Privacy Policy

1. Introduction

Kanvro (Pty) Ltd ("Kanvro", "we", "us", or "our") operates the Kanvro platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable data protection legislation.

2. Information We Collect

2.1 Account Information

When you register for the Service, we collect your name, email address, and password. If you are invited to join an agency team, we also associate your account with that agency.

2.2 Social Media Data

When you connect Facebook, Instagram, or LinkedIn accounts through our OAuth integration, we access and store social media metrics including page followers, post engagement, impressions, reach, and post content. This data is fetched from the Meta Graph API and LinkedIn REST API using tokens you authorise. We do not post, modify, or delete content on your social media accounts.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages viewed, features used, and timestamps. This data helps us improve the platform.

2.4 Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

3. How We Use Your Information

• To provide, operate, and maintain the Service
• To authenticate your identity and manage your account
• To fetch, process, and display social media analytics on your dashboard
• To send transactional emails (password resets, team invitations)
• To monitor system health and ensure service reliability
• To comply with legal obligations

4. Data Storage and Security

Your data is stored in Google Cloud Firestore. Social media access tokens are encrypted using AES-256 encryption at rest. We implement industry-standard security measures including Firebase Authentication, role-based access control (RBAC), and Firestore security rules to protect your data.

Our infrastructure is hosted on Google Cloud Platform in the us-central1 region. While our servers are located in the United States, we take appropriate measures to ensure your data is protected in accordance with POPIA requirements for cross-border transfers.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data with:

• Service providers: Google Cloud Platform (hosting), SendGrid (transactional email)
• Agency administrators: If you are a team member or client user, your agency administrator can view your profile information and dashboard access
• Legal requirements: When required by law, regulation, or legal process

6. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

• Access your personal information held by us
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Object to the processing of your personal information
• Withdraw consent for processing
• Lodge a complaint with the Information Regulator

7. Social Media Platform Compliance

We comply with Meta's Platform Terms and LinkedIn's API Terms of Use. You can disconnect your social media accounts at any time through the Service, which revokes our access to your social media data. We also support Meta's data deletion callback, allowing you to request deletion of all data obtained through the Meta integration.

8. Data Retention

We retain your account data for as long as your account is active. Social media metrics are retained according to your subscription tier (90 days to unlimited). When you disconnect a platform or close your account, associated data is deleted within 30 days. System logs are retained for 90 days for operational purposes.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights under POPIA, please contact us at: