Terms and Conditions
General Terms and Conditions and Data Processing Agreement (DPA) Effective from: 20. února 2026
PART A: GENERAL TERMS AND CONDITIONS (T&C)
1. Introductory Provisions and Nature of the Service
1.1. Provider: The operator and provider of the Klidly platform is the company Content Makers s.r.o., Reg. No.: 07649517, VAT ID: CZ07649517, with its registered office at Nádražní 879/27, Moravská Ostrava, 702 00 Ostrava, Czech Republic, registered in the Commercial Register (hereinafter the 'Provider').
1.2. Client: The Service is intended exclusively for entrepreneurs and legal entities (B2B sector). A natural or legal person who registers an organization on the Klidly platform enters into a Service Agreement with the Provider (hereinafter the 'Client'). Consumer protection law provisions do not apply to this contractual relationship.
1.3. Service: The Klidly platform is a cloud-based B2B SaaS (Software-as-a-Service) solution for modern human resource management, including specifically personnel file management, performance evaluation (1-on-1 meetings, OKR), satisfaction surveys (eNPS), absence management, Skills Matrix, gamification, and corporate knowledge base (hereinafter the 'Service').
2. User Account and Security
2.1. The Service Agreement is concluded electronically at the moment of successful registration (creation of an organization/tenant) by the Client on the klidly.com website and acceptance of these T&C.
2.2. User Management: The Client (through Super Admin / Admin roles) bears full and exclusive responsibility for creating accounts for their employees or collaborators (hereinafter 'Users'), assigning permission levels (RBAC), and for all activities carried out by its Users within the Service.
2.3. Password Security: The Client and its Users are obliged to protect their login details. The Provider bears no responsibility for misuse of a user account, unauthorized deletion of data, or leakage of information caused by compromise of access details on the Client's part (e.g., weak password, phishing, account sharing).
3. Data Ownership and Rights of Use
3.1. Client Data Ownership: All data, files, documents, meeting records, evaluations, and personal data that the Client or its Users upload to the Service (hereinafter 'Client Data') remain in the exclusive ownership of the Client. The Provider does not acquire any ownership rights to Client Data and will not use it for purposes other than the technical provision of the Service to the Client.
3.2. Provider's Intellectual Property: The Provider is the exclusive owner of the Service, its source code, design, UI/UX elements, know-how, and database architecture. The Client acquires a non-transferable, non-exclusive, and time-limited license to use the Service for its internal business purposes for the duration of the Agreement.
4. Artificial Intelligence (KlidlyAI) and Third-Party Integrations
4.1. KlidlyAI: The Service includes optional features powered by artificial intelligence (e.g., 1-on-1 meeting summaries, AI assistant over the knowledge base, OKR generator, skills profiling).
4.2. Data Protection from AI Training: For the KlidlyAI module, the Provider exclusively uses enterprise (Enterprise/API) solutions from reputable third parties (e.g., OpenAI, Anthropic), where a Zero Data Retention for Training policy is contractually guaranteed. Client Data is not and will never be used by these providers to train their public AI models.
4.3. BYOK (Bring Your Own Key) Mode: If the Client decides to insert their own API key from a third-party provider into the system for AI use, they do so entirely at their own responsibility. In such a case, the Provider bears no responsibility for token consumption, third-party billing, or security and privacy settings on the part of the Client's API key.
4.4. AI Limitations and Ban on Automated Decision-Making: Outputs generated by the KlidlyAI module are of a purely advisory, analytical, and assistive nature. The Client acknowledges that AI systems work on a probability basis and may generate inaccurate, incomplete, or misleading information (so-called hallucinations). The Service does not perform any automated decisions with legal or similar effects for employees (within the meaning of Art. 22 GDPR). Any labor law steps (e.g., promotion, dismissal, salary changes, asset allocation) must always be assessed and taken by a human representative of the Client. The Provider bears no responsibility for damages or labor law disputes arising from reliance on KlidlyAI outputs.
4.5. Third-Party Integrations: The Service allows connection with third-party systems (e.g., Slack, MS Teams, iCal feed). The Provider does not guarantee the availability, security, and outages of these external services.
5. Payment Terms and Tariffs
5.1. Price List and Tariffs: The Service is provided in versions defined by the current Price List available on the klidly.com website (Free, Business, Enterprise). All listed prices for paid tariffs are excluding VAT, which will be added at the statutory rate.
