Privacy Policy

1. Information We Collect

We collect the account information you provide (name, email), authentication identifiers, billing information processed by our payment provider, and the TikTok account data you authorize us to access (profile, comments, DMs, video metadata) to deliver the service.

2. How We Use Your Data

We use your data to operate Chat-Tok, run your automations, process payments, send service-related communications, and improve product performance and reliability.

3. Sharing

We share data only with subprocessors that help us operate the service (hosting, payments, analytics, AI providers) and when required by law. We do not sell your personal data.

4. TikTok Data

Chat-Tok uses the official TikTok Business API. We access only the scopes you grant and use TikTok data solely to provide the automations you configure. You can disconnect your TikTok account at any time from Settings.

5. Data Retention & Deletion

You can export or delete your account data at any time from Settings. After account deletion we remove personal data within 30 days, except where retention is required by law.

6. Security

We use encryption in transit, role-based access controls, and audit logging. No service is perfectly secure; report any concerns to support@ordex-systems.com.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Email support@ordex-systems.com to exercise these rights.

8. Contact

Questions about this policy? Contact us at support@ordex-systems.com.

9. Sub-processors

• Supabase (PostgreSQL hosting, authentication) — EU/US
• Stripe, Inc. (payments and subscription billing) — US
• Cloudflare, Inc. (CDN and DDoS protection) — global
• Lovable / Vercel (application hosting) — US
• OpenAI / Google (AI features only when you invoke them) — US
• TikTok for Business API (your authorized scopes only) — global

Enterprise customers can request our Data Processing Addendum for GDPR Article 28 commitments.