Privacy Policy

Introduction

This Privacy Policy explains how Tik360 collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).

By using Tik360, you agree to the practices described below.

Data Controller: Samson DUBUY, Sole Proprietor, operating under the trade name Samson Consulting (SIREN: 978 436 830).

Contact: contact@tik360.com

1. Data Collected

Tik360 only collects data necessary for the operation of the service. The categories of data collected are as follows:

1.1. Data Provided During Registration

Email address (required for account creation)
Authentication metadata that may include:
- last name,
- first name,
- profile picture (depending on the authentication provider used).

1.2. Technical Data

IP address (captured during login and essential actions)
Browser or application User-Agent (browser type, version, operating system)
Machine identifier (for game license activation purposes)

1.3. Service Usage Data

AI feature consumption data (number of tokens used, model used)
Text-to-speech consumption data (number of characters, voice provider used)
Technical logs from the desktop application, which may be transmitted to servers for error diagnosis

1.4. TikTok/MyInstants Related Data

Tik360 may read certain data from TikTok or MyInstants as part of the application's operation (for example: chat messages, interactions, live events).

This data is stored locally on the user's device (local database of the desktop application). Backups may be transmitted and stored on Tik360's secure servers. This data is in no way exploited by Tik360 or shared with third parties for commercial purposes.

2. Purposes of Processing

The collected data is used for:

creation and management of the user account,
securing access to the service,
user authentication (including via third-party providers: Discord, Google),
sending technical or transactional emails (via Resend),
management of subscriptions and payments (via Stripe),
management of game licenses and their activation on a device,
monitoring AI and text-to-speech feature consumption (quotas),
diagnosis and resolution of bugs through error reports (via Sentry),
management of the Discord community (automatic role assignment based on subscription),
improving the service through non-intrusive analytics tools.

Tik360 does not resell any personal data and does not engage in marketing profiling.

3. Legal Basis for Processing

In accordance with the GDPR, processing is based on:

performance of the contract (access to the service, account management),
legitimate interest (securing the service, fraud prevention),
legal obligation (billing, accounting),
consent, when required.

4. Hosting and Subprocessors

Data is hosted in Europe.

The service providers used are:

4.1. Cloudflare

Used for CDN, web application firewall, DDoS protection, caching, traffic optimization, API hosting (Cloudflare Workers), and file storage (Cloudflare R2: user media, technical log backups).

Cloudflare may process certain data (e.g., IP address) as part of its services.

Tik360 relies on Cloudflare's compliance guarantees, including its DPA (Data Processing Addendum) and Standard Contractual Clauses.

4.2. Neon Tech

Provider of the main database (emails, authentication metadata, IP addresses, session data).

Hosted in Europe.

4.3. Resend

Used exclusively for sending transactional emails (e.g., registration confirmation, password reset, important notifications).

4.4. Stripe

Stripe is Tik360's subprocessor for processing payments, subscriptions, and game purchases.

Tik360 does not store any banking data. Payment data (credit card) is processed directly by Stripe and does not pass through Tik360's servers.

Tik360 only retains Stripe technical identifiers (customer ID, subscription ID) necessary for account management.

Stripe has a GDPR-compliant Data Processing Agreement (DPA) and is PCI-DSS certified.

Stripe is certified under the EU-US Data Privacy Framework adopted by the European Commission, which governs data transfers to the United States.

4.5. Sentry

Used for automatic collection of error reports and desktop application crash reports.

Transmitted data may include: error traces, technical metadata (application version, operating system), and an anonymized user identifier.

Sentry has a GDPR-compliant DPA.

4.6. Discord

Used for managing the Tik360 community. When a user connects their Discord account:

a Discord role is automatically assigned based on the subscription type (free or premium),
internal notifications (live connections, technical alerts) may be sent via Discord webhooks.

Data transmitted to Discord is limited to the Discord user ID and subscription status.

4.7. Authentication Providers (Discord, Google)

Tik360 allows login via Discord and Google. OAuth access tokens (access token, refresh token) are securely stored in the database and used solely for authentication.

5. Cookies

Tik360 does not use any tracking, marketing, or analytics cookies.

5.1. Essential Cookies Only

The application only uses:

an authentication session cookie, essential for account functionality (duration: as long as the session is active).

No tracking, marketing, analytics, or advertising cookies are installed.

6. Analytics and Statistics

Tik360 uses:

Google Search Console (to analyze site visibility on Google, without tracking cookies),
Cloudflare Analytics (anonymized global statistics, without marketing cookies).

These tools do not collect any personally identifiable data, do not set cookies, and do not perform any advertising tracking.

7. Minimum Age

The Tik360 service is restricted to users aged 18 or older.

No data concerning minors under this age is intentionally collected.

8. Data Retention Period

Email, authentication metadata, and IP address: as long as the account is active.
Session data (IP, User-Agent): as long as the session is active.
TikTok/MyInstants data: stored locally on the user's device. Backups on secure servers are retained as long as the account is active.
AI and TTS usage data: as long as the account is active (used for quota tracking).
Machine identifier (licenses): as long as the license is active.
Uploaded media files: as long as the account is active, deleted upon account deletion.
Technical log data: maximum 30 days.
Error reports (Sentry): according to Sentry's retention policy (90 days by default).

9. Data Deletion and Management

You may request the deletion of your personal data at any time.

Processing times:

deletion of main data: within 72 hours,
deletion of logs: within 30 days.

Once deletion is complete, the account becomes permanently inaccessible.

Deletion request: contact@tik360.com

10. International Transfers

Tik360 aims to keep data within the European Union.

However, some providers (e.g., Cloudflare) may have global infrastructure.

In such cases, any transfers are governed by:

Standard Contractual Clauses (SCC),
contractual commitments of subprocessors (DPA),
appropriate technical and organizational measures.

Tik360 only selects providers that offer strong compliance guarantees.

11. Desktop Application

The Tik360 desktop application (Electron) has specific characteristics regarding data:

11.1. TikTok Live Data

TikTok live data (chat messages, gifts, viewer interactions) is stored in a local database on the user's device. Backups of this data may be transmitted and stored on Tik360's secure servers, solely to ensure service continuity.

11.2. Diagnostic Log Transmission

The application may transmit compressed technical log files to Tik360's servers to facilitate error diagnosis. These logs contain:

user identifier,
application version and platform (Windows, macOS, Linux),
technical error traces.

These logs are retained for a maximum of 30 days and then automatically deleted.

11.3. Automatic Error Reports

In the event of a crash or error, a report may be automatically sent to Sentry. This report contains technical information (error trace, application version) and does not contain personal data of TikTok viewers.

11.4. Media Files

Files uploaded by the user (images, sounds) are stored on Cloudflare R2 and accessible via a secure CDN. They are deleted upon account deletion.

12. Security

Tik360 implements appropriate technical and organizational measures, including:

encryption of communications (HTTPS),
web application firewall and DDoS protection via Cloudflare,
restricted internal access,
security monitoring and regular updates.

13. User Rights (GDPR)

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

Right of access
Right to rectification
Right to erasure

Right to restriction of processing
Right to object
Right to data portability

To exercise your rights:
contact@tik360.com

A response will be provided within a maximum of 30 days.

If you receive an unsatisfactory response, you have the right to lodge a complaint with the CNIL (French National Commission for Information Technology and Civil Liberties).

14. Changes to the Privacy Policy

Tik360 may update this policy at any time.

Any significant changes will be communicated to the user or highlighted upon login.

15. Contact

For any questions regarding data protection or your rights:

Email: contact@tik360.com