1. Introduction
This Privacy Policy describes how Postiz Social Media ("we", "our", "us"), operated by Antoine LANDRY, collects, uses, stores, and protects information in connection with the Postiz Social Media web application (the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this policy.
We are committed to handling your personal data responsibly and transparently, and to complying with applicable privacy laws, including the General Data Protection Regulation (GDPR) where applicable.
2. Who We Are
Postiz Social Media is operated by:
Antoine LANDRY
97419, France
Email: support@bricksworld.fr
3. What This Service Does
Postiz Social Media is a web-based application that enables users to connect their TikTok account and publish original video content to their TikTok profile. The Service uses TikTok's official Login Kit for authentication and TikTok's Content Posting API to perform user-initiated publication actions.
All publication actions are explicitly initiated by the user. The Service does not publish content automatically or without direct, intentional user action.
4. Information We Collect
4.1 TikTok Account and Authentication Data
When you authenticate using TikTok Login Kit, we receive information from TikTok as part of the OAuth authorization flow. This may include:
- Your TikTok user identifier (OpenID / UnionID)
- OAuth access tokens and refresh tokens issued by TikTok
- Basic profile data authorized by you during the OAuth flow (such as display name or avatar, depending on the scopes you grant)
These tokens and identifiers are used solely to authenticate your identity and to perform the publishing actions you explicitly request through the Service. They are not used for any other purpose.
4.2 Content and Media Data
When you upload video content through the Service for publication to TikTok, we temporarily process the uploaded files in order to submit them to TikTok on your behalf. We do not permanently store, redistribute, or repurpose your uploaded content. Files are retained only for the duration necessary to complete the requested operation.
4.3 Technical and Usage Data
We may collect standard technical information when you access the Service, including:
- IP address
- Browser type and version
- Operating system and device type
- Pages accessed and timestamps
- Referring URLs
- Session duration and basic interaction data
This information is collected for operational purposes such as service monitoring, security, diagnostics, and aggregate usage analysis. It is not used to build individual profiles or to serve advertising.
4.4 Account and Contact Data
If the Service includes user account creation, we may collect your email address, a chosen username or display name, and usage activity within the Service. This information is used to provide and maintain your account and to respond to support requests.
5. How We Use Your Data
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your identity and connect your TikTok account
- Execute publishing actions that you initiate
- Maintain and improve the Service's functionality and reliability
- Respond to support requests and communications
- Detect and prevent unauthorized access, fraud, or abuse
- Comply with applicable legal obligations
We do not sell, rent, trade, or otherwise disclose your personal data to third parties for commercial, marketing, or advertising purposes.
6. Legal Basis for Processing
Where applicable under privacy law (including the GDPR for users located in the European Economic Area or equivalent jurisdictions), we process your personal data on the following legal bases:
- Performance of a contract: to provide the Service you have requested and agreed to use.
- Legitimate interests: for service security, fraud prevention, diagnostics, and general service improvement, provided these interests do not override your rights.
- Consent: where required by law for specific processing activities.
- Legal obligation: to comply with applicable laws, regulations, or lawful orders.
7. How Data Is Stored and Protected
We implement reasonable and appropriate technical and organizational security measures to protect the information we hold against unauthorized access, disclosure, alteration, or destruction. These include:
- Encrypted data transmission over HTTPS/TLS
- Access controls limiting who can access stored data
- Secure storage of authentication tokens
- Regular review of access rights and security practices
OAuth tokens issued by TikTok are stored securely and used exclusively to perform actions that you have explicitly authorized. They are not shared with unauthorized parties, and we do not access your TikTok account beyond the specific scopes you grant.
While we take reasonable precautions, no method of data storage or transmission is completely secure. We cannot guarantee absolute security.
8. Third-Party Services and Processors
The Service relies on third-party services and providers to operate. These may include:
- TikTok (Login Kit, Content Posting API): user authentication and content submission. TikTok's own privacy policy governs data processed on their platform.
- Hosting provider: server infrastructure and service delivery.
- Analytics provider (if applicable): aggregate usage statistics to understand how the Service is used. No personal profiling or advertising use.
- Cloud storage / CDN (if applicable): temporary file handling and delivery during publishing operations.
We select third-party providers that offer adequate data protection guarantees and we do not authorize them to use your personal data for purposes beyond those described here.
9. Data Retention
We retain your personal data only for as long as necessary to provide the Service or to comply with applicable legal obligations. Specifically:
- Authentication tokens are stored for the duration of your active authorized session and are invalidated upon de-authorization or account deletion.
- Uploaded media files are retained only for the time required to complete the requested publishing operation and are not stored long-term.
- Technical logs may be retained for a limited period (typically up to 90 days) for security, diagnostic, and fraud prevention purposes, and are then deleted or anonymized.
- Account data is retained for as long as your account is active. Upon account deletion, personal data is removed within a reasonable timeframe.
10. Your Rights
Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal data:
- Right of access: to obtain a copy of the personal data we hold about you.
- Right to rectification: to request correction of inaccurate or incomplete data.
- Right to erasure: to request deletion of your personal data, subject to applicable retention obligations.
- Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.
- Right to object or restrict processing: to object to or request restriction of certain processing activities.
- Right to data portability: to receive your data in a structured, commonly used format.
To exercise any of these rights, please contact us at support@bricksworld.fr. We will respond within a reasonable timeframe and in accordance with applicable law.
11. How to Request Data Deletion or Account Removal
You can request deletion of your account and all associated personal data by sending an email to support@bricksworld.fr with the subject line "Data Deletion Request". Please include your registered email address or TikTok user identifier so we can locate and remove your data.
You may also revoke the application's access to your TikTok account at any time through your TikTok account settings under Settings & Privacy → Security → Manage app permissions. Revoking access will immediately prevent the Service from accessing your TikTok account.
12. Children and Minors
The Service is not intended for individuals under the age of 16 (or the minimum age required in your country for online services). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at support@bricksworld.fr.
13. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your jurisdiction. Where such transfers occur, we take steps to ensure that appropriate safeguards are in place, in accordance with applicable law (such as standard contractual clauses or other recognized transfer mechanisms under the GDPR where applicable).
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our data practices. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after any changes are posted constitutes your acceptance of the revised policy.
If changes are material, we will make reasonable efforts to notify you (for example, by displaying a notice within the Service or by sending an email to registered users).
15. Contact
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:
Antoine LANDRY
Email: support@bricksworld.fr
Location: 97419, France