Legal
Privacy Policy
Last updated: 1 January 2025
Privacy at a glance
- ✓We only access your TikTok public video metadata — never your video files or private content.
- ✓We never store your TikTok password.
- ✓We never sell your data to third parties.
- ✓You can disconnect and request data deletion at any time.
1. Who We Are
VidSync is a service operated by Techwide Marketing Sdn Bhd ("Rezekii", "we", "us", or "our"), a company registered in Malaysia. We operate the VidSync platform at vidsync.io.
If you have any questions about this Privacy Policy or how we handle your data, please contact us at techwidetradingmy@gmail.com.
2. Information We Collect
When you connect your TikTok account to VidSync, we collect the following:
2.1 TikTok Account Information
| Data Point | Purpose | Stored? |
|---|---|---|
| TikTok User ID | Required to uniquely identify your account in our system | Stored |
| TikTok Username / Display Name | Shown in the dashboard header | Stored |
| Profile Avatar URL | Displayed in the dashboard | Not stored (fetched live) |
2.2 TikTok Video Metadata
We access your video library through TikTok's Display API using the "video.list" scope. For each video we may retrieve:
| Data Point | Purpose | Stored? |
|---|---|---|
| Video title / caption | Displayed in the dashboard | Not stored |
| Thumbnail URL | Displayed in the dashboard | Not stored |
| Share URL | Used to link to the original TikTok post | Not stored |
| Video duration | Shown in the dashboard | Not stored |
| Create time | Shown in the dashboard | Not stored |
Note: Video metadata is fetched live from TikTok's API each time you visit the dashboard. We do not persistently store your video metadata — it is displayed to you and discarded.
2.3 OAuth Tokens
To maintain your session without requiring repeated logins, we store your TikTok OAuth access token and refresh token. These are stored encrypted in our database (Supabase, hosted on AWS) and are used solely to make API requests to TikTok on your behalf.
2.4 What We Do NOT Collect
- Your TikTok password or login credentials
- Your video files, audio, or any video binary data
- Your private TikTok messages or DMs
- Your followers, following lists, or engagement metrics
- Any data outside the "user.info.basic" and "video.list" API scopes
3. How We Use Your Information
We use the information we collect exclusively to:
- Authenticate you and maintain your session within the Service
- Display your TikTok video library in the dashboard
- Enable cross-posting functionality (with your explicit consent for each action)
- Improve the reliability and performance of the Service
- Respond to your support requests
We do not use your information for advertising, profiling, or any purpose unrelated to operating the Service.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties. We may share data only in these limited circumstances:
- Service providers: We use Supabase (a Postgres database hosted on AWS) to store your account and token data. Supabase processes data in accordance with their own privacy policy.
- TikTok API: API requests are made directly to TikTok's servers. TikTok's own Privacy Policy governs how TikTok handles those requests.
- Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process.
5. Data Storage & Security
Your OAuth tokens are stored in a Supabase PostgreSQL database with row-level security enabled. All data is transmitted over HTTPS. Access to the database is restricted to server-side API routes using a service role key that is never exposed to the browser.
While we implement industry-standard security measures, no method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
6. Data Retention & Deletion
We retain your account data (TikTok user ID, username, and OAuth tokens) for as long as you maintain an active connection with VidSync.
To delete your data: Click the "Disconnect" button in the dashboard. Your OAuth tokens and associated account record will be permanently deleted from our database within 30 days of disconnection.
You may also request deletion by emailing techwidetradingmy@gmail.com. We will process your request within 30 days.
7. Cookies & Tracking
VidSync uses a minimal session cookie to store your TikTok user ID after successful OAuth authentication. This cookie is:
- HttpOnly (not accessible by JavaScript)
- Secure (only transmitted over HTTPS)
- SameSite=Lax (protects against CSRF)
- Deleted when you disconnect your account or clear your browser data
We do not use any third-party tracking, analytics, or advertising cookies.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict processing of your data
- Data portability (receive your data in a structured format)
To exercise any of these rights, contact us at techwidetradingmy@gmail.com.
9. TikTok API Compliance
VidSync is built on TikTok's official APIs and complies with TikTok's API Terms of Service. We request only the minimum permissions necessary:
user.info.basic— read your TikTok username and avatarvideo.list— read your public video list
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via an in-app notice. Your continued use of VidSync after any changes constitutes your acceptance of the updated policy.