Policies

Privacy Policy

How we collect, use, and protect your data

Last updated: June 3, 2026

1Introduction

[COMPANY_NAME: VerticalFlair]("we," "us," or "our") is a content scheduling and management platform that enables users to upload, schedule, and manage video content for social media platforms, including TikTok.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, application, and services (collectively, the "Service"). Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

This policy covers:

  • Personal information we collect from you
  • How we use and share your information
  • Your rights regarding your data
  • How we protect your information
  • How to contact us with questions

This Privacy Policy should be read together with our Terms of Service.

2Information We Collect

We collect information through multiple channels to provide and improve our Service.

2.1 Account Information

When you create an account, we collect:

  • Email address (required for account creation)
  • Password (hashed using industry-standard encryption)
  • Profile information (name, if you choose to provide it)
  • Account preferences and settings

2.2 User Content

When you use our content scheduling features, we collect:

  • Videos and images you upload to the platform
  • Captions and text content you create
  • Hashtags and metadata you add
  • Scheduled post data (dates, times, target platforms)
  • Content library organization and folders

2.3 Usage and Technical Data

We automatically collect certain technical information when you access our Service:

  • IP address and general location data
  • Browser type and version
  • Device information (operating system, device type)
  • Pages visited and time spent on each page
  • Referring and exit pages
  • Error logs and performance data

2.4 Third-Party Integration Data

When you connect third-party accounts (such as TikTok):

  • Platform account information (username, display name, avatar)
  • Access tokens (encrypted storage)
  • Account connection status
  • Posting permissions and history

3How We Use Your Information

We use your information for the following purposes:

3.1 Primary Service Purposes

Your data enables us to provide our core services:

  • Provide content scheduling and management services
  • Store and host your uploaded content securely
  • Schedule and post content to connected platforms at specified times
  • Organize and manage your content library
  • Provide customer support and respond to inquiries

3.2 Service Improvement

We analyze data to improve our Service:

  • Analyze usage patterns to identify popular features
  • Debug technical issues and errors
  • Conduct research and development
  • Train and improve AI/ML models for caption generation and content recommendations
  • Understand user behavior to enhance user experience

3.3 Communications

We communicate with you for:

  • Service-related notifications (scheduled posts, account activity)
  • Responding to your inquiries and support requests
  • Sending product updates and feature announcements
  • Marketing communications (only with your explicit consent)

3.4 Legal and Security

We use data to protect our Service and users:

  • Detect and prevent fraud and unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights, safety, and property

4TikTok Data Integration

When you connect your TikTok account to VerticalFlair, we access specific data to enable content scheduling functionality. This section explains exactly what data we access and how we use it.

πŸ” TikTok Data Access

What Data We Access

When you connect your TikTok account, we access:

  • Basic profile information (username, display name, avatar)
  • Video publishing permissions
  • Account connection status
  • OpenID (TikTok account identifier)

How We Use TikTok Data

We use TikTok data to:

  • Authenticate your TikTok account
  • Post scheduled content on your behalf at specified times
  • Verify account connection status
  • Display your profile information in our dashboard
  • Retrieve basic analytics if permissions are granted

What We DO NOT Access

We are committed to minimal data access:

  • We do NOT access your direct messages
  • We do NOT read your followers or following lists
  • We do NOT post content without your explicit scheduling
  • We do NOT modify your profile without your explicit permission
  • We do NOT access your liked videos or browsing history

Your Control

You have full control over your TikTok connection:

  • Connect or disconnect TikTok anytime from account settings
  • Delete scheduled posts before they publish
  • Review all pending posts before publication
  • Delete your account to remove all TikTok connection data immediately

Retention and Deletion

TikTok data retention follows these rules:

  • Access tokens: Retained until you explicitly disconnect
  • Connection history: Deleted immediately when you disconnect
  • Posted content metadata: Retained per our general retention policy
  • Upon account deletion: All TikTok data is immediately and permanently deleted

5Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and assist in security. This section explains what cookies we use and how to manage them.

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help remember your preferences and improve your browsing experience.

5.2 Types of Cookies We Use

Cookie TypePurposeDurationCategory
auth_tokenKeeps you logged in securely30 daysEssential
session_idSession managementSessionEssential
_gaGoogle Analytics user identification2 yearsAnalytics
_gidGoogle Analytics session data24 hoursAnalytics
vercel_analyticsPerformance monitoring1 yearAnalytics

5.3 Managing Cookies

You can control or disable cookies through your browser settings:

  • Most browsers allow you to block or delete cookies
  • Disabling cookies may affect certain features of our Service
  • To manage cookies, refer to your browser's help documentation
  • For a comprehensive cookie management solution, visit aboutcookies.org

5.4 Third-Party Cookies

We use third-party services that set their own cookies:

  • Google Analytics: Analyzes website traffic and usage patterns
  • Vercel: Provides application hosting and performance monitoring
  • These third parties have their own privacy policies governing their data practices

6Data Storage & Security

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

6.1 Where Your Data is Stored

Your data is stored on secure infrastructure:

  • Primary database: Supabase (hosted on AWS US data centers)
  • Application hosting: Vercel (global edge network)
  • Geographic location: United States

6.2 Security Measures

We employ industry-standard security practices:

  • βœ“Encryption at rest (AES-256)
  • βœ“Encryption in transit (TLS 1.3)
  • βœ“Multi-factor authentication for admin access
  • βœ“Regular security audits and vulnerability assessments
  • βœ“Access logging and monitoring
  • βœ“Employee background checks
  • βœ“Annual penetration testing

6.3 Data Breach Procedures

In the event of a data breach:

  • Detection: Automated monitoring systems running 24/7
  • Notification: Within 72 hours as required by GDPR
  • Remediation: Incident response team activated immediately
  • Communication: Affected users notified via email

7Data Retention & Deletion

We believe in complete transparency about how long we keep your data and making deletion straightforward.

