Privacy Policy

This Privacy Policy explains how AppSlides("we," "us," or "our") collects, uses, discloses, stores, and protects personal information when you access or use AppSlides at https://appslides.com (the "Service"), including our website, dashboard, APIs, background jobs, and related support channels.

AppSlides is a software-as-a-service platform that helps users create, review, schedule, publish, and analyze TikTok image carousel marketing content using project knowledge profiles, AI-assisted drafting, and official TikTok integrations.

By creating an account, connecting a TikTok account, uploading assets, generating content, or otherwise using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, do not use the Service.

We may act as a data controller for account and billing information and as a data processor for certain content you upload on behalf of your business. Where applicable law distinguishes these roles, we process information according to the role described in the relevant section below.

This Privacy Policy applies to visitors, registered users, administrators, and anyone who interacts with the Service. It does not apply to third-party websites, apps, or services that you link to or that you use independently, including TikTok, Apple, Google, Supabase, or Google Gemini, even when accessed through the Service.

If you use the Service on behalf of a company or other organization, you represent that you have authority to bind that organization and that the organization accepts this Privacy Policy.

This policy is designed to address requirements under the EU General Data Protection Regulation ("GDPR"), UK GDPR, California Consumer Privacy Act and California Privacy Rights Act ("CCPA/CPRA"), and other applicable privacy laws. Your specific rights depend on your location and the nature of the processing.

We collect information in three broad categories: information you provide, information collected automatically, and information received from third parties.

3.1 Account and profile information

• Name, display name, email address, and password (if you use email/password authentication).
• Authentication identifiers and profile details received from Sign in with Apple, Google, or other OAuth providers you choose.
• Timezone, avatar URL, account creation date, and account settings.
• Support communications, feedback, survey responses, and correspondence with us.

3.2 TikTok account and publishing data

• TikTok open ID, union ID, display name, avatar, bio, profile deep link, and creator metadata returned through TikTok OAuth.
• OAuth access tokens, refresh tokens, token expiration timestamps, and granted scopes.
• Default privacy level options, creator posting constraints, and account connection status.
• Post titles, captions, hashtags, privacy settings, publish mode, scheduling data, publish IDs, share URLs, embed links, and error messages from publishing attempts.
• Imported TikTok post metadata and analytics snapshots such as views, likes, comments, shares, favorites, follower counts, and related raw API payloads.

3.3 Project, brand, and content data

• Project names, types, URLs, app store links, descriptions (up to 10,000 characters), target audience, tone, brand rules, compliance notes, negative prompts, CTA settings, and scheduling preferences.
• Brand colors, design tokens, logos, reference screenshots, and derived visual analysis summaries.
• Carousel drafts, slide text, image URLs, storage paths, revision requests, approval history, generation prompts, model responses, warnings, and generation memory used to reduce repetition.
• Any other content, instructions, or metadata you submit for AI generation, review, or publishing.

3.4 Automatically collected information

• IP address, browser type, device type, operating system, language, referring URLs, pages viewed, timestamps, and general usage events.
• Log data from our application servers, edge functions, cron jobs, API routes, and security systems.
• Local storage preferences such as sidebar display settings stored in your browser.
• Diagnostic, performance, and error information needed to operate and secure the Service.

3.5 Payment and billing information

If paid plans are offered, payment details may be collected and processed directly by our payment processor. We may receive limited billing metadata such as subscription status, invoice history, transaction IDs, and partial payment method details (for example, last four digits of a card), but we do not intentionally store full payment card numbers on our own servers unless required by a specific integration and disclosed at checkout.

3.6 Sensitive information

The Service is not designed to collect sensitive personal data such as health information, government ID numbers, precise geolocation, or financial account credentials beyond billing. Do not upload sensitive personal data unless strictly necessary for your marketing workflow and permitted by law. You are responsible for ensuring that any personal data contained in your uploaded assets or generated content is processed lawfully.

