to provide customized experiences, secure accounts, and improve the functionality of our platform. We do not collect unnecessary data and only gather information that is directly relevant to the service we provide.

5. How We Use Your Personal Data

We use your personal data primarily to enhance and improve our services. The data we collect is vital for maintaining the functionality of the platform, ensuring security, and offering customized features like analytics and messaging.

5.1 Purposes for Processing Data

• Service Improvement: To refine our platform and tailor the user experience. This includes analyzing usage data to identify areas for enhancement and troubleshooting issues.
• Enhance User Experience: To provide users with personalized recommendations and insights based on their interactions with the platform and linked social media accounts.
• Provide Security Features: To ensure that accounts are secure, monitor for unauthorized activity, and implement two-factor authentication (2FA) using IP-based location data.
• Communication: To send service-related notifications and newsletters. Users can opt out of newsletters via the dashboard or the email itself.
• Analytics: To collect and analyze data from short URL visits and user interactions to prevent spam, abuse, and improve service functionality.
• Support and Quality Assurance: To collect chat logs from support interactions for quality assurance and training purposes.
• Financial Transactions: To process billing information through Stripe, manage subscriptions, and ensure the security of financial transactions.

5.2 Legal Bases for Processing

We process personal data based on several legal grounds:

• Consent: When you provide explicit consent to process your data for specific purposes, such as receiving newsletters.
• Contractual Necessity: To fulfill our obligations under the user agreement, such as providing access to our platform and services.
• Compliance with Legal Obligations: In instances where we are legally required to process data, such as for tax or financial reporting purposes.
• Legitimate Interests: To improve our services, ensure security, prevent fraud, and enhance user experience, provided these interests are not overridden by your data protection rights.

5.3 Automated Decision Making and Profiling

We use automated decision-making tools primarily for security purposes, such as fraud detection and prevention. These processes are essential for ensuring the integrity of our platform and protecting users from potential threats. Additionally, automated profiling may be used to offer coupons based on user activity. However, we do not use automated methods to suggest content or make other recommendations to users.

By using your personal data in these ways, we aim to provide a secure, efficient, and personalized experience on our platform. We are committed to handling your data responsibly and in compliance with applicable data protection laws.

6. Sharing of Personal Data

We do not share your personal data with third parties for advertising or commercial purposes. The only exceptions are when your data is processed by trusted data storage and service providers who assist us in maintaining the platform's performance.

6.1 Categories of Recipients

The recipients of your personal data include our cloud storage providers, such as Amazon Web Services (AWS), Digital Ocean, Hetzner, and Backblaze. These providers host and store your data on secure, encrypted servers. Importantly, they do not have access to your unencrypted data under any circumstances. Your personal data is only decrypted temporarily during processing or when explicitly requested by you.

We utilize these third-party providers solely for the purpose of securely storing, managing, and backing up your encrypted data. They are bound by strict confidentiality agreements and are prohibited from accessing, sharing, or using your data for any other purpose.

Our cloud providers play a vital role in ensuring the stability, performance, and security of our platform. However, all data shared with them is encrypted both in transit and at rest, meaning that no third party has direct access to your personal data without your consent. We process data on our servers, analyze it to enhance our services, and store it securely, ensuring that it remains private and protected at all times.

We do not share or sell your personal data to third parties for advertising, marketing, or any other commercial purposes. Any interaction with third-party service providers is conducted under strict data protection policies to maintain the confidentiality and security of your information.

6.2 International Data Transfers

Your personal data may be transferred to and stored on servers located outside of your home country as part of the services we provide. Yozzly uses cloud storage providers such as Amazon Web Services (AWS), Backblaze, and Hetzner, which have data centers in different regions. For example, AWS operates worldwide, but Yozzly limits its use to the United States region. Backblaze is primarily based in the United States, while Hetzner has data centers in Germany, Finland, and the United States.

As a result, depending on the specific service or data request, your personal data may be transferred and stored in any of these locations. Yozzly ensures that all such transfers are conducted in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union and the United Kingdom.

To safeguard your personal data during international transfers, we implement appropriate legal safeguards. These may include the use of standard contractual clauses and ensuring that our cloud providers comply with data protection regulations. We also require our providers to maintain robust security practices, ensuring that your data is encrypted and protected at all times, regardless of where it is stored or processed.

By using our services, you acknowledge that your personal data may be transferred to and stored in countries with different data protection laws than your home country. However, Yozzly is committed to ensuring that your data is handled securely and in full compliance with relevant legal requirements.

6.3 Safeguards for Data Transfers

When your personal data is transferred internationally, Yozzly takes all necessary steps to ensure that your data remains secure and protected in accordance with applicable data protection laws. This includes the use of advanced encryption techniques both during transit and at rest, ensuring that your data remains confidential and inaccessible to unauthorized parties.

In addition to encryption, we also implement stringent contractual safeguards with our data processors and third-party service providers. These contracts are designed to ensure that our providers adhere to high standards of data protection and comply with the relevant legal frameworks, such as the General Data Protection Regulation (GDPR) for users in the European Union and the United Kingdom. These agreements include standard contractual clauses and other legal mechanisms to protect your data during cross-border transfers, ensuring that your rights are maintained regardless of where the data is processed.

We also conduct regular audits and assessments of our cloud storage providers and data processors to verify that they are maintaining the necessary safeguards and compliance with our data protection policies. This helps to ensure that any data stored or processed internationally is handled with the utmost care and security.

By implementing these technical, organizational, and legal safeguards, Yozzly aims to protect your personal data from unauthorized access, misuse, or loss, ensuring that all international data transfers comply with data protection regulations and maintain the highest standards of security.

7. Data Retention

Yozzly is committed to retaining personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including providing our services, complying with legal or regulatory obligations, and addressing contractual requirements. Once the data is no longer needed for these purposes, we take immediate steps to securely delete or anonymize it, ensuring that your personal information is not retained longer than necessary.

7.1 How Long We Keep Data

The retention period for your personal data is directly related to the length of your relationship with our platform. As long as you are actively using our services, we will retain your data to support account management, service delivery, and to improve your user experience. If you choose to close your account or request deletion of your data, we will aim to remove most personal data within a reasonable period of time, typically within a few days. However, certain records, such as system logs and backup data, may be retained for up to 30 days to address operational, technical, or legal requirements. After this retention period, all retained data will be permanently deleted or anonymized to ensure it cannot be re-identified.

7.2 Criteria for Determining Retention Periods

The specific retention periods for different categories of personal data are determined based on a combination of factors, including operational needs, legal requirements, and business necessities. For example:

• Operational Needs: We retain personal data related to customer support or transactions for as long as required to ensure service continuity and to address any issues that may arise.
• Legal Requirements: We retain certain data to comply with legal obligations, such as tax or financial reporting laws. This may include retaining billing information and transaction records for a specified period.
• Business Necessities: Retention periods may be extended if required for the resolution of disputes, security purposes, or to enforce our terms and conditions.

Once data is no longer necessary for these reasons, we take active measures to securely erase it from our systems, ensuring it is not retained beyond its useful lifespan. This includes:

• Secure Deletion: Data is permanently deleted from our active systems and backups.
• Anonymization: Where appropriate, data is anonymized so that it can no longer be linked to an individual.

By adhering to these retention practices, Yozzly ensures that personal data is managed responsibly and in compliance with applicable data protection laws.

8. Your Data Protection Rights

Under applicable data protection laws, such as the General Data Protection Regulation (GDPR), you are entitled to a set of rights regarding your personal data. These rights are designed to empower you with greater control over how your data is processed, stored, and shared. Yozzly is committed to facilitating the exercise of these rights and ensuring that you have full access to your data protection entitlements.

