Meedyo Privacy Policy

For the provisions of this privacy policy, the following terms will have the meaning attributed below:

Meedyo: Tool for managing accounts and advertising campaigns on social networks, with access to different features and/or services depending on the subscription plan hired and provided through the website  https://meedyo.com  and/or the application of Meedyo.

Meedyo SOFTWARE: Meedyo owner company and whose data is listed below.

Administrator: Professional or company (Community Managers, Social Media Managers, advertising or digital marketing agencies, etc.) that manages third-party accounts or their own accounts on social networks using Meedyo.

Brand: Natural or legal person who hires the services of the Administrator for the management of their accounts on social networks through Meedyo.

1. Information about the personal data controller

If you register as an Administrator of Meedyo to manage Brand social media accounts, or if you otherwise provide your personal data directly to us, the data controller for your personal data is Meedyo (legal name: [Meedyo Legal Entity Name]), with registered office at [full registered address], [city] – [country], tax/registration ID [e.g., VAT / NIF / Company No.], duly registered in [registry name] under [volume], [folio], [section], [page/number] (the “Meedyo”).

You can contact Meedyo directly at: [support@meedyo.com].

You can contact Meedyo’s Data Protection Officer (DPO).

2. Processing of Personal Data

Meedyo, as the Data Controller, determines the purposes and means of processing your personal data. We process the following categories of data:

 When You Register as an Administrator on Meedyo

1. a) Registration via Email:
   If you sign up using your email address, we will request your email and a password. Your password will be securely stored in encrypted form and used as your login credentials for Meedyo. You will receive a verification email at the address provided to confirm your registration.
2. b) Registration via Social Login:
   You may also register using a social login from a supported social network. In this case, the relevant social network will share with us your email address, profile picture, and name, along with a unique identifier associated with your Meedyo Administrator profile.

You will be required to log into the social network and grant the necessary permissions to Meedyo. These permissions allow our application to access certain features of the social network to provide you with the contracted service, including management of your social media accounts and advertising campaigns.

Examples of permissions may include:

• Managing and viewing ads and related statistics
  
  
• Accessing your account, profile, and published content
  
  
• Managing comments and direct messages
  
  
• Accessing page or account analytics
  
  
• Creating and managing content
  
  

The exact permissions granted will depend on the social network you use to register.

For subscription or paid services, we will additionally collect your first and last name and payment-related details necessary for processing the transaction.

 When You Request Information

If you contact Meedyo to request information, we will collect your name, email address, and telephone number in order to respond to your inquiry.

 When You Leave a Comment on the Meedyo Blog

If you wish to post a comment on our blog, we will request your name and email address to publish and moderate your comment appropriately.

 When You Register for a Webinar

When you sign up for one of our webinars, we will ask for your name and email address to manage your registration and send you the necessary access details.

 When You Join the Affiliate Program

If you request to participate in Meedyo’s affiliate program, we will use your Meedyo user registration data together with the additional information required to process and complete affiliate payments.

3. Purpose of Processing Personal Data and Legal Basis

This section explains why Meedyo processes your personal data as an “Interested Party” — meaning any natural person who provides personal information to Meedyo that directly or indirectly identifies them — as well as the legal grounds that justify such processing.

 Processing of Administrator Data

When you register as an Administrator on Meedyo, we process your data to:

• Deliver the services you have contracted with Meedyo.
• Send you notifications related to the provision of these services.
• Manage billing, invoicing, and payment transactions.

In addition, we may use your data to send you commercial communications about Meedyo’s services, provided you have not objected to receiving them — either at the time of data collection or at any later point.

You may withdraw your consent or object to receiving such communications at any time.

Legal Basis:

• The processing of your data for providing the service, managing payments, and sending service notifications is based on the performance of a contract or pre-contractual measures at your request.
  
  
• The processing of your data for sending marketing communications is based on Meedyo’s legitimate interest in carrying out direct marketing activities, where permitted by law.

 Processing of Contact Data

If you request information through any of Meedyo’s contact channels (such as live chat, contact forms, or email), we will collect identifying information such as your name, email address, and telephone number solely for the purpose of responding to your request.

Legal Basis:

• This processing is carried out under Meedyo’s legitimate interest to respond to user inquiries.
  
  
• If you consent to receive marketing communications (by checking a consent box or taking a clear affirmative action), the processing of your data for this purpose will be based on your explicit, informed, and freely given consent.

 Processing of Data for Blog Comments

If you leave a comment on the Meedyo Blog, we will collect your name, email address, and optionally your website URL. This information is used to moderate and publish your comment, displaying your name but never your email address publicly.