5.2. Free Tariff (Free): Use of the Service is permanently completely free for organizations with a maximum of five (5) active user accounts (personnel cards).
5.3. Paid Tariffs: If the Client exceeds the limit of 5 active users or activates features reserved for higher tariffs (Business, Enterprise), the Service switches to a paid mode. In such a case, the fee automatically depends on the highest number of active user accounts registered in the Client's organization in a given billing period.
5.4. Maturity and Default: The billing period for paid tariffs is standardly monthly (or yearly, if so agreed). Invoices are due 14 days from their issuance. In case of the Client's default on payment for more than 14 days, the Provider is entitled to restrict the Client's access to Service functions (e.g., to read-only mode). After 30 days of default, the account may be temporarily suspended or canceled.
6. Availability Guarantee (SLA) and Limitation of Liability for Damage
6.1. SLA (Service Level Agreement): The Provider makes maximum commercially reasonable efforts to ensure the availability of the Service is at least 99.5% of the time in a calendar month. This time does not include planned maintenance outages (about which the Client is informed in advance) and force majeure events (e.g., backbone internet network outages, cyberattacks, outages of cloud infrastructure sub-suppliers).
6.2. Exclusion of Liability for Content: The Service is provided 'as is'. The Provider bears no responsibility for the procedural, accounting, or labor law correctness of the HR agenda managed by the Client in the Service (e.g., legitimacy of absence approval, correctness of internal directives). The Service does not replace professional HR or legal advice.
6.3. Exclusion of Indirect Damages: To the maximum extent permitted by law, the Provider is not liable for any lost profit of the Client, damage to reputation, loss of business opportunities, third-party claims, or loss of data resulting from an error on the Client's part (e.g., unintentional deletion of a user by an administrator).
6.4. Financial Liability Limit (Liability Cap): Any potential liability of the Provider for proven direct material damage incurred by the Client in connection with the use of the Service is limited to a maximum amount equal to the sum of fees (excluding VAT) that the Client demonstrably paid to the Provider for the Service for the last twelve (12) months immediately preceding the occurrence of the event that caused the damage. For the free tariff (Free for max. 5 users), liability for damage on the part of the Provider is completely excluded.
7. Duration of Agreement, Termination and Data Deletion
7.1. The Agreement is concluded for an indefinite period.
7.2. Termination (Off-boarding): The Client (in the role of Super Admin) can terminate the provision of the Service at any time by canceling the organization (Organization Deletion) in the application settings. Cancellation of the subscription will become effective upon expiry of the already paid billing period. Paid fees are not refundable.
7.3. Data Export: The Client has the option to export its data from the Service in standard available formats at any time before canceling the account.
7.4. Permanent Data Deletion: The Provider undertakes that no later than thirty (30) days from the complete cancellation of the organization, it will carry out an irreversible and permanent deletion of all Client Data (including all personal data of Users and uploaded files) from its production databases, except for data that the law requires to be further retained (e.g., billing and accounting history).
8. Final Provisions
8.1. These T&C and the legal relationships arising from them are governed by the laws of the Czech Republic. Potential disputes will be resolved at the materially and locally competent court of the Czech Republic according to the Provider's registered office.
8.2. The Provider is entitled to unilaterally change these T&C and DPA to a reasonable extent (e.g., due to legislative changes or the addition of new Service modules). The Client will be informed of a change via email or in-app notification at least 14 days before the changes take effect. If the Client does not agree with the changes, they have the right to terminate the Agreement. By continuing to use the Service after the effective date, the Client expresses consent to the changes.
PART B: DATA PROCESSING AGREEMENT (DPA)
This part constitutes a Data Processing Agreement within the meaning of Art. 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council (the 'GDPR'). By clicking consent to the T&C during registration, both parties electronically conclude this agreement.
1. Status of the Contracting Parties
Given the nature of the Service (HR platform), the Client inserts into the system the personal data of its employees, applicants, and collaborators. In this contractual relationship, the Client acts as the Data Controller and the Provider (Content Makers s.r.o.) as the Data Processor.
2. Subject, Purpose and Duration of Processing
2.1. The Processor processes personal data exclusively for the purpose of providing, technological operation, maintenance, and support of the Klidly Service, in accordance with the functions that the Controller actively uses in the application.
