1. Introduction

Kushroom Postiz Integration ("we," "our," or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our TikTok integration service. We comply with GDPR requirements for European Union users and Brazilian data protection regulations.

2. Information We Collect

We collect only the minimum information necessary to provide our Service:

2.1 TikTok Account Information

• Username and profile information
• Account ID for authentication
• Access tokens for API connectivity

2.2 Content Metadata

• Post captions and descriptions
• Media URLs (we do not store the actual media files)
• Publishing timestamps
• Scheduling preferences

2.3 Analytics Data

• Likes, views, and shares count
• Comments count (not the actual comments)
• Basic engagement metrics

3. How We Use Your Information

Your information is used exclusively for:

• Enabling scheduling and publishing of posts to TikTok
• Providing analytics dashboards and insights
• Maintaining service functionality and user preferences
• Troubleshooting technical issues
• Complying with legal obligations

We NEVER sell, rent, or share your data for advertising or marketing purposes.

4. Legal Basis for Processing (GDPR)

For EU users, we process your data based on:

• Consent: You explicitly consent when connecting your TikTok account
• Contract: Processing is necessary to provide the Service you requested
• Legitimate Interests: For service improvement and security purposes

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

• Encryption of data in transit and at rest
• Regular security audits and updates
• Access controls and authentication mechanisms
• Secure API communications with TikTok

Your data is stored on secure servers with restricted access. We use only trusted infrastructure providers that comply with international security standards.

6. Data Retention

We retain your data only as long as necessary:

• Active account data: Retained while your account remains connected
• Deleted account data: Permanently removed within 30 days of disconnection
• Analytics data: Aggregated and anonymized after 90 days
• Legal compliance: Data may be retained longer if required by law

7. Your Rights

You have the following rights regarding your personal data:

7.1 For All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request removal of your personal data
• Withdrawal: Revoke consent at any time

7.2 Additional Rights for EU Users (GDPR)

• Portability: Receive your data in a machine-readable format
• Restriction: Limit processing of your data
• Objection: Object to certain types of processing
• Automated Decision-Making: Not be subject to solely automated decisions

7.3 Additional Rights for Brazilian Users (LGPD)

• Confirmation: Confirm whether we process your data
• Anonymization: Request anonymization of unnecessary data
• Information: Be informed about entities with whom we share data
• Review: Request human review of automated decisions

8. Third-Party Services

We interact with the following third-party services:

• TikTok: For API access and content publishing (governed by TikTok's privacy policy)
• Postiz: For scheduling and management features (governed by Postiz's privacy policy)

We do not share your data with any other third parties for marketing, advertising, or any purposes beyond providing the Service.

9. International Data Transfers

If your data is transferred internationally, we ensure appropriate safeguards:

• Standard Contractual Clauses for EU data transfers
• Adequate protection levels as required by GDPR and LGPD
• Encryption and security measures during transfer

10. Children's Privacy

Our Service is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

11. Cookies and Tracking

We use minimal cookies necessary for:

• Authentication and session management
• Security and fraud prevention
• Service functionality

We do not use tracking cookies for advertising or marketing purposes.

12. Data Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide details about the nature and scope of the breach
• Offer guidance on protective measures you can take
• Report to relevant supervisory authorities as required

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through:

• Email notification to registered users
• Prominent notice on our Service
• Update to the "Last updated" date

14. Contact Information

For privacy-related inquiries, requests, or complaints:

EU users may also contact their local Data Protection Authority for complaints.

15. Supervisory Authorities

You have the right to lodge complaints with:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
• EU: Your local Data Protection Authority