Vibescaling

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Vibescaling ("we," "us," or "our") operates the Vibescaling platform, including the website at vibescaling.org, the admin dashboard at admin.vibescaling.org, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information

When you create an account on our admin dashboard, we collect your email address and authentication credentials. Account access is limited to authorized reviewers and administrators.

Content Data

We process content you upload including post titles, hooks, captions, hashtags, and slide images. This content is stored in our database and object storage systems for scheduling and publishing.

Usage Data

We collect analytics data about how you interact with our platform, including page views, feature usage, and session information, using PostHog.

3. TikTok Integration

Vibescaling integrates with the TikTok API to publish content and track performance metrics. When you connect your TikTok account, we request the following permissions (scopes):

  • user.info.basic — Read your basic profile information (display name, avatar) to identify your connected account.
  • user.info.stats — Read your follower and following counts to provide account analytics.
  • video.list — List your posted videos to track content published through our platform.
  • video.upload — Upload photo content to TikTok on your behalf when you initiate a publish action.
  • video.publish — Publish uploaded content to your TikTok profile when you confirm a publish action.

How We Use TikTok Data

We use TikTok data solely to provide the content publishing and analytics features of our platform. Specifically:

  • Your TikTok profile information is displayed in the dashboard so you can identify connected accounts.
  • Video performance metrics (views, likes, comments, shares) are synced to our database to provide analytics in the dashboard.
  • Content is published to TikTok only when you explicitly initiate a publish action from the admin dashboard.
  • We never publish content to your TikTok account without your explicit action and confirmation.

TikTok Token Storage

OAuth access tokens and refresh tokens from TikTok are encrypted at rest using AES-256 encryption before being stored in our database. Tokens are used only to authenticate API requests on your behalf and are never shared with third parties.

4. Data Storage and Security

Your data is stored using the following services:

  • Supabase (PostgreSQL) — Account data, content records, review history, and analytics metrics.
  • Cloudflare R2 — Visual content assets (slide images, thumbnails). Accessed via time-limited presigned URLs.

We implement appropriate security measures including encrypted data transmission (TLS), encrypted token storage, role-based access control, and audit logging of all review actions.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

  • TikTok — Content and metadata shared when you publish to TikTok, as described above.
  • Service providers — Infrastructure providers (Vercel, Supabase, Cloudflare) that process data on our behalf under strict data processing agreements.

6. Data Retention

Content data and review history are retained for as long as your account is active. TikTok analytics data is retained to provide historical performance tracking. You may request deletion of your data by contacting us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect your TikTok account at any time, which revokes our access to your TikTok data
  • Withdraw consent for data processing

8. Contact

For privacy-related questions or requests, contact us at: support@vibescaling.org