Privacy Policy

When you connect your TikTok account to P2P Publisher, we collect and process the following information:

1.1 TikTok Account Information (via user.info.basic scope)

• Your TikTok display name and username
• Your TikTok profile avatar URL
• Your TikTok unique open_id (anonymous identifier)

We do not collect your email address, phone number, payment information, follower list, or direct messages through TikTok OAuth.

1.2 Video Content (via video.upload and video.publish scopes)

• Video files you choose to upload through our platform
• Video captions and hashtags you provide
• Privacy settings you configure (Public, Friends Only, Only Me)
• Branded content disclosure status
• Interaction settings (comments, duet, stitch permissions)

1.3 Usage Data

• Browser type and version
• Pages visited and features used
• Upload timestamps and status
• Error logs for debugging purposes

We use the information collected solely for the following purposes:

• Core Service Delivery: To authenticate your TikTok account and publish videos on your behalf using the TikTok Content Posting API v2
• Account Management: To display your connected account information within the platform
• Video Publishing: To upload your video content to TikTok's servers and post it according to your specified settings
• Dashboard Features: To display your upload history and basic performance metrics
• Service Improvement: To diagnose technical issues and improve platform reliability

P2P Publisher integrates with the TikTok Content Posting API to provide video uploading and publishing functionality. This integration involves:

3.1 OAuth 2.0 Authentication

We use TikTok's official OAuth 2.0 authorization protocol. When you click "Login with TikTok," you are redirected to TikTok's authorization page where you can review and grant the following specific scopes:

• video.publish — Allows posting videos directly to your TikTok profile
• video.upload — Allows uploading video files to TikTok's servers
• user.info.basic — Allows reading your basic profile information

3.2 Data Transmitted to TikTok

When you publish a video, the following data is transmitted to TikTok's servers via the Content Posting API:

• The video file content
• Caption text and hashtags
• Privacy level setting
• Branded content disclosure flag
• Interaction permission settings

This data transmission is subject to TikTok's Privacy Policy.

3.3 Branded Content Disclosure

In compliance with FTC guidelines and TikTok's Content Sharing Guidelines, our platform requires users to disclose whether video content is paid or branded. When the Branded Content toggle is enabled:

• The video will be labeled as a "Paid partnership" on TikTok
• The "Only Me" privacy option is automatically disabled
• A disclosure flag is sent with the API request

We are committed to data minimization and retention limitation:

• OAuth Tokens: Access tokens are stored encrypted and are automatically invalidated when you revoke access or disconnect your account
• Video Files: Original video files are not permanently stored on our servers. Files are processed and transmitted to TikTok, then deleted within 24 hours
• Account Data: Your profile information (display name, avatar URL) is retained only while your account is connected. Upon disconnection, this data is deleted within 48 hours
• Upload History: Metadata about your published videos (title, date, status) is retained for up to 12 months to support the Dashboard feature
• Usage Logs: Technical logs are retained for 30 days for debugging purposes

Account Deletion and Data Export

You may request deletion of all your data at any time by:

• Disconnecting your TikTok account within the Platform
• Revoking P2P Publisher's access from your TikTok account settings at tiktok.com/setting
• Contacting us at bento.theerapat3@gmail.com

We will process deletion requests within 48 hours.

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser, our servers, and TikTok's API is encrypted using TLS 1.3
• Encryption at Rest: OAuth tokens and stored data are encrypted using AES-256
• Access Control: Access to production systems follows the Principle of Least Privilege
• No Password Storage: We never store or handle your TikTok password — authentication is handled entirely by TikTok's OAuth 2.0 system
• Audit Logging: All API actions are logged for security and compliance purposes

Depending on your location, you may have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your data in certain circumstances
• CCPA Rights: California residents have the right to know, delete, and opt-out of the sale of personal information (we do not sell data)

To exercise any of these rights, contact us at bento.theerapat3@gmail.com.

For privacy-related inquiries, data requests, or to report a concern:

• Email: bento.theerapat3@gmail.com
• Privacy Officer: bento.theerapat3@gmail.com
• Platform: P2P Publisher
• Purpose: TikTok Content Posting API Integration — Video Upload & Publishing Tool

We aim to respond to all privacy-related requests within 48 hours.