Legal Basis:

• This processing is based on Meedyo’s legitimate interest to publish and moderate comments on its blog.

 Processing of Webinar Registration Data

When you register for a Meedyo-hosted webinar, we process your name and email address to manage your registration and provide access details.

Legal Basis:

• The processing is based on Meedyo’s legitimate interest to fulfill your registration request.
  
  
• If you consent to receive marketing materials during the process, we will process your data on the legal basis of your explicit consent, obtained through a clear affirmative action (e.g., ticking a checkbox).

Processing of Affiliate Program Data

If you apply to join the Meedyo Affiliate Program, we process your registration data and payment information to manage your affiliate status and remit payments.

Legal Basis:

• This processing is based on the performance of a contract or pre-contract to which you, as the Interested Party, are a party.

4. Data Retention Period

Meedyo retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve potential disputes.

Specifically:

• Business Records: Accounting books, invoices, and contracts will generally be kept for 7 years in accordance with IRS and state recordkeeping requirements for tax and audit purposes.
  
  
• Contractual Obligations: Data needed to fulfill a contract or handle potential claims will be retained until the end of the applicable statute of limitations (which varies by state, but typically ranges from 3–6 years for most contract claims).
  
  
• Marketing Data: Contact information used for marketing communications will be kept until you opt out or withdraw consent.
  
  

Once personal data is no longer required for these purposes, Meedyo will delete it securely, using industry-standard methods such as data wiping or shredding, or anonymize/pseudonymize the data so it can no longer be associated with you.

5. Recipients

For the purposes of this Privacy Policy, a “recipient” means any natural person, legal entity, public authority, agency, or service provider to whom personal data is disclosed, whether or not they are considered a third party.

Meedyo may share personal data internally within its affiliated companies and subsidiaries to improve coordination, streamline operations, and enhance customer service, product development, and marketing efforts. Data shared internally may include contact details, user information, billing data, and purchase history. Such sharing is conducted only to the extent necessary for the stated purposes and with appropriate technical and organizational safeguards to prevent unauthorized access, misuse, or disclosure.

Your personal data will not be disclosed to any external third party except where:

• Disclosure is required by law, regulation, or a valid legal process.
  
  
• It is necessary to fulfill the service you have requested (e.g., payment processors).
  
  
• You have provided explicit consent for such disclosure.
  

Data Processors

Meedyo engages trusted service providers (“data processors”) who process personal data on our behalf and in accordance with our instructions. These providers are bound by contractual obligations and security standards to protect your data. Examples of such processors include:

• Cloud hosting and infrastructure providers (for secure data storage and platform hosting)
• Payment processors (for processing transactions securely)
• Fraud prevention and security monitoring services
• CRM and marketing automation platforms (for account management and communications)
• Email/newsletter service providers (for transactional and marketing communications)

Meedyo ensures that all data processors comply with applicable data protection laws and only process data for the purposes authorized by Meedyo.

6. International Data Transfers

“International data transfer” refers to the sharing or storage of personal data outside the country or jurisdiction where it was originally collected.

At present, Meedyo does not transfer personal data to recipients located outside the United States for processing.

All personal data collected by Meedyo is stored on secure servers located within the United States. If international data transfers become necessary in the future (for example, to support global operations or use third-party service providers based abroad), Meedyo will ensure that appropriate safeguards are in place, such as:

• Compliance with applicable U.S. privacy laws and state-level regulations.
  
  
• Execution of contractual agreements with service providers to ensure equivalent levels of data protection.
  
  
• Implementation of industry-standard security measures to prevent unauthorized access or misuse.

7. Your Privacy Rights

As a user, you have several rights regarding your personal data. You may exercise these rights at any time, in accordance with applicable privacy laws:

• Right to Withdraw Consent – If the processing of your data is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  
  
• Right to Access – You have the right to request confirmation of whether Meedyo is processing your personal data and, if so, to access a copy of that data.
  
  
• Right to Correct (Rectification) – You may request that Meedyo correct or update any inaccurate or incomplete personal data.
  
  
• Right to Delete (Erasure) – You may request that your personal data be deleted when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent and no other legal basis applies.
  
  
• Right to Limit Processing – In certain circumstances, you may request that Meedyo restrict the processing of your data, in which case it will only be retained for the establishment, exercise, or defense of legal claims.
  
  
• Right to Object – You may object to the processing of your personal data for reasons related to your particular situation, including objection to direct marketing.
  
  
• Right to Data Portability – Where technically feasible, you may request to receive the personal data you have provided to Meedyo in a structured, commonly used, and machine-readable format and have it transmitted to another organization.
  

