Information We Collect
We collect information you provide directly and information generated through your use of the platform:
- Account Information: Name, email address, password (hashed), role, and profile details provided during registration.
- Contact & Customer Data: Customer names, phone numbers, email addresses, travel preferences, tags, and interaction history you import or enter into the CRM.
- Communication Data: Content of WhatsApp messages, SMS messages, and email campaigns sent through our platform.
- Social Media Data: OAuth access tokens, account names, profile pictures, and post content for connected social media accounts (Facebook, Instagram, LinkedIn, X/Twitter, TikTok).
- Usage Data: IP address, browser type, pages visited, actions performed within the platform, and timestamps.
- Media Files: Images and videos uploaded for social media posts or campaign content, temporarily stored for processing.
How We Use Your Information
We use the information we collect solely to provide, maintain, and improve our services:
- Authenticate users and manage access control based on roles (SuperAdmin, Admin, Manager, Agent, Staff)
- Display and manage your customer contacts, deals, and sales pipeline
- Send WhatsApp, SMS, and email campaigns to your customers on your behalf
- Publish or draft social media content to platforms you have connected
- Generate AI-assisted content suggestions for social media posts
- Provide analytics and reporting on campaign performance
- Maintain system security and detect fraudulent or abusive activity
- Respond to support requests and communications from you
We do not use your data for advertising, sell it to third parties, or use it to train AI models.
Data Security
We implement industry-standard security measures to protect your data:
- All data is transmitted over HTTPS/TLS encryption
- Passwords are hashed using bcrypt and never stored in plain text
- OAuth tokens are encrypted at rest using AES-256 encryption
- JWT access tokens have a 15-minute expiry; refresh tokens expire after 7 days
- Role-based access control limits data access to authorized users only
- Media files uploaded for posts are stored in isolated cloud storage (Cloudflare R2)
- Database access is restricted to authenticated backend services only
While we take security seriously, no system is completely immune to breaches. In the event of a data breach that affects your information, we will notify you promptly in accordance with applicable laws.
Data Retention
We retain your data only as long as necessary to provide our services:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Customer contacts | Until manually deleted by your team |
| Campaign messages | 24 months from send date |
| Social OAuth tokens | Until account disconnection |
| Uploaded media files | 90 days after post creation |
| Authentication logs | 90 days |
| Deleted account data | 30 days (for recovery), then purged |
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and all associated personal data.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to the processing of your data in certain circumstances.
- Withdraw Consent: Disconnect social media accounts or revoke integrations at any time through the platform settings.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Third-Party Services
Our platform integrates with the following third-party services. We encourage you to review their privacy policies:
Children's Privacy
Cligo is a business platform intended exclusively for professional use by travel agency staff and management. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Display an in-app notification for significant changes
- Send an email notification to account administrators for material changes
Continued use of Cligo after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Cligo CRM
Email: [email protected]
Response time: Within 30 business days
© 2026 Cligo. All rights reserved.
This Privacy Policy was last updated on June 28, 2026.
Social Media Integrations
Cligo connects to social media platforms through their official OAuth 2.0 APIs. When you connect a social account, we collect and store the following solely to operate the integration:
TikTok
Display name, avatar, and open ID via TikTok Login Kit. OAuth access tokens to upload video drafts to your TikTok inbox (video.upload scope) or publish directly (video.publish scope, requires TikTok audit). TikTok data is never shared with third parties.
Facebook
Your name, profile picture, and Page access token for the Facebook Page linked to your account. Used solely to publish posts to your Page.
Instagram
Business account ID, username, and profile picture via the Meta Graph API. Used solely to publish image and video content to your business profile.
LinkedIn
Name, profile picture, and member ID via LinkedIn OAuth. Used solely to publish posts to your personal or company profile.
X (Twitter)
Account ID, name, and profile picture. Used solely to publish posts using pay-per-use API access.