8.1 Right to Access, Rectification, Erasure, etc.

• Right to Access: You have the right to request access to the personal data that Yozzly holds about you at any time. This includes information on how your data is being processed, the purposes of processing, and the categories of data involved.
• Right to Rectification: If you believe that any information we hold is inaccurate, outdated, or incomplete, you have the right to request corrections or updates to your data.
• Right to Erasure: You may request the deletion of your personal data, subject to certain legal exceptions or if the data is still necessary for the provision of our services.
• Right to Restrict Processing: You can request to restrict the processing of your data in certain circumstances, such as when the data is no longer needed for the purposes it was collected or when you contest its accuracy.
• Right to Object: You have the right to object to the processing of your data in certain situations, such as for direct marketing purposes.
• Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another data controller where technically feasible.
• Right to Withdraw Consent: If we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

8.2 How to Exercise Your Rights

To exercise your data protection rights, you can contact Yozzly's Data Protection Officer (DPO) at [email protected]. When you make a request, we will work to verify your identity and ensure that the request is legitimate before proceeding with any changes or actions. Yozzly is committed to responding to all requests promptly and within the statutory timeframes as required by applicable laws. Generally, we aim to respond to requests within one month from the receipt of your inquiry. However, in cases where requests are complex or if there are a large number of requests, the response time may be extended by up to two additional months. You will be informed of any such extension, and the reasons for the delay, in accordance with legal requirements.

Please ensure that your request is clear and specific so that we can efficiently process your request. For example, when requesting access, please specify the data you wish to access, and when requesting deletion, ensure you provide the relevant account or service details to help us locate your data. If you feel that your request has not been handled satisfactorily, we encourage you to reach out again, and we will assist you to resolve any concerns.

8.3 Right to Complain to Supervisory Authority

If you believe that your personal data rights have been violated or that Yozzly has not processed your personal data in compliance with data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this authority is the Information Commissioner’s Office (ICO), while in the EU, it is the Data Protection Authority (DPA) in your country of residence.

Before filing a complaint with a supervisory authority, we encourage you to contact us first at [email protected] so that we can attempt to resolve your concerns directly. We take complaints seriously and are committed to resolving any issues you may have. If, after contacting us, you still believe your rights have been infringed upon, you are entitled to escalate the matter to the appropriate regulatory body.

Please note that lodging a complaint with a supervisory authority does not affect your other legal rights or the ability to seek other forms of legal recourse.

By understanding and exercising these rights, you can ensure that your personal data is managed in a way that respects your privacy and complies with applicable data protection laws. Yozzly is dedicated to upholding these rights and providing a transparent and secure environment for all users.

9. Data Security

At Yozzly, we prioritize the security of your personal data and have implemented a range of technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. Our security practices are continually assessed and updated to address new and emerging threats.

9.1 Security Measures in Place

We employ a variety of robust security protocols to safeguard your personal data, including:

• Encryption: We use AES-256 encryption for data stored on our servers (data at rest) and NIST P-256 encryption for data transmitted across networks (data in transit). Additionally, we use RFC7519 JWT tokens to fingerprint some responses when the user may resend that data back. These encryption methods are industry-leading standards that ensure your data is securely encrypted during both storage and transmission, providing an added layer of protection against unauthorized access.
• Access Controls: We implement multi-factor authentication (MFA) to secure access to our systems. Our platform is structured with organizations, workspaces, and teams, where each team has users with specific permissions. Administrators can add or remove permissions for users, ensuring that access is granted only to those who need it.
• Security Audits: We conduct internal security audits every three months and perform tests and audits before any release. These regular assessments help us identify and mitigate potential vulnerabilities.
• Incident Response: In the event of a security incident, we have a comprehensive incident response plan. Our first priority is to fix the issue or contain it to avoid further exposure. We then notify the relevant authorities and affected users, and take steps to ensure the issue does not recur.
• Employee Training: We provide annual security training sessions for all employees who have access to critical areas of our applications. These sessions cover best practices, emerging threats, and our internal security protocols.
• Third-Party Security: We conduct regular assessments of our third-party service providers to ensure they comply with our security standards. We also work with certified third-party providers to maintain high levels of security.

9.2 Data Breach Notification

In the unlikely event of a data breach, where your personal data may have been compromised, Yozzly is committed to notifying affected users promptly. Our data breach notification process includes the following steps:

Contain and Fix the Issue: Our first priority is to fix the issue or contain it to prevent further damage.

