Privacy Policy

We are committed to protecting your privacy and handling your data with transparency and care.

Last updated: June 28, 2026

This Privacy Policy describes how Cligo ("we", "us", or "our") — a Customer Relationship Management platform built for travel agencies — collects, uses, stores, and protects information when you use our services. By accessing or using Cligo, you agree to the practices described in this policy.

Information We Collect

We collect information you provide directly and information generated through your use of the platform:

  • Account Information: Name, email address, password (hashed), role, and profile details provided during registration.
  • Contact & Customer Data: Customer names, phone numbers, email addresses, travel preferences, tags, and interaction history you import or enter into the CRM.
  • Communication Data: Content of WhatsApp messages, SMS messages, and email campaigns sent through our platform.
  • Social Media Data: OAuth access tokens, account names, profile pictures, and post content for connected social media accounts (Facebook, Instagram, LinkedIn, X/Twitter, TikTok).
  • Usage Data: IP address, browser type, pages visited, actions performed within the platform, and timestamps.
  • Media Files: Images and videos uploaded for social media posts or campaign content, temporarily stored for processing.

How We Use Your Information

We use the information we collect solely to provide, maintain, and improve our services:

  • Authenticate users and manage access control based on roles (SuperAdmin, Admin, Manager, Agent, Staff)
  • Display and manage your customer contacts, deals, and sales pipeline
  • Send WhatsApp, SMS, and email campaigns to your customers on your behalf
  • Publish or draft social media content to platforms you have connected
  • Generate AI-assisted content suggestions for social media posts
  • Provide analytics and reporting on campaign performance
  • Maintain system security and detect fraudulent or abusive activity
  • Respond to support requests and communications from you

We do not use your data for advertising, sell it to third parties, or use it to train AI models.

Social Media Integrations

Cligo connects to social media platforms through their official OAuth 2.0 APIs. When you connect a social account, we collect and store the following solely to operate the integration:

TikTok

Display name, avatar, and open ID via TikTok Login Kit. OAuth access tokens to upload video drafts to your TikTok inbox (video.upload scope) or publish directly (video.publish scope, requires TikTok audit). TikTok data is never shared with third parties.

Facebook

Your name, profile picture, and Page access token for the Facebook Page linked to your account. Used solely to publish posts to your Page.

Instagram

Business account ID, username, and profile picture via the Meta Graph API. Used solely to publish image and video content to your business profile.

LinkedIn

Name, profile picture, and member ID via LinkedIn OAuth. Used solely to publish posts to your personal or company profile.

X (Twitter)

Account ID, name, and profile picture. Used solely to publish posts using pay-per-use API access.

All OAuth tokens are stored encrypted on our servers and are never exposed to the client browser. You can disconnect any social account at any time from the Social Media Accounts page, which immediately revokes and deletes all stored tokens for that platform.

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

    Service Providers

    We use trusted infrastructure providers (MongoDB Atlas for database, Cloudflare R2 for media storage, Redis for queuing). These providers process data only as necessary to deliver services and are bound by data protection agreements.

    Communication APIs

    Messages you send through the platform are routed through Meta (WhatsApp Business API), Twilio (SMS), and Mailchimp/Mandrill (email). These providers handle message delivery only.

    AI Content Generation

    When you use AI content suggestions, your post content and prompts are sent to Anthropic's Claude API solely to generate suggestions. Anthropic does not train models on your data through API usage.

    Legal Requirements

    We may disclose information if required by law, court order, or to protect the safety and rights of our users or the public.

    Business Transfer

    In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you before this occurs.

Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • Passwords are hashed using bcrypt and never stored in plain text
  • OAuth tokens are encrypted at rest using AES-256 encryption
  • JWT access tokens have a 15-minute expiry; refresh tokens expire after 7 days
  • Role-based access control limits data access to authorized users only
  • Media files uploaded for posts are stored in isolated cloud storage (Cloudflare R2)
  • Database access is restricted to authenticated backend services only

While we take security seriously, no system is completely immune to breaches. In the event of a data breach that affects your information, we will notify you promptly in accordance with applicable laws.

Data Retention

We retain your data only as long as necessary to provide our services:

Data TypeRetention Period
Account dataUntil account deletion
Customer contactsUntil manually deleted by your team
Campaign messages24 months from send date
Social OAuth tokensUntil account disconnection
Uploaded media files90 days after post creation
Authentication logs90 days
Deleted account data30 days (for recovery), then purged

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and all associated personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to the processing of your data in certain circumstances.
  • Withdraw Consent: Disconnect social media accounts or revoke integrations at any time through the platform settings.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Cookies & Tracking

Cligo uses minimal, strictly necessary cookies:

  • Authentication cookies to maintain your logged-in session (httpOnly, secure, 7-day expiry)
  • No advertising or tracking cookies are used
  • No third-party analytics scripts (e.g. Google Analytics) are embedded in the application
  • We do not use fingerprinting or cross-site tracking techniques

Third-Party Services

Our platform integrates with the following third-party services. We encourage you to review their privacy policies:

Meta (Facebook, Instagram & WhatsApp)
TikTok
LinkedIn
X (Twitter)

Children's Privacy

Cligo is a business platform intended exclusively for professional use by travel agency staff and management. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Display an in-app notification for significant changes
  • Send an email notification to account administrators for material changes

Continued use of Cligo after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Cligo CRM

Email: [email protected]

Response time: Within 30 business days

© 2026 Cligo. All rights reserved.

This Privacy Policy was last updated on June 28, 2026.