Privacy Policy

Last updated: March 20, 2026

1. Introduction

TikTokEasyUpload ("we," "our," or "the Service") is a video publishing tool that enables users to upload content to TikTok via the official TikTok Content Posting API. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

2. Lawful Basis for Processing

We process your personal data on the following lawful bases:

  • Consent: When you create an account and link your TikTok account, you explicitly consent to data processing as described in this policy.
  • Contractual necessity: Processing is necessary to provide the video upload service you requested.
  • Legitimate interest: Maintaining security, preventing fraud, and improving the Service.

3. Information We Collect

We collect the following categories of information:

a) Account Information

  • Email address and hashed password for app authentication

b) TikTok Account Data

  • TikTok display name and avatar URL (via user.info.basic scope)
  • TikTok Open ID (unique account identifier)
  • OAuth access tokens and refresh tokens (for publishing on your behalf)
  • Authorized scopes (user.info.basic, video.publish, video.list)

We access TikTok data only through the official TikTok API with scopes you explicitly authorize during the OAuth flow.

c) Video Content

  • Video files you upload for publishing
  • Publishing preferences: title, privacy level, interaction settings (comments, duets, stitches)
  • Branded content and commercial disclosure settings

d) User-Provided API Credentials (Optional)

  • TikTok Developer App client_key and client_secret, if you choose to provide your own

These credentials are stored encrypted in our backend and used only to authenticate API requests on your behalf. We never share them with third parties.

e) API Usage Data

  • API request logs: endpoint, method, status code, response time
  • IP address and User-Agent (from API requests)
  • API key identifiers and last-used timestamps

f) Automatically Collected

  • We do not use cookies, tracking pixels, or third-party analytics on this Service

4. How We Use Your Information

We use your information for the limited purpose of enabling and providing the TikTok video upload service:

  • Authenticating you within the application
  • Publishing video content to your linked TikTok accounts as you direct
  • Refreshing OAuth tokens to maintain your TikTok connection
  • Displaying upload history and status
  • Processing API requests when you use the programmatic upload API
  • Monitoring API usage for security and abuse prevention

We do NOT use your TikTok data to: analyze or profile user behavior, serve targeted advertising, build user profiles for marketing, monetize or sell your data, or perform any processing beyond what is necessary to provide this Service.

5. Data Storage and Security

Your data is stored using Convex, a SOC 2 Type II compliant cloud backend provider. Convex acts as our data processor and stores data in secure, encrypted infrastructure.

  • OAuth tokens are encrypted at rest in the Convex database
  • We never store your TikTok password — authentication is handled entirely via TikTok OAuth
  • User-provided API credentials (client_secret) are stored encrypted and never exposed in logs or API responses
  • API keys are stored as SHA-256 hashes — the plaintext key is shown once at creation and never retrievable again
  • Video files are stored temporarily for the purpose of uploading to TikTok and may be deleted after successful publishing

We maintain appropriate technical and administrative controls in accordance with industry standards to ensure the security and confidentiality of your data and protect against unauthorized access, disclosure, or destruction.

6. Data Sharing

We share your data only with the following parties and for the stated purposes:

  • TikTok (ByteDance): Video content, titles, and publishing settings are transmitted to TikTok via the Content Posting API when you initiate an upload. This is governed by TikTok's Privacy Policy.
  • Convex: Our backend infrastructure provider stores and processes data on our behalf as a data processor.

We do NOT sell, rent, or trade your personal information to any third party. We do NOT disclose your data for cross-context behavioral advertising. We do NOT share TikTok user data with data brokers or advertising networks.

7. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • OAuth tokens: Stored until you disconnect your TikTok account or your tokens expire and cannot be refreshed.
  • Video files: Stored temporarily for upload processing. You may delete uploaded videos at any time.
  • API request logs: Retained for 90 days for security and debugging purposes, then automatically deleted.
  • User-provided API credentials: Deleted immediately when you click "Use Default Keys" or delete your account.

8. Your Rights

All Users

  • Disconnect your TikTok accounts at any time, immediately revoking our access
  • Delete your account and all associated data
  • Request a copy of all data we store about you
  • Revoke or delete API keys at any time

GDPR Rights (EU/EEA Users)

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation of data processing
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to data processing based on legitimate interest
  • Right to withdraw consent: Withdraw consent at any time without affecting prior processing

CCPA/CPRA Rights (California Users)

  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of the sale or sharing of personal information (we do not sell your data)
  • Right to non-discrimination: Exercise your rights without discriminatory treatment

To exercise any of these rights, contact us at privacy@tiktokeasyupload.com. We will respond within 30 days.

9. TikTok Data Usage

We access TikTok data only through the official TikTok API with scopes you explicitly authorize. Our use of TikTok data is governed by the TikTok Developer Terms of Service and the TikTok Privacy Policy.

We do not analyze, profile, or monetize your TikTok data beyond what is necessary to provide the video upload functionality of this Service.

10. Children's Privacy

This Service is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, data access requests, or complaints, contact us at:

privacy@tiktokeasyupload.com