Privacy Policy

Last updated: May 2026

1. Data Controller

Kreai (Martin Monti), Italy. Contact: info@kreai.io

2. What We Collect

• TikTok OAuth access token and refresh token
• TikTok Open ID (anonymous platform identifier)
• Account connection timestamp

We do not collect your name, email address, or any personal profile data beyond what is listed above.

3. How We Use Your Data

Tokens are used exclusively to publish content on your TikTok account on your behalf, as authorized by you through TikTok's official OAuth flow. We do not sell, share, or transfer your data to third parties.

4. Data Storage

Tokens are stored in Google Cloud Firestore (region: europe-west1, EU). Access is restricted to kreai-social service accounts only. Google Cloud is ISO 27001 and SOC 2 certified.

5. Data Retention

Your tokens are retained until you request disconnection. Tokens expire automatically per TikTok's policy: access token 24 hours, refresh token 365 days.

6. Your Rights (GDPR)

Under GDPR you have the right to access, rectify, or erase your data at any time. To disconnect your account and permanently delete all stored tokens, contact us at: info@kreai.io

7. TikTok API

kreai-social uses the TikTok API. Your use is also subject to TikTok's Privacy Policy.

8. Contact

Privacy requests: info@kreai.io