πŸ—‘οΈ Your Data, Your Control

7.1 Active Accounts

For users with active accounts, we retain all data indefinitely until you delete your account:

  • Account credentials and profile information
  • Uploaded videos and images
  • Generated captions and content
  • Scheduling history
  • Usage data and analytics
  • Connected platform data

This allows you to access and reuse your content whenever you want.

7.2 Deleted Accounts

When you delete your account, ALL personal data is PERMANENTLY DELETED IMMEDIATELY:

  • Uploaded content is deleted from our servers
  • Account credentials are removed from our systems
  • Connection to third-party platforms is severed
  • Usage history is removed
  • All associated metadata is deleted

There is no recovery periodβ€”deletion is immediate and complete.

7.3 Anonymized Data

After account deletion, we may retain anonymized data that cannot identify you:

  • Aggregated posting patterns (e.g., "posts at 2pm perform 23% better")
  • Anonymized engagement metrics
  • Feature usage statistics
  • Platform trends

This data cannot identify individual users and is used solely to improve our service. This retention has no time limit.

7.4 How to Delete Your Account

You can delete your account through:

  • Settings β†’ Account β†’ Delete Account
  • Contact: [PLACEHOLDER_CONTACT_EMAIL] with "Account Deletion" in subject line
  • Response time: Within 30 days maximum

8Your Rights

You have specific rights regarding your personal data. This section outlines your rights under GDPR (EU users) and CCPA (California users).

8.1 GDPR Rights (EU Users)

Under the General Data Protection Regulation, you have the right to:

  • βœ“Access - Request a copy of your personal data
  • βœ“Rectification - Correct inaccurate data
  • βœ“Erasure - Request deletion ("right to be forgotten")
  • βœ“Restrict Processing - Limit how we use your data
  • βœ“Data Portability - Export your data in machine-readable format
  • βœ“Object - Object to processing based on legitimate interests
  • βœ“Withdraw Consent - For consent-based processing at any time

To exercise these rights, contact: [PRIVACY_EMAIL: [PRIVACY_EMAIL]]
Response time: Within 30 days

8.2 CCPA Rights (California Users)

Under the California Consumer Privacy Act, you have the right to:

  • βœ“Know - Request what personal information we collect
  • βœ“Delete - Request deletion of your personal information
  • βœ“Opt-Out - Opt-out of sale/sharing of personal information
  • βœ“Non-Discrimination - Not be discriminated against for exercising rights
  • βœ“Correct - Request correction of inaccurate information
  • βœ“Limit Use - Limit use of "sensitive personal information"

We do NOT sell your personal information.

8.3 How to Exercise Your Rights

To exercise any of these rights:

  1. Email: [PLACEHOLDER_CONTACT_EMAIL]
  2. Subject: "[Right Name] Request (e.g., Data Deletion Request)
  3. Include: Full name, email address, and specific request
  4. Verification: We may ask to verify your identity
  5. Response: Within 30 days

9International Data Transfers

Your data may be transferred and processed in countries other than your country of residence. This section explains how we protect your data during international transfers.

9.1 Data Location

  • Primary storage: United States
  • Application hosting: Global (Vercel edge network)
  • Some third-party services may process data in various global locations

9.2 Legal Basis for Transfer

For EU users, we implement safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs) in place with data processors
  • Adequacy decisions: US has adequacy for some purposes
  • Additional safeguards: Encryption, access controls, data minimization

9.3 Your Rights

Regarding international transfers, you have the right to:

  • Withdraw consent for optional processing
  • Request information about safeguards in place
  • File a complaint with your local supervisory authority

10Children's Privacy

Our Service is not intended for, and we do not knowingly collect data from, children under [MINIMUM_AGE: 18] years of age.

If you believe we have collected information from a child under [MINIMUM_AGE: 18]:

  • Contact us immediately
  • We will delete the information within 24 hours
  • No questions asked

Parents or guardians who believe we have collected information from a minor can contact us to request deletion.

11Changes & Contact

11.1 Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last modified" date at the top
  • Sending email notification for significant changes (where appropriate)

Your continued use of the Service after any such changes constitutes acceptance of the new policy.

11.2 Contact Information

If you have questions about this Privacy Policy, please contact us:

Company: [COMPANY_LEGAL_NAME: [COMPANY_LEGAL_NAME]]

Email: [CONTACT_EMAIL: [CONTACT_EMAIL]]

Privacy Inquiries: [PRIVACY_EMAIL: [PRIVACY_EMAIL]]

Address: [PHYSICAL_ADDRESS: [PHYSICAL_ADDRESS]]
[CITY_STATE_ZIP: [CITY, STATE ZIP]]

Privacy Officer: [FOUNDER_NAME: [FOUNDER_NAME]]

Response Time: We respond to all inquiries within 30 days maximum.

11.3 Data Protection Authority

If you are located in the EU or UK, you have the right to file a complaint with your local data protection authority:

  • EU: Contact your national data protection authority
  • UK: Information Commissioner's Office (ICO)
  • Ireland: Data Protection Commission
Back to top

Important Notice: This Privacy Policy is provided for informational purposes and does not constitute legal advice. We recommend consulting with a qualified attorney to ensure this policy adequately complies with applicable laws in your jurisdiction.