Privacy Policy

Last updated: March 18, 2026

Effective date: May 14, 2026

This Privacy Policy explains how GlowLink ("we", "us", "our") collects, uses, stores, shares and protects your personal information when you use our Service. We are committed to complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Colombia's Statutory Law 1581 of 2012 on personal data protection, and the requirements of the platforms we integrate with, including TikTok.

1. Data Controller

The data controller responsible for your personal information is GlowLink, contactable at [email protected].

2. Information We Collect

a) Account information: name, email, password (hashed), role and company.

b) Content you upload: videos, images, captions, hashtags, scheduling metadata and publishing settings.

c) Information from connected platforms (TikTok, X, Instagram, Reddit): when you authorize a connection via OAuth we receive and store:

• A platform-specific user identifier (e.g. TikTok open_id).
• Your public display name, username and avatar URL.
• Access token, refresh token and their expiration dates.
• The scopes you granted (for TikTok: user.info.basic, video.upload, video.publish).

We do not collect your TikTok password, your private messages, the list of accounts you follow, your watch history or any data outside the requested scopes.

d) Technical data: IP address, browser type, device, log files and timestamps of publishing actions, used for security and diagnostics.

3. How We Use Your Information

• To authenticate you and operate the Service.
• To upload and publish, on your explicit instruction, the content you create to the platforms you have connected.
• To display the status of your scheduled and published posts.
• To refresh OAuth tokens automatically so your connection keeps working until you revoke it.
• To detect abuse, prevent fraud and ensure compliance with these Terms and platform policies.
• To comply with legal obligations.

We do not sell your personal data, we do not use it for advertising, and we do not use TikTok user data to train machine-learning or AI models.

4. Legal Basis for Processing (GDPR)

• Performance of a contract: to provide the Service you signed up for.
• Consent: when you connect a third-party account via OAuth and select the scopes.
• Legitimate interest: security, fraud prevention and Service improvement.
• Legal obligation: when required by applicable law.

5. Sharing of Information

We share information only with:

• The third-party platforms you have connected (TikTok, X, Instagram, Reddit), strictly to publish the content you instruct us to publish.
• Infrastructure providers that host our backend and database (Supabase / Lovable Cloud, hosted on AWS), under data processing agreements.
• Authorities, when legally required by court order or law.

We never sell or rent your personal data.

6. Storage and Security

Data is stored on secure servers with encryption in transit (TLS 1.2+) and at rest. OAuth tokens are stored encrypted and accessible only to backend processes that need them to publish on your behalf. Access to production systems is limited to authorized personnel and protected by strong authentication.

7. Data Retention

• Account data: while your account is active.
• Published content metadata: up to 24 months for analytics and audit, then anonymized.
• OAuth tokens: until you disconnect the account, the token expires without renewal, or you delete your account — at which point they are deleted within 30 days.
• Security logs: up to 12 months.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Delete your data ("right to be forgotten").
• Restrict or object to certain processing.
• Port your data in a machine-readable format.
• Withdraw consent at any time, including by disconnecting a TikTok or other social account.
• Lodge a complaint with a data protection authority.

To exercise these rights, write to [email protected]. We respond within 30 days.

9. How to Disconnect TikTok and Delete Your Data

1. Inside GlowLink: go to Settings > Connected accounts > TikTok and click Disconnect. This revokes the token and deletes it from our database.
2. Directly on TikTok: open the TikTok app > Profile > Menu > Settings and privacy > Security and permissions > Manage app permissions > GlowLink > Remove access.
3. To delete your entire GlowLink account and all associated data, send a request to [email protected] from the email registered in your account.

10. International Transfers

Your data may be processed in countries other than your country of residence (mainly the United States and the European Union, where our infrastructure providers are located). When this occurs, we use the safeguards required by applicable law, including the European Commission's Standard Contractual Clauses.

11. Children

The Service is not directed to persons under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

12. Cookies

We use strictly necessary cookies for session management and security. We do not use advertising or third-party tracking cookies.

13. Changes to this Policy

We may update this Policy. The new version will be posted at this URL with an updated "Effective date". Material changes will be notified inside the Service.

14. Contact

Privacy questions: [email protected]
Legal questions: [email protected]