Privacy Policy

Effective Date: March 23, 2026

DioGenerations ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content generation and publishing platform (the "Service").

1. Information We Collect

Account Information

• Email address — provided during account creation
• Password — stored as a cryptographic hash (scrypt); we never store plaintext passwords
• Role and brand association — used for access control

TikTok Account Information

When you connect your TikTok account via OAuth, we collect:

• TikTok user ID and display name — to identify your account for publishing
• OAuth access and refresh tokens — to publish content and retrieve analytics on your behalf
• TikTok profile ID — to route content to the correct account
• Profile information — bio description, profile link, and verification status

We do not access your TikTok direct messages or personal browsing activity.

TikTok Analytics Data

To help you track content performance and account growth, we periodically collect:

• Account statistics — follower count, following count, total likes, and video count (collected every 6 hours)
• Video performance metrics — view count, like count, comment count, and share count for your published videos
• Video metadata — video ID, title, and creation time (used to match TikTok videos back to posts generated by the platform)

This data is collected using TikTok's official API with the user.info.profile, user.info.stats, and video.list permissions that you grant during OAuth authorization. Analytics data is stored solely to provide you with performance insights and is never shared with third parties for marketing purposes.

Content Data

• Generated content — text slides, captions, hashtags, and rendered carousel images created by the platform
• Brand assets — logos, product images, and knowledge documents you upload
• Publishing history — records of content that has been published to social platforms, including platform-specific publish IDs

Usage Data

• Server logs — IP address, request timestamps, and endpoint accessed (retained for 30 days)
• Session data — encrypted session cookies for authentication

2. How We Use Your Information

We use the information we collect to:

• Provide the Service — generate, render, and publish content for your brand
• Authenticate your identity — manage login sessions and access control
• Publish content — use your TikTok OAuth credentials to post content you have approved
• Track performance — collect and display engagement metrics for your published content and account growth over time
• Send notifications — email alerts when new content batches are ready for review
• Improve the Service — analyze usage patterns to improve reliability and performance

We do not use your data to train AI models. Your content, brand assets, and account information are used solely for delivering the Service.

3. Third-Party Services

We share your data with the following third-party services, only as necessary to provide the Service:

• TikTok (via TikTok API) — to publish approved content to your connected TikTok account and to retrieve account statistics and video performance metrics
• Cloudflare R2 — secure cloud storage for rendered content images and brand assets
• Anthropic (Claude API) — AI content generation; your prompts are processed but not used for model training per Anthropic's API terms
• Resend — transactional email delivery for notifications and invitations
• Railway — application hosting infrastructure

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Storage and Security

• All data is stored in encrypted PostgreSQL databases
• Sensitive credentials (OAuth tokens, API keys) are encrypted at rest using AES-256-GCM
• Sessions use HMAC-SHA256 signed httpOnly cookies
• All communications are encrypted in transit via HTTPS/TLS
• Brand assets are stored in Cloudflare R2 with access controls

5. Data Retention

• Account data — retained for as long as your account is active
• Generated content — retained until deleted by you or your brand administrator
• Rendered images — retained while the associated post exists; deleted within 24 hours of post rejection
• Server logs — retained for 30 days
• OAuth tokens — retained until you disconnect your account or request deletion
• Analytics snapshots — TikTok account statistics and video performance metrics are retained for up to 90 days to display growth trends, then automatically aged out

6. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your account and associated data (see our Data Deletion Policy)
• Portability — request your data in a machine-readable format
• Revoke access — disconnect your TikTok account at any time through TikTok's settings or by contacting us

To exercise any of these rights, contact us at contact@diogenerations.com.

7. Cookies

We use a single essential session cookie (ce_session) for authentication. This is an httpOnly, secure cookie that cannot be accessed by JavaScript. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

DioGenerations
Email: contact@diogenerations.com