How to Exercise Your Rights

You may exercise these rights by contacting Meedyo through any method that provides proof of request and receipt (e.g., email or certified mail). Please clearly indicate which right you are exercising and include sufficient information to verify your identity, such as a copy of a government-issued ID or other identifying details.

Right to File a Complaint

If you believe your privacy rights have been violated under U.S. law, you may contact the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov or, if you are a California resident, file a complaint with the California Privacy Protection Agency (CPPA) at https://cppa.ca.gov 

8. Security of Personal Data

Meedyo implements appropriate technical, administrative, and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These safeguards include secure servers, encryption, access controls, and regular security reviews. While we take reasonable steps to protect your data, no system or method of transmission over the Internet can be guaranteed to be 100% secure.

9. Updating Your Personal Data

To ensure the accuracy and completeness of your information, you may update or correct your personal data at any time by logging into your Meedyo user account or by contacting us directly through the communication channels provided in this policy.

10. Confidentiality

All personal data collected by Meedyo is handled with strict confidentiality. Access to personal information is limited to authorized employees, contractors, and service providers who require the information to fulfill their duties, and they are bound by confidentiality obligations.

11. Cookies and Tracking Technologies

In its mobile application, Meedyo does not use any non-essential cookies or data storage technologies other than those strictly necessary to deliver the requested service and enable basic functionality (e.g., secure login, session management).

On the Meedyo website, cookies are used in accordance with our [Cookies Policy], which provides clear and comprehensive information about the types of cookies used, their purposes, and how you can manage your preferences.

If Meedyo introduces additional cookies or tracking technologies in the future that are not strictly necessary, we will provide clear notice and obtain your consent before enabling them, consistent with applicable privacy laws.

12. Data Processing as a Data Processor

If you have registered as an Administrator in Meedyo to provide social media account management and advertising services for third-party Brands using our platform, Meedyo will act as a Data Processor in accordance with applicable data protection regulations.

In this role, you (the Administrator) act as the Data Controller, as you determine how and why the personal data of the Brand you manage is processed. Meedyo processes that data strictly under your instructions and solely for the purpose of delivering the services you have contracted.

When you register a Brand within Meedyo and connect its social media accounts, you must accept the permissions requested by each social network in order for Meedyo to perform the contracted services.

Once permissions are granted, the respective social networks will allow Meedyo to access:

• Administration of the Brand’s social media accounts.
• Creation, scheduling, and management of posts and other content.
• Viewing and managing comments, direct messages, and community interactions.
• Access to account statistics and analytics.
• Management of ad campaigns and performance data.

This access is limited strictly to enabling Meedyo to provide the contracted services, including performance tracking, social media planning, automated reporting, and the ability to create and manage advertising campaigns from the platform.

To formalize this arrangement, Meedyo’s Terms of Service include clauses defining the relationship between you, as the Data Controller, and Meedyo, as the Data Processor, in compliance with applicable data protection laws.

Purpose of the Processing

By using Meedyo’s services, you authorize Meedyo to process, on your behalf, the personal data necessary to deliver the contracted services. These services consist of the management of social media accounts and online advertising activities for the Brands you administer.

This processing includes access to personal data associated with the Brand’s contacts on the social networks connected to Meedyo, solely for the purpose of enabling the functionality of the platform and fulfilling your instructions.

Identification of the Data Processed

To deliver the contracted services, you, as the Administrator, provide Meedyo with access to personal data belonging to the Brand’s contacts on the connected social media accounts. This may include user names, profile information, interaction data, messaging content (where permissions are granted), and campaign performance metrics, depending on the permissions granted by the relevant platform.

 Duration of Processing

Meedyo will retain access to the Brand’s personal data only for as long as the Brand’s subscription or service agreement remains active. Once the contract ends, Meedyo will permanently delete or anonymize the data collected through the platform, unless a longer retention period is required by applicable law or necessary for the defense of legal claims.

 Meedyo’s Obligations as Data Processor

Meedyo, including all personnel and subcontractors acting under its authority, agrees to:

1. Purpose Limitation
   Use the personal data exclusively to deliver the contracted services and for no other purpose.
2. Follow Administrator Instructions
   Process data strictly according to the Administrator’s instructions and the features enabled in the Meedyo platform. If Meedyo reasonably believes that an instruction violates applicable data protection law, it will promptly notify the Administrator.
3. Maintain Processing Records
   Keep written records of all categories of processing activities carried out on behalf of the Administrator, including:

• The name and contact information of Meedyo and the Administrator(s) it serves.
  
  
• The types of processing activities performed.
  
  
• Any international transfers, including the country or international organization involved and applicable safeguards.
  
