Privacy Policy

1. Introduction

Klixsor ("Company", "we", "us", "our") respects your privacy and is committed to protecting the personal data of our customers and website visitors. This Privacy Policy explains what information we collect, how we use it, your rights regarding your data, and how we comply with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection legislation.

By using our website (klixsor.com), purchasing our software, or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Account Information

• Name, email address, and login credentials when you create an account
• Billing address and payment information (processed by Stripe and PayPal; we do not store full credit card numbers)
• License key and subscription details

2.2 Usage Data

• Server IP address associated with your license (for license validation only)
• Software version and plan type
• License heartbeat data (timestamp, version, status)

2.3 Website Analytics

• We use privacy-focused analytics (Umami) on our website, which collects anonymized, aggregate data such as page views, referrer, country, device type, and browser. No cookies are used for analytics. No personally identifiable information is collected.

2.4 Communications

• Email correspondence when you contact support
• Any information you voluntarily provide in support tickets

2.5 Data We Do NOT Collect

Klixsor is self-hosted software. All click data, conversion data, visitor data, campaign configurations, and analytics processed by the software reside on your server. We have no access to, do not collect, do not process, and do not store any of your end-user traffic data, visitor IP addresses, click logs, conversion records, or campaign data. Your data stays on your infrastructure.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain our services — Process your subscription, deliver software updates, and validate your license
• Process payments — Charge subscription fees via our payment processors (Stripe, PayPal)
• Communicate with you — Respond to support requests, send important service notices, and provide update notifications
• Improve our services — Analyze aggregated, anonymized website usage data to improve our website and documentation
• Prevent fraud and abuse — Detect unauthorized license usage, enforce our Terms of Service, and protect against abuse
• Legal compliance — Comply with applicable laws, regulations, legal processes, or governmental requests

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data for profiling or automated decision-making.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

• Contract performance — Processing necessary to fulfill our obligations under your subscription agreement (Article 6(1)(b) GDPR)
• Legitimate interests — Processing necessary for our legitimate business interests, such as fraud prevention, service improvement, and security (Article 6(1)(f) GDPR)
• Legal obligation — Processing required to comply with applicable laws (Article 6(1)(c) GDPR)
• Consent — Where you have given explicit consent for specific processing activities (Article 6(1)(a) GDPR)

5. Data Sharing and Third Parties

We share personal data only with the following categories of recipients, and only to the extent necessary:

• Payment processors — Stripe, Inc. and PayPal Holdings, Inc. process your payment information. Their privacy policies govern the handling of your payment data.
• Infrastructure providers — We use cloud hosting services to run our website and license server. These providers process data on our behalf under data processing agreements.
• Legal authorities — We may disclose information if required by law, subpoena, court order, or governmental regulation.

We do not sell personal data to any third party. We do not share data with advertising networks, data brokers, or analytics companies.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

7. Data Retention

• Account data — Retained for the duration of your active subscription plus 12 months after cancellation for billing and legal purposes
• Payment records — Retained as required by applicable tax and accounting laws (typically 7 years)
• Support communications — Retained for 24 months after last contact
• License validation logs — Retained for 30 days for security and fraud prevention
• Website analytics — Anonymized and aggregated; no personal data retained

We delete or anonymize personal data when the retention period expires or when data is no longer necessary for the purposes for which it was collected.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 Rights Under GDPR (EEA, UK, Switzerland)

• Right of access — Request a copy of the personal data we hold about you
• Right to rectification — Request correction of inaccurate or incomplete data
• Right to erasure — Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing — Request limitation of how we process your data
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interests
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint — File a complaint with your local data protection authority

8.2 Rights Under CCPA/CPRA (California Residents)

• Right to know — Request disclosure of the categories and specific pieces of personal information we collect
• Right to delete — Request deletion of your personal information
• Right to correct — Request correction of inaccurate personal information
• Right to opt-out of sale/sharing — We do not sell or share personal information for cross-context behavioral advertising
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at privacy@klixsor.com. We will respond within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

Our website (klixsor.com) uses:

• Essential cookies — Required for payment processing and checkout functionality (set by Stripe/PayPal)
• Analytics — We use Umami, a privacy-focused analytics tool that does not use cookies, does not collect personal data, and is GDPR-compliant by design

We do not use tracking cookies, advertising cookies, retargeting pixels, or any third-party tracking scripts beyond what is described above.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Access controls and authentication for internal systems
• Regular security reviews of our infrastructure
• Payment data handled exclusively by PCI DSS-compliant processors (Stripe, PayPal)

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with personal data, please contact us at privacy@klixsor.com.

12. Your Responsibilities as a Data Controller

When you use Klixsor software to process end-user traffic data (click data, visitor IP addresses, device information, etc.), you are the data controller for that data under applicable data protection law. You are responsible for:

• Complying with GDPR, CCPA, and other applicable privacy regulations in your jurisdiction
• Providing appropriate privacy notices to your end users
• Obtaining necessary consent where required
• Implementing appropriate data retention and deletion policies
• Responding to data subject access requests from your end users
• Ensuring the security of data stored on your server

We provide the software tool; you control the data. We do not act as a data processor for your end-user data because that data never leaves your server.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated via email or a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, contact us at:

Privacy inquiries: privacy@klixsor.com
General support: support@klixsor.com
Website: klixsor.com