Notify Authorities: We will notify the relevant supervisory authorities, such as the Information Commissioner’s Office (ICO) in the UK, in compliance with applicable regulations.

Notify Users: We will notify affected users within 24 hours of discovering the breach, outlining the nature of the breach, the data that may have been affected, and the measures we are taking to contain and resolve the issue. We will also provide recommendations on how you can protect yourself, such as changing passwords or monitoring your accounts for unusual activity.

Prevent Recurrence: We will take steps to ensure that the issue does not recur, including conducting a thorough investigation and implementing additional security measures as needed.

By implementing these technical, organizational, and legal safeguards, Yozzly aims to protect your personal data from unauthorized access, misuse, or loss, ensuring that all data security measures comply with data protection regulations and maintain the highest standards of security.

10. Changes to This Privacy Policy

Yozzly reserves the right to update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. As our services evolve or regulations change, we may need to revise this policy to ensure that it remains up-to-date and compliant with applicable laws, including data protection regulations like the GDPR. Any significant changes to the policy will be clearly communicated to users through email notifications, on our website, or through other appropriate channels.

In addition to notifying users of significant changes, the updated Privacy Policy will be made readily available on our website, with a clearly visible date indicating the most recent version. Users are encouraged to periodically review this policy to stay informed about how their personal data is being handled. Continued use of our services after changes have been made will constitute acceptance of the updated terms. If users do not agree with the revised policy, they may contact us to request further clarification or discontinue use of our services.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please feel free to reach out to us. Our team is available to assist you with any inquiries you may have.

11.1 Data Controller Details

Yozzly LTD, a company registered in the United Kingdom, is the data controller responsible for collecting, processing, and safeguarding your personal data. As the data controller, Yozzly is responsible for ensuring that all data processing activities are compliant with relevant data protection laws and regulations. If you have any concerns regarding how your data is processed or would like more information about our data protection practices, you can contact us directly using the contact details below.

Yozzly LTD's registered office is located in the United Kingdom. For a full address or to reach us by mail, please contact us at our customer service or data protection contact details, which are listed in this section.

11.2 Data Protection Officer Contact

Yozzly has appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with applicable privacy laws. If you have any inquiries related to data protection, privacy, or wish to exercise your rights under this Privacy Policy, you can contact our DPO directly at [email protected]. Our DPO is available to assist you with any questions you may have regarding the handling of your personal data, as well as to guide you through the process of exercising your data protection rights.

12. Children's Privacy

Yozzly’s services are not intended for children under the age of 13, and we do not knowingly collect, process, or store personal data from children. We recognize the importance of protecting the privacy of children, especially in the online environment, and therefore, we implement measures to ensure compliance with laws such as the Children’s Online Privacy Protection Act (COPPA) in the United States and other relevant legal frameworks.

12.1 Age Restrictions

If we learn that we have inadvertently collected personal data from a child under the age of 13, we will take immediate and appropriate actions to delete such data and prevent further collection. We do not seek to collect data from children, and we encourage parents and guardians to supervise their children’s use of our platform to ensure their privacy is maintained. If you believe that we have unknowingly collected data from a child, please contact us at [email protected] so that we can address the issue promptly.

12.2 Parental Consent Requirements

In instances where we may collect data from children over the age of 13 but under the age of 16, we will obtain verifiable parental consent before processing any personal data. We ensure that parental consent is obtained through a clear and transparent process, allowing parents or legal guardians to review the data collection practices and make an informed decision regarding the use of their child’s data. If consent is withdrawn, we will take steps to delete the child's data from our system as promptly as possible.

13. Legal Bases for Processing (for UK/EU Users)

For users in the UK or EU, we process personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities.
• Contractual Necessity: To fulfill our obligations under our agreement with you.
• Legal Obligations: When we are required by law to process certain data.

14. Explanation of Terms

To help clarify the terminology used in this Privacy Policy, we provide the following definitions:

• Personal Data: Any information that can directly or indirectly identify an individual, such as name, email, or IP address.
• We: Refers to Yozzly LTD, the organization responsible for processing your data.
• You: Refers to users of our services and platform.