  
• A description of the technical and organizational measures in place to ensure data security, such as:
  
  
  1. Encryption and pseudonymization of personal data.
     
     
  2. Measures to ensure ongoing confidentiality, integrity, availability, and resilience of systems.
     
     
  3. Disaster recovery and data restoration procedures.
     
     
  4. Regular testing, assessment, and evaluation of security controls.
     
     

1. Restrictions on Disclosure
   Not disclose personal data to any third party without prior written authorization from the Administrator, unless legally required. Meedyo may share data with other authorized processors acting under the Administrator’s instructions, with advance written notice of the recipient, data shared, and applied safeguards.
2. Subprocessors
   The Administrator grants Meedyo a general authorization to engage subprocessors as necessary. Meedyo will impose the same contractual obligations on subprocessors as outlined in this agreement, including security and confidentiality requirements. Meedyo remains fully liable to the Administrator for any subprocessor’s non-compliance.
3. Duty of Confidentiality
   Maintain strict confidentiality regarding personal data, even after the termination of the agreement.
4. Personnel Authorization & Training
   Ensure that all persons authorized to process personal data have committed to confidentiality in writing, received appropriate training in data protection, and follow the required security protocols.
5. Cooperation with Data Subject Rights
   Assist the Administrator, where technically feasible, in responding to data subject requests (e.g., access, rectification, deletion, restriction, portability, and objection) and in fulfilling any legal obligations regarding automated decision-making or profiling.
6. Security Incident Notification
   Notify the Administrator without undue delay, and no later than 72 hours after becoming aware of a personal data breach, providing all relevant information to enable documentation, notification to affected parties (if required), and mitigation of the incident.

If a personal data breach occurs, Meedyo will provide, at minimum and where available, the following information to the Administrator:

1. a) A description of the nature of the breach, including, where possible:

• The categories and approximate number of affected individuals.
  
  
• The categories and approximate number of personal data records impacted.
  
  

1. b) The name and contact details of Meedyo’s Data Protection Officer (or another appropriate contact person) who can provide further information.
2. c) A description of the likely or potential consequences resulting from the breach.
3. d) A description of the measures taken or proposed to address the breach, including any steps implemented to mitigate potential adverse effects.

If all of the information cannot be provided at once, Meedyo will share the details in phases, without undue delay, as they become available.

Responsibilities of the Administrator

It is the Administrator’s responsibility to notify the relevant Data Protection Authority and the affected individuals when the breach is likely to result in a high risk to the rights and freedoms of natural persons.

Cooperation and Compliance

Meedyo will:

• Support the Administrator in carrying out prior consultations with supervisory authorities when necessary.
  
  
• Provide the Administrator with all documentation needed to demonstrate compliance with data protection obligations.
  
  
• Cooperate with audits or inspections conducted by the Administrator or an authorized auditor.
  
  

Security Measures

Meedyo will implement and maintain mechanisms designed to:

• Guarantee the confidentiality, integrity, availability, and ongoing resilience of processing systems and services.
  
  
• Quickly restore access and availability to personal data in the event of a physical or technical incident.
  
  
• Regularly verify, assess, and evaluate the effectiveness of technical and organizational security measures.
  
  
• Apply pseudonymization and encryption of personal data, where appropriate.
  

Post-Service Data Handling

Upon completion of the contracted services, Meedyo will:

• Cease all access to the Administrator’s personal data.
  
  
• Return the personal data and any associated media to the Administrator or securely delete it from Meedyo’s systems.
  
  
• Permanently erase data from all computer equipment used in the provision of services, unless retention is legally required.
  
  
• If a copy must be retained, it will be securely blocked and inaccessible, kept only for as long as necessary to address potential legal or contractual obligations arising from the service.

12.5. Obligations of the Administrator

The Administrator agrees to fulfill the following responsibilities when using Meedyo’s services:

1. Provide Required Data:
   Supply Meedyo with all necessary data and information required to deliver the contracted services.
   
   
2. Inform Data Subjects:
   Ensure that individuals whose data is collected on behalf of the Brand (e.g., social media contacts, users) are properly informed of how their data will be processed, in compliance with applicable privacy laws.
   
   
3. Conduct Privacy Impact Assessments:
   Where required, perform a Data Protection Impact Assessment (DPIA) for the processing activities that Meedyo will carry out, and conduct any necessary prior consultations with the relevant supervisory authority.
   
   
4. Ensure Legal Compliance:
   Verify, prior to and during the processing, that Meedyo’s data processing activities comply with all applicable data protection regulations.
   
   
5. Supervise and Audit:
   Oversee the processing activities carried out by Meedyo, including performing inspections or audits (directly or through authorized auditors) to ensure compliance with this agreement and applicable law.