Privacy Policy

This Privacy Policy (“Policy”) describes how the CreatorUN platform (“Service”, “we”) collects, uses, stores and protects personal data of its users (“User”, “you”).

By using the Service, the User consents to the processing of their personal data as described in this Policy and in accordance with applicable data protection legislation.

When you use the Service, we collect and process the following data:

2.1. Account data

• Name, email address, password (stored as a secure hash).
• Profile picture (if uploaded by the User).
• Role within the organization (admin, manager, creator).
• Account creation date and last login timestamp.

2.2. User-generated content

• Video ideas, scripts, notes, uploaded files (references, covers).
• Messages exchanged in the in-app “Messages” section.
• Configuration of products, formats, KPIs and team goals.

2.3. Technical data

• IP address, device type, browser and operating system.
• Activity logs within the Service (for diagnostics and security).
• Cookies for session management and authentication.

The Service uses the public TikTok API (TikTok for Developers) through the official Login Kit and Display API products. Connecting a TikTok account is done voluntarily by the User.

3.1. Scopes we request

• user.info.basic — to retrieve basic profile information (open_id, display name, avatar URL).
• video.list — to retrieve the list of public videos of the connected account along with their public performance metrics (views, likes, comments, shares).

3.2. Data we receive and store

• Technical access tokens (access token, refresh token) — stored encrypted in our database and used solely for periodic data synchronization.
• Public profile data: open_id, display_name, avatar_url.
• Public video data: id, title, description, cover image, share URL, duration, create time, view_count, like_count, comment_count, share_count.

3.3. How we use TikTok data

• To display the creator's videos and statistics in the internal dashboard of your organization.
• To calculate aggregated metrics (total views, average engagement rate, top videos, ROI).
• Synchronization occurs only on User request (the “Sync” button).

3.4. What we DO NOT do

• We do not publish, edit or delete content on TikTok on behalf of the User.
• We do not share TikTok data with third parties and do not use it for advertising purposes.
• We do not request or store the TikTok account password — authentication is performed through the official TikTok OAuth.
• We do not collect direct messages, private videos or any other non-public data.

3.5. Revoking access and data deletion

The User can disconnect the TikTok integration at any time by clicking “Disconnect” on the account card in their profile. After disconnection:

• Access tokens are immediately removed from our database.
• All synchronized videos and their metrics are deleted.
• Additionally, the User may revoke access in their TikTok account settings at TikTok Settings → Manage App Permissions.

• Provision of Service features that require an account.
• Authentication and access control within the organization.
• Communication with the User (service notifications, invitations, emails).
• Security, fraud prevention and abuse detection.
• Analytics of Service usage and product improvement.
• Compliance with applicable legal requirements.

We do not sell or share personal data with third parties, except in the following cases:

• Infrastructure providers: hosting and database providers — to run the Service.
• Communication services: email (SMTP) provider — to send invitations and notifications.
• External APIs (TikTok): we access the TikTok API using User tokens as described in section 3.
• Government authorities: when required by applicable law.

All partners are bound by confidentiality obligations and process data strictly within the scope of the services they provide.

• Account data is retained until the account is deleted by the organization administrator or upon User request.
• TikTok integration data is retained until the User disconnects the integration, after which it is immediately deleted.
• Technical logs are retained for no longer than 90 days.
• Data required to be retained by law (e.g. financial records) is retained for the statutory period.

• All connections to the Service are protected by HTTPS (TLS).
• User passwords are stored as secure cryptographic hashes.
• Access tokens to external services are stored encrypted.
• Database access is restricted and protected by multi-factor authentication.
• Access logs are maintained and regularly reviewed for suspicious activity.

Subject to applicable data protection laws, the User has the right to:

• confirm whether their personal data is being processed;
• request a copy of the processed data;
• request rectification of inaccurate data;
• request erasure of data (the “right to be forgotten”);
• withdraw consent to data processing;
• restrict processing in certain cases;
• lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact your organization administrator or write to us at info@creatorun.io. We will respond within a reasonable period, and no later than 30 days.

The Service uses technical cookies for session management, authentication and security. Without these cookies the Service cannot function correctly. We do not use cookies for advertising tracking.

The Service is not intended for persons under 14 years of age. We do not knowingly collect personal data of children. If you become aware that a minor is using the Service, please let us know.

We may update this Policy from time to time. The current version is always available at /en/privacy. Significant changes will be communicated to Users via email or in-app notifications.

For any questions related to the processing of personal data, please contact:

• Email: info@creatorun.io
• Support: support@creatorun.io