• Directly from you when you register, configure projects, upload assets, approve posts, or contact support.
• From authentication providers such as Supabase Auth, Apple, and Google.
• From TikTok when you connect an account, publish content, import posts, or sync analytics.
• From AI providers such as Google Gemini when we send prompts and receive generated text or image outputs.
• From infrastructure providers such as Supabase, Vercel, and related hosting or logging systems.
• From cookies, local storage, and similar technologies in your browser or device.

We use personal information for the following purposes:

• Creating, authenticating, and administering user accounts.
• Providing core Service functionality, including project profiles, AI carousel generation, revision workflows, scheduling, publishing, and analytics.
• Connecting and maintaining TikTok OAuth integrations, refreshing tokens, validating creator settings, and executing publish requests you authorize.
• Storing, retrieving, and displaying your uploaded brand assets and generated carousel images.
• Running background jobs such as scheduled draft generation, publish queues, analytics sync, and token refresh.
• Enforcing account limits, abuse prevention, fraud detection, and platform security.
• Debugging, monitoring performance, improving reliability, and developing new features.
• Communicating with you about the Service, security notices, product updates, and support requests.
• Complying with legal obligations, responding to lawful requests, and protecting our rights and users.
• Processing payments and managing subscriptions if and when paid plans are offered.
• Creating aggregated or de-identified analytics that do not reasonably identify you.

We do not sell your personal information. We do not use personal information for cross-context behavioral advertising unless we separately disclose that practice and provide required opt-out mechanisms.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction requiring a legal basis, we rely on one or more of the following:

• Contract: processing necessary to provide the Service you request, including account management, TikTok publishing, and content storage.
• Legitimate interests: securing the Service, preventing abuse, improving features, analyzing aggregated usage, and communicating about the Service, balanced against your rights.
• Consent: where required for optional cookies, marketing emails, or certain third-party integrations you enable.
• Legal obligation: compliance with tax, accounting, regulatory, or law-enforcement requirements.

You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

The Service uses artificial intelligence, including Google Gemini and related models, to analyze uploaded screenshots, improve project descriptions, generate carousel text and images, revise slides, and maintain generation memory. When you use these features, we may send your prompts, project descriptions, brand rules, compliance notes, asset summaries, and related context to AI providers for processing.

AI outputs may be inaccurate, incomplete, biased, or unsuitable for publication. You remain responsible for reviewing, editing, approving, and publishing all content. We do not guarantee that AI-generated content complies with TikTok policies, advertising rules, intellectual property laws, or industry-specific regulations.

We may log prompts, responses, model identifiers, timestamps, and quality warnings for debugging, abuse prevention, service improvement, and audit purposes. Where possible, we avoid sending unnecessary personal data in AI prompts, but you control much of the content submitted for generation.

We do not make solely automated decisions that produce legal or similarly significant effects about you without human involvement, except where permitted by law and disclosed to you.

When you connect a TikTok account, you authorize us to access and use TikTok data according to the scopes you approve. This may include basic profile information, video lists, publishing capabilities, and upload permissions. TikTok's own privacy policy and terms govern your use of TikTok independently of this Privacy Policy.

Carousel images intended for TikTok photo posting may be stored in publicly accessible storage locations so TikTok can retrieve them at publish time, as required by TikTok's publishing API. You should not include confidential information in carousel images you intend to publish publicly.

Disconnecting TikTok within the Service stops future API use from our side, but previously published TikTok content and analytics may remain on TikTok and in our backups for a limited retention period described below.

We share personal information only as described below. We do not sell personal information for monetary consideration.

9.1 Service providers and subprocessors

We use trusted vendors to host, operate, and improve the Service, including but not limited to:

• Supabase for authentication, database, storage, row-level security, and edge functions.
• Vercel or comparable hosting providers for application deployment, serverless functions, and infrastructure logs.
• Google Gemini for AI text and image generation and multimodal analysis.
• TikTok for OAuth, publishing, content import, and analytics APIs.
• Apple and Google for optional social login.
• Email, monitoring, analytics, customer support, and payment processors we may enable from time to time.

