Privacy Policy

This Privacy Policy explains how {{COMPANY_LEGAL_NAME}} (“we”, “us”, or “our”) collects, uses, shares, and protects information when you use ReelStudio (the “Service”), including when you connect your TikTok account or other third-party platforms. By using the Service, you agree to the practices described here.

1. At a Glance

• We collect only the data we need to operate the Service and to publish videos on your behalf to platforms you explicitly connect.
• We do not sell personal information, and we do not use TikTok user data for advertising, profiling, or training AI models.
• You can disconnect any platform and request deletion of your data at any time.
• Sensitive credentials (OAuth tokens) are encrypted at rest and never displayed back to you in plain text.

2. Information We Collect

2.1 Information you provide

• Account information: name, email address, and authentication credentials when you create an account.
• Content you submit: topics, briefs, scripts, idea cards, character notes, prompts, and any media you upload to the Service.
• Communications: messages you send to support or feedback you submit.

2.2 Information from connected platforms (including TikTok)

When you connect a third-party platform such as TikTok, we receive the data the platform returns based on the OAuth scopes you authorize. For TikTok specifically, we may request the following scopes and data:

• user.info.basic — your TikTok open_id, union_id, display name, avatar URL, and (where applicable) follower count, used solely to identify your connected account inside the Service and to display which TikTok account a video will be posted to.
• video.upload — used to upload videos to your TikTok inbox for you to finalize and publish from the TikTok app. We never post publicly under this scope.
• video.publish (only if you explicitly enable direct posting and our app completes TikTok’s audit) — used to publish a video you have approved directly to your TikTok profile, with the title, caption, hashtags, privacy level, and disclosure flags you specify.
• OAuth tokens: the access token, refresh token, scope set, and expiry returned by TikTok at the end of the OAuth flow. These are stored encrypted at rest and used only to call TikTok APIs on your behalf.
• Publishing results: the upload identifier, post identifier, status, and any error messages returned by TikTok in response to actions you initiated, used to show you the status of your post and to help you troubleshoot failures.
• Optional analytics (only if you grant the corresponding scope): the public metrics TikTok exposes for posts you have published through the Service (such as views, likes, comments, and shares), used to populate your analytics dashboard. We do not retrieve metrics for posts not created through the Service.

We do not request, fetch, copy, or store TikTok comments, direct messages, the contents of your followers’ or followees’ accounts, or any TikTok user content other than the videos you publish through the Service.

2.3 Information collected automatically

• Usage data: pages visited, actions taken in the Service, timestamps, and feature usage, used for security, debugging, abuse prevention, and product improvement.
• Device data: IP address, browser type, operating system, and similar technical information.
• Cookies and similar technologies: strictly necessary cookies for authentication and security. We do not use third-party advertising cookies.

3. How We Use Information

We use the information described above to:

• provide, maintain, and operate the Service, including connected-platform features;
• authenticate you, secure the Service, and prevent fraud, abuse, and policy violations;
• publish or upload content on your behalf to platforms you have explicitly connected and approved;
• show you the status, results, and (where applicable) public analytics of those posts;
• respond to your support requests and communications;
• comply with legal obligations and enforce our Terms of Service;
• improve the Service, including reliability, performance, and quality, using aggregated and de-identified data wherever possible.

We will not use TikTok user data, content, or metrics to (a) train or fine-tune machine learning models, (b) target advertising, (c) build user profiles for marketing, (d) sell, rent, lease, or trade the data, or (e) any purpose other than delivering the features you have requested through the Service.

4. Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, we process your personal information on the following legal bases:

• Contract: to provide the Service you have requested.
• Legitimate interests: to secure the Service, prevent abuse, and improve our product, where those interests are not overridden by your rights.
• Consent: when you connect a platform such as TikTok and authorize specific OAuth scopes; you can withdraw this consent at any time by disconnecting the platform.
• Legal obligation: when we are required by applicable law.

