Vibescaling

Privacy Policy

Last updated: March 11, 2026

1. Introduction

Vibescaling ("we," "us," or "our") operates the Vibescaling platform, including the website at vibescaling.org, the admin dashboard at admin.vibescaling.org, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information

When you create an account on our admin dashboard, we collect your email address, first name, last name, and authentication credentials. Your name is displayed to other members of your organization.

Content Data

We process content you upload including post titles, hooks, captions, hashtags, slide images, and video files. This content is stored in our database and object storage systems for scheduling and publishing.

Usage Data

We collect analytics data about how you interact with our platform, including page views, feature usage, and session information, using PostHog.

3. TikTok Integration

Vibescaling integrates with the TikTok API to publish content and track performance metrics. When you connect your TikTok account, we request the following permissions (scopes):

  • user.info.basic — Read your basic profile information (display name, avatar) to identify your connected account.
  • user.info.profile — Read your TikTok username for display in the dashboard.
  • user.info.stats — Read your follower and following counts to provide account analytics.
  • video.list — List your posted videos to track content published through our platform.
  • video.upload — Upload photo and video content to TikTok on your behalf when you initiate a publish action.
  • video.publish — Publish uploaded content to your TikTok profile when you confirm a publish action.

How We Use TikTok Data

We use TikTok data solely to provide the content publishing and analytics features of our platform. Specifically:

  • Your TikTok profile information is displayed in the dashboard so you can identify connected accounts.
  • Video performance metrics (views, likes, comments, shares) are synced to our database to provide analytics in the dashboard.
  • Content is published to TikTok only when you explicitly initiate a publish action from the admin dashboard.
  • We never publish content to your TikTok account without your explicit action and confirmation.

TikTok Token Storage

The OAuth flow uses PKCE (Proof Key for Code Exchange) for additional security during authorization. Access tokens and refresh tokens from TikTok are encrypted at rest using AES-256 encryption before being stored in our database. Tokens are used only to authenticate API requests on your behalf and are never shared with third parties.

4. Data Storage and Security

Your data is stored securely using industry-standard cloud infrastructure providers. Account data, content records, and analytics metrics are stored in a managed database. Visual content assets (slide images, video files, thumbnails) are stored in object storage and accessed via time-limited presigned URLs.

We implement appropriate security measures including encrypted data transmission (TLS), encrypted token storage, role-based access control, and audit logging of all actions.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

  • TikTok — Content and metadata shared when you publish to TikTok, as described above.
  • Stripe — Payment processing for subscriptions and billing. Stripe receives your email address and payment information.
  • Service providers — Infrastructure providers (Vercel, Supabase, Cloudflare) that process data on our behalf under strict data processing agreements.

6. Data Retention

Content data and review history are retained for as long as your account is active. TikTok analytics data is retained to provide historical performance tracking. You may request deletion of your data by contacting us.

7. Data Deletion Process

You can request deletion of your data in the following ways:

  • Email request — Send a request to support@vibescaling.org
  • Disconnect TikTok — Go to Settings > TikTok and click Disconnect to immediately revoke our access and delete stored tokens

What gets deleted

  • Your account data and organization membership
  • Content records, captions, and metadata stored on our platform
  • Encrypted TikTok OAuth tokens (immediately revoked upon disconnect)
  • Video performance metrics associated with your account

Timeframe

Deletion requests are processed within 30 days. TikTok tokens are immediately invalidated when you disconnect your account. Content that has already been published to TikTok remains on TikTok and is managed through TikTok directly.

8. Children's Privacy

Vibescaling is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we discover that we have inadvertently collected personal data from a child under 13, we will delete that data promptly.

If you believe that a child under 13 has provided us with personal data, please contact us at support@vibescaling.org so we can take appropriate action.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect your TikTok account at any time, which revokes our access to your TikTok data
  • Withdraw consent for data processing

10. Cookies and Tracking

We use PostHog for product analytics. PostHog is configured in a privacy-focused manner — we do not engage in cross-site tracking and do not share data with advertising networks. Session cookies are used solely to maintain your authenticated session.

11. Contact

For privacy-related questions or requests, contact us at: support@vibescaling.org