These providers process information on our behalf under contractual obligations requiring appropriate confidentiality and security measures.

9.2 Legal and safety disclosures

We may disclose information if we believe in good faith that disclosure is necessary to comply with law, regulation, legal process, or governmental request; enforce our Terms of Service; detect or prevent fraud or security issues; protect the rights, property, or safety of us, our users, or others; or respond to an emergency.

9.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

9.4 With your direction

We share information when you instruct us to do so, such as when you publish content to TikTok, share generated assets, or integrate with a third-party service you authorize.

We and our service providers may process information in countries other than your country of residence, including the United States and other jurisdictions that may not provide the same level of data protection as your home country.

Where required, we implement appropriate safeguards such as Standard Contractual Clauses, vendor data protection terms, or other lawful transfer mechanisms. You may contact us for more information about applicable safeguards.

We retain personal information for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

• Account and profile data is retained while your account is active.
• TikTok tokens and connected account metadata are retained until you disconnect the account or delete your user account, subject to backup retention.
• Project assets, generated carousels, revision history, and analytics snapshots are retained according to your use of the Service and our backup schedule.
• Security, audit, and server logs may be retained for a shorter or longer period depending on operational and legal needs.

When you delete your account or specific content, we will delete or anonymize associated personal information within a reasonable period, except where retention is required by law, needed to resolve disputes, enforce terms, maintain security, or where deletion from backups occurs on a rolling cycle.

We implement administrative, technical, and organizational measures designed to protect personal information, including access controls, encrypted transport, tenant isolation through database row-level security, server-side storage of sensitive tokens, and restricted access to production systems.

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your login credentials and for using strong, unique passwords. Notify us promptly at support@appslides.com if you suspect unauthorized access to your account.

Depending on your location, you may have some or all of the following rights:

• Access to personal information we hold about you.
• Correction of inaccurate or incomplete information.
• Deletion of personal information, subject to legal exceptions.
• Restriction or objection to certain processing activities.
• Data portability in a structured, commonly used format where applicable.
• Withdrawal of consent where processing is based on consent.
• Opt-out of certain sharing for targeted advertising, if applicable.
• Lodge a complaint with a supervisory authority in your jurisdiction.

California residents may also have the right to know categories of personal information collected, sources, purposes, disclosures, and retention periods, and to request deletion or correction, without discrimination for exercising privacy rights.

To submit a request, email privacy@appslides.com. We may need to verify your identity before responding. Authorized agents may submit requests on your behalf where permitted by law.

We and our providers may use cookies, local storage, session storage, and similar technologies to keep you signed in, remember interface preferences, maintain security, measure performance, and understand how the Service is used.

You can control cookies through browser settings. Disabling certain cookies may affect authentication, dashboard functionality, or saved preferences. Where required by law, we will provide a consent mechanism for non-essential cookies.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact privacy@appslides.com and we will take appropriate steps to delete the information.

If you connect TikTok accounts or publish content involving minors, you are solely responsible for complying with child privacy laws and platform rules.

The Service may contain links to third-party websites, app stores, landing pages, or social platforms. We are not responsible for the privacy practices of those third parties. Review their policies before providing personal information to them.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service, by email, or by other reasonable means. The "Effective date" at the top indicates when the current version took effect. Continued use after the effective date of an updated policy constitutes acceptance of the changes, except where applicable law requires a different form of consent.

Data controller: AppSlides
Address: [Insert registered business address]
Contact: legal@appslides.com

This Privacy Policy is provided for operational transparency and platform compliance. It is not legal advice. We recommend that you consult qualified legal counsel to review this document for your specific business, jurisdiction, and regulatory obligations before relying on it commercially.