Privacy Policy

01 Introduction

Kylix Agent is an AI-powered messaging automation platform operated by Aivo Solutions LLC ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service, which integrates with your Instagram Business account and Facebook Page via Meta's Graph API to automate customer messaging.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

02 Information We Collect

When you use the Service, we may collect the following categories of data:

• Account Identifiers: Instagram account IDs, Instagram Page IDs, and Facebook Page IDs associated with the accounts you connect to the Service.
• API Access Tokens: OAuth access tokens issued by Meta to authenticate and authorize the Service to act on your behalf. These tokens are encrypted at rest.
• Message Content: The content of Instagram Direct Messages and Facebook Messenger conversations processed by your AI agent, including messages sent and received through the connected accounts.
• Webhook Logs: Event data delivered to us by Meta's Messaging API, including message metadata such as timestamps, message IDs, and sender/recipient identifiers.
• Usage Data: Information about how you use the Service, including conversation volume, feature interactions, response performance metrics, and error logs.
• Account Information: Your email address, billing details, and any other information you provide when creating or managing your account.
• Brand Documents: Documents or content you upload to configure your AI agent, such as product descriptions, FAQs, and brand guidelines.

03 How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including generating AI responses to customer messages on your behalf.
• To authenticate with Meta's API and perform messaging actions authorized by you.
• To monitor Service performance, diagnose technical issues, and improve reliability.
• To communicate with you about your account, Service updates, and support requests.
• To process payments and manage billing.
• To comply with applicable legal obligations.

We do not sell, rent, or trade your personal information or your customers' message data to any third party. We do not use message content for advertising, marketing profiling, building third-party datasets, or training general-purpose AI models beyond what is required to operate your specific agent.

04 Meta & Instagram API Data

Our Service accesses Instagram and Facebook account data through Meta's Graph API under the following conditions:

• Access tokens are used solely to send and receive messages, retrieve user profiles relevant to active conversations, and manage webhook subscriptions on your behalf.
• Message content retrieved via the API is processed only to generate AI-driven responses and is not used for any other purpose.
• We do not use Meta platform data to build user profiles for advertising, cross-context behavioral tracking, or any purpose that violates Meta's Platform Policy.
• We do not transfer data obtained through Meta APIs to any third party except as described in this policy and as permitted by Meta's terms.
• Your use of the Service is also governed by Meta's Terms of Service and Meta's Privacy Policy.

05 Third-Party Services and Sharing

We share data only to the extent necessary to provide the Service:

• Vercel (Infrastructure): Our Service is hosted on Vercel's cloud platform. Vercel may process certain data as part of infrastructure operations, subject to Vercel's Privacy Policy.
• Meta Platforms, Inc.: We communicate with Meta's Graph API to deliver messaging functionality. Data is transmitted to Meta's systems in accordance with Meta's Platform Terms.
• Payment Processors: Billing and payment information is handled by our payment processor and is not stored on our systems.

We do not sell personal data to any third parties. We do not share message content with advertising networks, data brokers, or any party not listed above.

06 Data Retention

• Message Logs & Webhook Events: Retained for 90 days from the date of creation. After 90 days, these records are permanently and irreversibly deleted from our systems.
• Access Tokens: Stored only while your account is active and the connected accounts remain authorized. Revoking access through Facebook Settings or deleting your account immediately invalidates and removes the stored token.
• Account Information: Retained for the duration of your account, and for up to 12 months following account closure to fulfill legal and billing obligations, unless a shorter period is required.
• Brand Documents: Retained until you delete them or close your account.

07 Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to request correction of inaccurate or incomplete personal data.
• Deletion: The right to request deletion of your personal data. See our Data Deletion page for instructions.
• Restriction: The right to request that we restrict processing of your personal data in certain circumstances.
• Portability: The right to receive your personal data in a structured, machine-readable format.
• Objection: The right to object to processing based on legitimate interests.

To exercise any of these rights, contact us at kylixagent@gmail.com. We will respond within 30 days of receiving your request.

08 Children's Privacy

The Service is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at kylixagent@gmail.com and we will take prompt steps to delete such information from our systems.

09 Security

We implement commercially reasonable technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Access tokens are encrypted at rest. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or through the Service. Your continued use of the Service after any changes become effective constitutes your acceptance of the updated policy.