Privacy Policy

This Privacy Policy applies to Octopost App (also referred to as “Octopost App”, “the Octopost App application” or “the application” throughout this document), a management tool that automates the creation and scheduled publishing of photo carousels on TikTok. Octopost App is operated for first-party use by the operator of the connected TikTok accounts and is not affiliated with TikTok. The service is available at https://octopost.app.

The application handles three categories of data:

• User account. Email address and login identifier, managed by our authentication provider (Supabase Auth).
• TikTok account data. When a TikTok account is connected through the official authorization flow: its public identifier (open_id), display name, avatar, the granted scopes, and the access and refresh tokens required to publish.
• Content you create. Titles, hooks, captions, hashtags and image prompts you enter, along with the generated images and scheduled posts.

Data is used solely to provide the service: generating carousel images, scheduling posts and publishing them to TikTok on your behalf, at your request. We do not sell any data and do not use it for advertising purposes.

Information obtained through the TikTok API is used exclusively to display the connected account inside the application and to publish the content you have prepared. It is never resold, never shared with third parties, and never used outside that purpose. You can revoke access at any time from within the application or from your TikTok account settings.

Data is hosted in the European Union (Supabase, Frankfurt region). TikTok refresh tokens are encrypted at rest (AES-256-GCM) and are never sent to the browser. Access to the database is isolated per user through Row Level Security policies.

The application relies on the following providers:

• TikTok Content Posting API. Publishing the carousels.
• Supabase. Database, authentication and image storage.
• Replicate. Generation of the carousel images.
• Netlify. Hosting of the application and scheduled jobs.

Data is retained for as long as the account remains active. Disconnecting a TikTok account revokes its token and deletes the associated data (drafts, schedule, history). Deleting the user account erases all related data.

In accordance with the GDPR, you have the right to access, rectify and delete your data. Most of these actions can be performed directly within the application; for any other request, please contact us.

For any question regarding this policy: contact@octopost.app.