How we collect, store, protect, and delete data.

This policy covers OAuth data, token handling, account metadata, logs, support communication, retention, deletion, and security practices.

Application covered by this policy

This Privacy Policy applies to the application SPG Autoposter.

SPG Autoposter allows users to upload, manage, schedule, and publish their own video content to TikTok using the official TikTok API.

OAuth authorization codes, access tokens, refresh tokens, scopes, expiry metadata, and account identifiers required to connect an account.

Telegram user IDs when an account is linked through the Telegram bot.

Support messages that you send by email or through future contact channels.

Operational logs that help us diagnose platform issues, security events, and callback failures.

To complete OAuth flows, maintain connected account status, and show non-sensitive status information inside the product interface.

To associate a Telegram user with connected OAuth accounts when the bot is used as the main management interface.

To respond to support requests and operate the service safely.

To fulfill data deletion requests and preserve compliance records where required by law.

SPG Autoposter uses the official TikTok API.

Users authorize access through TikTok before the application can connect their TikTok account.

The application requests and uses only the data necessary to upload, manage, schedule, and publish user-provided video content.

SPG Autoposter does not sell user data.

Users may revoke access at any time through their TikTok account settings.

Tokens and account metadata are stored server-side only, using Cloudflare storage bindings and Worker secrets for encryption-related material.

Telegram user linkage records are stored only as needed to operate the bot-driven account management flow.

Ephemeral OAuth state is retained only long enough to complete the flow.

Connected account records are retained while the account is active or until deletion is requested.

State validation, scoped access, and server-side token handling are used to reduce risk.

Secrets are not committed to the repository and are never exposed to the browser.

We do not intentionally log access tokens or refresh tokens.

For privacy questions or TikTok API data requests, contact us at support@spgutils.ru.

This policy is a template for the live product and should be checked by counsel before launch.