Privacy Policy

Last Updated: November 25, 2024

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, username, password
• Profile Information: Profile picture, bio, preferences
• Content: Posts, images, videos, and other content you create or upload
• Social Media Credentials: Authentication tokens for connected social media accounts
• Communication: Messages you send to our support team

1.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, referring URLs
• Cookies: Information stored through cookies and similar technologies

1.3 Third-Party Information

We receive information from third-party services you connect to Postiz:

• Social Media Platforms: Profile information, follower counts, engagement metrics
• Analytics: Performance data of your published content

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our Service
• Content Publishing: To publish your content to connected social media platforms
• Account Management: To manage your account and authenticate your identity
• Communication: To send you service updates, notifications, and support messages
• Analytics: To analyze usage patterns and improve our Service
• Security: To detect, prevent, and address technical issues and security threats
• Legal Compliance: To comply with legal obligations and protect our rights

3. How We Share Your Information

3.1 Third-Party Social Media Platforms

We share your content with social media platforms you've connected to your account (TikTok, Facebook, Instagram, Twitter, LinkedIn, etc.) according to your publishing instructions.

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Hosting and infrastructure services
• Analytics and performance monitoring
• Customer support tools
• Payment processing (if applicable)

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal processes (subpoenas, court orders)
• Government requests
• Protection of our rights and safety
• Investigation of fraud or security issues

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

3.5 TikTok Data and Integration

When you connect your TikTok account to Postiz, we access and process certain data from TikTok through the TikTok Developer API. This section explains how we handle TikTok-specific data.

Data We Access from TikTok

Based on the permissions (scopes) you grant, we may access the following TikTok data:

• user.info.basic: Basic profile information including your open_id, union_id, avatar URL, and display name. This scope is automatically granted when you connect your TikTok account and allows us to identify your account and display your profile information in Postiz.
• user.info.profile: Extended profile information to provide enhanced features and personalization.
• video.publish: Permission to publish videos and photos to your TikTok account on your behalf. We only use this permission after you explicitly schedule or publish content through our platform.
• video.upload: Permission to upload video content to TikTok for publication.

How We Use TikTok Data

We use TikTok data strictly for the limited purpose of providing our social media management services, including:

• Authenticating and identifying your TikTok account
• Displaying your TikTok profile information in the Postiz dashboard
• Publishing content to your TikTok account at your direction
• Retrieving analytics and performance data for your TikTok posts
• Enabling content scheduling and management features

Limitations and Protections

In compliance with TikTok Developer Terms, we commit that:

• We do NOT build profiles or databases of TikTok users for unauthorized purposes
• We do NOT share your TikTok data with third parties without your explicit consent
• We do NOT sell your TikTok data or use it for cross-context behavioral advertising
• We do NOT remove watermarks or copyright mechanisms from TikTok content
• We only access TikTok data necessary for the services you request
• Your TikTok data is processed in accordance with the TikTok Developer Data Sharing Agreement

Content Publishing and User Consent

When you publish content to TikTok through Postiz:

• We only publish content after you explicitly authorize and schedule the publication
• You maintain full awareness and control over what is posted to your TikTok account
• We clearly display which TikTok account will receive the content before publishing
• By publishing content through Postiz, you agree to TikTok's Music Usage Confirmation and applicable TikTok policies
• Processing of your content on TikTok may take a few minutes after you initiate publication
• You can monitor the publication status of your content in your Postiz dashboard

Commercial and Branded Content Disclosure

If you use Postiz to publish commercial or branded content to TikTok:

• We provide content disclosure settings that allow you to indicate promotional content
• Content marked as "Your brand" will be labeled as "Promotional content" on TikTok
• Content marked as "Branded content" will be labeled as "Paid partnership" on TikTok
• You agree to TikTok's Branded Content Policy when publishing branded content
• Branded content cannot be set to private visibility on TikTok

TikTok Data Retention

We retain TikTok data as follows:

• Access Tokens: Stored securely and refreshed as needed while your TikTok account remains connected. Immediately deleted when you disconnect your TikTok account.
• Profile Information: Cached to improve performance but updated regularly. Deleted within 30 days of disconnecting your TikTok account.
• Content Metadata: Information about published content (post IDs, timestamps) is retained for analytics purposes but deleted within 90 days of account disconnection.
• Service Termination: All TikTok data is permanently deleted within 30 days of terminating your Postiz account or as required by applicable law.

Your Rights Regarding TikTok Data

You have the following rights regarding your TikTok data:

• Revoke Access: You can disconnect your TikTok account at any time through your Postiz account settings or directly in your TikTok app's authorized apps section
• Scope Control: You can grant or deny specific permissions when connecting your TikTok account
• Data Deletion: You can request immediate deletion of all TikTok data by contacting support@schryverdelecuador.com
• Access: You can request a copy of the TikTok data we store about you

TikTok Privacy Policy

Your use of TikTok through Postiz is also governed by TikTok's Privacy Policy. We encourage you to review TikTok's Privacy Policy to understand how TikTok handles your data.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data is encrypted in transit using SSL/TLS protocols
• Access Controls: Limited access to personal data on a need-to-know basis
• Secure Storage: Data stored on secure servers with access logging
• Regular Audits: Security practices reviewed and updated regularly

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

4.1 TikTok Data Security Measures

We implement technical, physical, and administrative safeguards that meet or exceed TikTok's security requirements for developer applications:

• Token Security: TikTok access tokens are encrypted at rest using AES-256 encryption and transmitted only over TLS 1.2 or higher
• Access Controls: TikTok data is accessible only to authorized personnel on a strict need-to-know basis with individual authentication and authorization
• Secure APIs: All communications with TikTok APIs use HTTPS with certificate pinning where applicable
• Data Isolation: TikTok user data is logically separated and cannot be accessed by other users or unauthorized parties
• Audit Logging: All access to TikTok data is logged with timestamps, user identification, and action taken
• Security Monitoring: We maintain real-time monitoring for unauthorized access attempts and security anomalies
• Incident Response: In the event of a data breach affecting TikTok data, we will notify affected users and TikTok within 72 hours as required by applicable law and TikTok's Developer Terms

We regularly review and update our security measures to align with industry best practices and TikTok's security requirements.

5. Data Retention

We retain your information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are legally required to retain it.

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Export: Receive your data in a portable format
• Objection: Object to certain processing of your data

6.2 Connected Accounts

You can disconnect social media accounts at any time through your account settings. This will revoke our access to those platforms.

6.3 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any promotional email or updating your communication preferences.

6.4 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Service.

7. Third-Party Links and Services

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

8. Children's Privacy

Our Service is not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date
• Sending an email notification
• Posting a notice on our Service

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Data Protection Rights (GDPR/CCPA)

If you are a resident of the European Economic Area (EEA) or California, you have additional rights:

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right not to be subject to automated decision-making

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@schryverdelecuador.com
Support: support@schryverdelecuador.com
Website: https://postiz.schryverdelecuador.com

13. Data Protection Officer

For data protection inquiries, you may contact our Data Protection Officer at: dpo@schryverdelecuador.com