Privacy Policy

Last updated: March 22, 2026

1. Information We Collect

Account Information

When you register, we collect your email address, name (optional), and a hashed version of your password. We never store your password in plain text.

TikTok Account Data

When you connect a TikTok account, we receive and store your TikTok open ID, display name, and avatar URL. We also store encrypted OAuth access and refresh tokens to post content on your behalf. Your TikTok login credentials are never accessed or stored by MarketingCLI.

Content Data

Images you upload through the API are temporarily stored on our servers to facilitate posting to TikTok. Images are automatically deleted within 7 days after posting. Post metadata (titles, descriptions, timestamps, status) is retained for your dashboard and analytics.

Usage Data

We collect basic usage data including API request counts, post history, and last-used timestamps for API keys. We do not use third-party analytics or tracking services.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or payment method details. We store your Stripe customer ID to manage your subscription.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service
  • Post content to TikTok on your behalf
  • Manage your account and subscription
  • Display your post history and usage analytics
  • Communicate with you about your account or the Service
  • Prevent fraud and abuse

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Sharing

We share your data only with:

  • TikTok: Images, titles, and descriptions you submit are sent to TikTok's API for posting. This is the core function of the Service.
  • Stripe: Your email and subscription details are shared with Stripe for payment processing.
  • Cloudflare: Images are temporarily stored on Cloudflare R2 for delivery to TikTok.

We may also disclose information if required by law or to protect the rights and safety of MarketingCLI and its users.

4. Data Security

We implement appropriate security measures to protect your data:

  • TikTok OAuth tokens are encrypted at rest using AES encryption
  • API keys are stored as irreversible SHA-256 hashes
  • Passwords are hashed using bcrypt
  • All connections use HTTPS/TLS encryption
  • Database access is restricted and encrypted

5. Data Retention

  • Uploaded images: Deleted automatically 7 days after posting
  • Post metadata: Retained while your account is active
  • TikTok tokens: Deleted when you disconnect your account
  • Account data: Deleted upon account deletion request

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Disconnect your TikTok account at any time
  • Revoke API keys at any time
  • Export your data

To exercise any of these rights, contact us at [email protected] or use the relevant controls in your dashboard.

7. TikTok Data Usage

Our use of TikTok user data complies with TikTok's Developer Terms of Service. We only access TikTok data that users explicitly authorize through the OAuth consent flow. We use TikTok data solely to provide the Service (posting content and displaying account information). We do not use TikTok data for advertising, profiling, or any purpose unrelated to the Service.

8. Cookies

We use a session cookie to keep you signed in to the dashboard. This is a functional cookie required for the Service to work. We do not use tracking cookies or third-party cookies.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related questions or requests, contact us at [email protected].