2.2. Processing takes place exclusively based on documented instructions from the Controller. An interaction of the Controller and its Users with the application interface and its modules (e.g., saving data to a personnel card, starting text analysis via KlidlyAI, approving absence in the calendar) is considered such an instruction.
2.3. Processing lasts for the duration of the existence of the Controller's user account (organization) on the platform and subsequently for the necessary technical time for permanent data deletion (max. 30 days after account cancellation).
3. Nature and Category of Processed Data
Depending on the extent of Service use, the Controller may insert the following categories of data about subjects (employees, contractors, alumni) into the system:
- Basic identification and contact data: First name, surname, work email, phone, date of birth, photo/avatar, job position, department, assigned assets (Assets).
- Work and performance data: Performance evaluation (OKR, goals), records of 1-on-1 meetings and feedback texts, skills matrix (Skills Matrix), praise (Kudos), collected rewards (Coins), responses from eNPS (Pulse) satisfaction surveys, onboarding checklists.
- Data on absences and attendance: Records in the absence calendar (vacation, home-office). If the Controller uses records of obstacles to work for health reasons (e.g., Illness, Sick days), these records may take on the nature of a special category of personal data (data concerning health) within the meaning of Art. 9 GDPR. The Processor does not evaluate these records medically in any way; they serve only as a system record in the calendar for the Controller's registration needs.
4. Rights and Obligations of the Controller (Client)
4.1. The Controller bears full and exclusive responsibility for having a valid legal title (e.g., performance of a work contract, legitimate interest, fulfillment of a legal obligation, or data subject's consent) for uploading personal data into the Service and for their potential processing by the KlidlyAI module.
4.2. The Controller is obliged to fulfill the information duty (pursuant to Art. 13 and 14 GDPR) towards its employees that it uses the Klidly cloud platform to record and analyze their HR data.
5. Obligations of the Processor and Data Security
5.1. The Processor undertakes to maintain strict confidentiality about all processed personal data and to ensure that all persons who come into contact with the data on its side (employees and developers) also commit to confidentiality.
5.2. The Processor declares that it has implemented and maintains appropriate technical and organizational measures to ensure a high level of data security (Art. 32 GDPR). These measures specifically include:
• Data encryption at rest (Data-at-Rest) and data in transit over the network (HTTPS/TLS).
• Logical isolation of client data at the database level (Tenant isolation).
• Securing access with a system of roles and permissions (Role-Based Access Control).
• Regular automated database backup to prevent data loss.
• Secure one-way hashing of user access passwords.
6. Involvement of other Processors (Sub-processors)
6.1. The Controller hereby grants general permission to the Processor to involve other processors (Sub-processors) who ensure the necessary technological operation of the Service.
6.2. These are verified infrastructure and service providers, primarily: Cloud hosting and database providers with preferred data storage within the European Economic Area (e.g., AWS, Vercel, Supabase), AI model providers via corporate API (e.g., OpenAI, Anthropic), transactional email infrastructure providers, and certified payment gateways.
6.3. The Processor undertakes to conclude contracts with its sub-processors ensuring at least the same level of data protection as guaranteed by this DPA. If the Processor plans to add a new category of sub-processor, it will inform the Controller (e.g., by adjusting T&C/DPA), and the Controller has the right to raise a legitimate objection to such a change.
7. Cooperation and Reporting of Security Incidents
7.1. If a breach of personal data security occurs on the Processor's side (Data Breach), the Processor will notify the Controller without undue delay, but at the latest within 48 hours of the moment it became certainly aware of the incident. The Processor will provide the Controller with cooperation in communicating with the supervisory authority.
7.2. The Processor will provide the Controller with reasonable cooperation in case the data subject (Client's employee) exercises their rights under the GDPR (right to deletion, access, rectification, portability). This agenda is primarily and independently handled by the Controller through built-in functions in the Service user interface (e.g., deleting an employee's personnel card, exporting to PDF).
8. Data Deletion
As stated in point 7.4 of the T&C, after complete termination of the Service provision, the Processor undertakes to permanently and irreversibly delete all personal data and their copies from the production database within 30 days, except for data where the obligation for their storage stems from valid legal regulations (tax and accounting records).