5. How We Share Information

We share information only as described below.

• With connected platforms you authorize. When you publish a video to TikTok, we send the video and the metadata you specify (title, caption, hashtags, privacy level, AI disclosure flags) to TikTok. TikTok’s use of that data is governed by the TikTok Privacy Policy. If you configure a publishing provider such as Upload-Post or Ayrshare, we send the approved video and publishing metadata to that provider only so it can deliver the post to the connected platform you selected.
• With service providers (sub-processors). We use vetted vendors to host and operate the Service. These include cloud infrastructure (e.g. {{HOSTING_PROVIDER}}), database and storage providers, error-monitoring providers, and email delivery providers. They process data only under our instructions and under contractual confidentiality and data-protection obligations.
• For legal reasons. We may disclose information if required to comply with a valid legal process, to protect the safety of any person, to enforce our Terms, or to detect and prevent fraud and abuse.
• Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction; we will notify you of any change in ownership or use of your information.

We do not sell or rent your personal information, and we do not share TikTok user data with advertisers, data brokers, or AI-training datasets.

6. AI Processing

The Service uses third-party AI providers (for example, xAI for video generation and large-language-model providers for text drafting) to assist in producing content you request. We send those providers only the prompts and reference assets necessary to generate the requested output. We do not send TikTok user data, TikTok analytics, or TikTok OAuth tokens to AI providers, and we configure these providers, where supported, to disable training on our submissions.

7. Data Retention

We retain information only for as long as we need it for the purposes described:

• Account data: for as long as your account is active, plus a short period afterwards for legal and operational purposes.
• Content you submit: until you delete it or close your account.
• OAuth tokens (including TikTok): until you disconnect the platform, revoke access from the platform’s settings, or close your account, after which we delete the tokens promptly (within 30 days). Refresh tokens are also rotated as required by the platform.
• Audit and security logs: for up to 12 months, then deleted or anonymized.

8. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS) and at rest for sensitive fields such as OAuth tokens, role-based access controls, audit logging, dependency review, and principle-of-least-privilege practices. No system is perfectly secure; we cannot guarantee the absolute security of your information. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

9. Your Rights and Choices

Depending on where you live, you may have the following rights with respect to your personal information:

• access a copy of the personal information we hold about you;
• correct inaccurate or incomplete information;
• delete your personal information (“right to erasure”);
• object to or restrict certain processing;
• port your data to another service;
• withdraw consent where we rely on consent;
• lodge a complaint with a supervisory authority (such as your local data-protection authority).

To exercise any of these rights, email {{PRIVACY_EMAIL}}. We will verify your request and respond within the time required by applicable law (generally within 30 days). You may also disconnect TikTok at any time inside the Service or by visiting TikTok’s “Manage app permissions” page; once disconnected, our access tokens are revoked and the corresponding stored tokens are deleted.

10. California Privacy Notice (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and (in some cases) sell or share, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CCPA. To exercise your rights, contact {{PRIVACY_EMAIL}}. We will not discriminate against you for exercising your rights.

11. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Some connected platforms (including TikTok) require users to be at least 13 (or older in some jurisdictions). If you believe we have inadvertently collected personal information from a child under 13, please contact us at {{PRIVACY_EMAIL}} and we will delete it.

12. International Data Transfers

We are based in {{COMPANY_COUNTRY}}, and our service providers may process information in other countries. Where required by law, we use appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for cross-border transfers of personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the “Last updated” date above, and where appropriate notify you by reasonable additional means (such as email or an in-product notice). Your continued use of the Service after the update takes effect means you accept the updated policy.

14. How to Contact Us

For privacy questions or to exercise your rights, contact us at:

• Email: {{PRIVACY_EMAIL}}
• Mail: {{COMPANY_LEGAL_NAME}}, {{COMPANY_MAILING_ADDRESS}}
• Data Protection Officer (EEA/UK, if applicable): {{DPO_EMAIL}}