Privacy Policy

Effective Date: 14 May 2026

Volodymyr Sych ("Company", "we", "us", or "our") operates TTtools, available at tttools.net and related subdomains (the "Service"). This Privacy Policy explains how we collect, use, store, disclose, and protect information when you use the Service.

1. Who We Are

Operator:

TTtools is a SaaS platform for TikTok advertising operations teams. The Service helps authorized business users connect TikTok advertising assets through official APIs, view asset inventory, review reporting metrics, manage approved workflows, and receive notifications.

2. Information We Collect

We collect information in the following categories.

2.1 Account Information

We may collect:

• name;
• email address;
• password hash;
• organization and workspace membership;
• role and permission information;
• login/session metadata.

We do not store your plaintext password.

2.2 Organization and Workspace Data

We may collect:

• organization name;
• workspace name;
• user roles;
• invites;
• membership changes;
• audit events related to account and organization activity.

2.3 TikTok Integration Data

If you connect TikTok advertising assets, we may process:

• OAuth authorization data;
• encrypted access tokens and refresh tokens;
• token expiration metadata;
• approved scope information;
• business center identifiers and metadata;
• ad account identifiers and metadata;
• TikTok account identifiers and metadata;
• pixel, catalog, audience, campaign, ad group, and ad identifiers where needed;
• reporting metrics returned by TikTok APIs;
• connection health and error status.

We do not ask for or store your TikTok password. We do not collect TikTok browser cookies. We do not use scraping, browser automation, anti-detect technology, or credential sharing to access TikTok.

2.4 Reporting and Operational Data

We may process:

• campaign metrics;
• daily performance facts;
• saved reporting views;
• CSV export metadata;
• bulk operation metadata;
• job status and retry information.

2.5 Notification Data

If notifications are enabled, we may process:

• email recipient addresses;
• Telegram chat/user identifiers;
• notification subject and body;
• delivery status;
• provider references from email or Telegram providers.

2.6 Technical and Security Data

We may collect:

• IP address;
• user agent;
• request identifiers;
• timestamps;
• authentication and CSRF events;
• error logs;
• rate limit events;
• audit logs;
• infrastructure logs.

3. How We Use Information

We use information to:

• provide and operate the Service;
• authenticate users and maintain sessions;
• connect TikTok assets through official OAuth/API flows;
• display asset inventory and reporting;
• execute user-requested workflows;
• send transactional emails and alerts;
• deliver Telegram notifications if enabled;
• secure accounts and detect abuse;
• maintain audit logs;
• debug, monitor, and improve the Service;
• comply with legal obligations.

4. Legal Bases

Where applicable under privacy laws, we rely on:

• performance of contract;
• legitimate interests, such as security and service operation;
• consent, where required;
• compliance with legal obligations.

5. How We Share Information

We do not sell personal information.

We may share information with:

• hosting providers used to run the Service;
• database providers such as Supabase;
• Redis/queue providers;
• email providers such as Resend or Postmark;
• Telegram, if you enable Telegram notifications;
• TikTok, when you use TikTok-connected features;
• analytics/monitoring providers, if enabled;
• legal authorities where required by law;
• professional advisors such as lawyers or accountants.

Each provider is used only as needed to operate the Service.

6. TikTok Data

TikTok data is used only to provide user-authorized product features. We do not use TikTok data to create unauthorized profiles, sell advertising data, or bypass TikTok policies.

If you disconnect a TikTok integration, we will remove or deactivate stored OAuth tokens according to the Service's deletion process. Some logs, audit records, and backup copies may be retained for a limited period for security, compliance, debugging, or legal reasons.

7. Cookies and Sessions

The Service uses essential cookies for:

• authentication sessions;
• CSRF protection;
• security;
• remembering necessary session state.

We do not use essential session cookies for advertising.

8. Data Retention

We retain information for as long as reasonably necessary to provide the Service and meet legal, security, and operational requirements.

Typical retention periods:

Data type	Typical retention
Account data	Until account deletion or contract termination
TikTok OAuth tokens	Until disconnect, deletion, or expiration
Reporting data	As configured by the workspace or service plan
Audit logs	Typically 90-365 days or longer if required
Backups	Typically 30-90 days
Security logs	As needed for security and compliance

Actual retention may vary depending on legal, security, or operational needs.

9. Data Deletion and Access Requests

You may request:

• access to your personal information;
• correction of inaccurate data;
• deletion of account data;
• export of certain data;
• restriction or objection where applicable.

Contact us at admin@tttools.net.

If you are part of an organization account, some requests may need to be handled through the organization owner or administrator.

10. Security

We use reasonable technical and organizational measures, including:

• HTTPS/TLS;
• encrypted token storage;
• access controls;
• role-based permissions;
• audit logs;
• secret management through environment variables;
• least-privilege access where practical.

No system is perfectly secure. You are responsible for protecting your account credentials and limiting access to authorized users.

11. International Transfers

The Service and its providers may process information in countries other than your country of residence. Where required, we use appropriate safeguards for international transfers.

12. Children

The Service is intended for business users and is not directed to children. We do not knowingly collect personal information from children.

13. Third-Party Services

The Service may connect to or rely on third-party services, including TikTok, Supabase, email providers, Telegram, hosting platforms, and monitoring tools. Your use of those services may be subject to their own terms and privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice through the Service or by email.

15. Contact

For privacy questions, contact: