Logo TechTok Connect

Privacy Policy

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR).

Our platform enables the interaction between brands and influencers through campaign submissions and related services. Depending on how you use our services—either as an influencer (user of the extension) or as a brand (provider of campaign information)—different types of data may be collected and processed.

This Privacy Policy outlines what data we collect, why we collect it, how we handle it, and what rights you have regarding your personal information.

If you have any questions or concerns about how we process your data, you can contact us via email.


Controller (Data responsible entity)

TechTok Connect

Louis-Deniel Rost

c/o flexdienst - #10303

Kurt-Schumacher-Straße 76

67663 Kaiserslautern

Germany

info@techtok-connect.com


Types of Personal Data Processed

We process different types of personal data depending on whether you use our services as an Influencer or a Brand:


For Influencers (Extension Users):

  • Email address (used only for submission validation)
  • Social media profile names and URLs (e.g., TikTok, Instagram)
  • Uploaded screenshot links (e.g., audience insights, content previews)
  • Content language
  • audience origin and
  • follower count
  • Self-descriptions and campaign-related information
  • IP address (anonymized for spam prevention purposes)
  • Technical metadata for rate-limiting and form validation

For Brands (Campaign Providers)

  • Campaign details (e.g., title, description, criteria for influencer selection)
  • Product images
  • Website link
  • Optional brand contact details (if voluntarily included in campaign briefings)

We do not process sensitive personal data (such as health, biometric, or financial data) under any circumstances.


Purpose and Legal Basis of Data Processing

We process personal data in accordance with the principles of the General Data Protection Regulation (GDPR) and only when it is legally permitted. The purposes and legal bases differ depending on the user role:


For Influencers (Extension Users):

Purpose of Processing:

  • To validate and process influencer submissions to campaigns
  • To temporarily store form data locally for user convenience
  • To prevent duplicate or abusive submissions (e.g., spam prevention)
  • To provide system notifications and feedback

Legal Basis:

  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract or pre-contractual measures
  • Article 6(1)(f) GDPR – legitimate interest in ensuring system security, usability, and fraud prevention

For Brands (Campaign Providers):

Purpose of Processing:

  • To publish campaign information and make it available to platform users
  • To manage campaign visibility, access, and communication

Legal Basis:

  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract
  • Article 6(1)(f) GDPR – legitimate interest in promoting and managing brand campaigns on the platform

We do not use your data for advertising, tracking, or profiling beyond the intended purpose of campaign interaction.


Website:

When you use our website, we collect the following personal information:

Contact Form: If you choose to contact us via our contact form, we collect your name, email address, and the content of your message. This information is used solely to respond to your inquiry.

Server Logs: Our hosting provider, Vercel, may collect technical data such as your IP address, browser type, and operating system for security and analytics purposes. We do not have direct access to this data.

Our website uses only strictly necessary cookies that are essential for core functionality such as security, navigation and session management, without which the site cannot operate. In addition, we employ Google Analytics—configured with IP anonymization—solely after you have given your explicit and voluntary consent, in order to collect anonymized usage statistics and continuously improve our services. You may change or withdraw your consent at any time via the cookie settings.


Data Storage and Retention

We store personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. The storage duration depends on the user role and type of data:


For Influencers (Extension Users):

  • Submitted data is stored securely in campaign-specific storage (e.g., Google Sheets) until the campaign is closed or deleted.
  • Locally stored data (e.g., form drafts, preferences) remains only in your browser and can be deleted by you at any time.
  • Temporary technical data (e.g., hashed IP addresses used for spam protection) is automatically deleted after a short time.

For Brands (Campaign Providers):

  • Campaign data remains visible to platform users until the brand explicitly requests its removal.
  • Brands may request the deletion or update of their campaign data at any time by contacting us.

We regularly review our data retention policies and implement automatic deletion mechanisms where appropriate.


Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to outside parties, except as described in this policy:

Influencer Submissions:

When influencers submit their data for a specific campaign, the provided information (such as social media profiles, screenshots, and contact email) is securely shared with the corresponding brand via Google Sheets. This sharing is limited to the brand that owns the campaign and is necessary for campaign evaluation.


Campaign Data Delivery:

Campaign information provided by brands is published via our backend, hosted on Vercel, and made accessible to all users of the browser extension. These campaign entries are intentionally public and do not contain sensitive personal data unless voluntarily included by the brand.


Website Form Submissions:

If you contact us via forms on our website, the information you provide (e.g., name, email, message) will be sent directly to info@techtok-connect.com for processing.


Analytics:

Our public website uses Google Analytics to collect anonymous usage data, which helps us understand and improve user experience. No personally identifiable data is tracked unless you voluntarily submit it via a form.


Legal Requirements:

We may disclose your personal data if required to do so by law or in response to valid legal requests by public authorities.


Technical Measures and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These measures include, but are not limited to:


  • Encrypted data transmission using HTTPS for all communication
  • Authentication mechanisms to restrict access to APIs and submitted data
  • Input validation and sanitization to prevent injection, manipulation, or misuse
  • Local data handling (in the browser) without cookies or third-party tracking
  • Use of temporary, anonymized identifiers (e.g., hashed IP addresses) for abuse prevention
  • Access to campaign submission data is strictly limited to authorized systems

All third-party services we use are selected carefully and are contractually bound to comply with GDPR standards. We do not disclose technical implementation details that could compromise system security.


Use of Third-Party Services

To operate our platform securely and efficiently, we rely on carefully selected third-party service providers. These providers process data solely as needed and in compliance with the GDPR.

Google Sheets (Google Ireland Ltd.)
Used for storing influencer submissions in structured campaign-specific spreadsheets. Access is restricted through an OAuth Service Account. Data is not shared with other Google services.

Sanity.io (Sanity AS, Norway)
Used for managing and publishing campaign information provided by brands. Sanity is GDPR-compliant and hosts content in secure environments.

Upstash Redis (Upstash Inc.)
Used for temporary rate-limiting and abuse prevention (e.g., blocking repeated submissions). IP addresses are hashed before storage. Data is kept only briefly and automatically deleted.

Vercel (Vercel Inc.)
Our backend infrastructure is hosted via Vercel. All backend API routes, including campaign and message handling, are served through Vercel's infrastructure. Vercel processes data as a GDPR-compliant sub-processor under strict security and access controls.

All third parties are subject to data processing agreements (DPAs) and operate within the EU or under recognized data protection frameworks (e.g., Standard Contractual Clauses or EU/US Data Privacy Framework where applicable).


Rights of Data Subjects

Under the General Data Protection Regulation (GDPR), you have the following rights regarding the processing of your personal data:


  • Right of access (Art. 15 GDPR):
    You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, access to that data and further information.
  • Right to rectification (Art. 16 GDPR):
    You may request the correction of inaccurate or incomplete personal data we hold about you.
  • Right to erasure (Art. 17 GDPR):
    Also known as the “right to be forgotten,” this allows you to request the deletion of your personal data under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR):
    You may request that we limit the processing of your personal data in specific cases.
  • Right to data portability (Art. 20 GDPR):
    You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object (Art. 21 GDPR):
    You may object to the processing of your personal data if it is based on legitimate interests or if it is used for direct marketing purposes.
  • Right to withdraw consent (Art. 7 para. 3 GDPR):
    If processing is based on your consent, you may withdraw that consent at any time with future effect.

To exercise your rights, please contact us using the contact information provided below.


Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights as a data subject under the GDPR, please contact us:


TechTok Connect

Louis-Deniel Rost

c/o flexdienst - #10303

Kurt-Schumacher-Straße 76

67663 Kaiserslautern

Germany

Email: info@techtok-connect.com


We will respond to your request in accordance with applicable data protection laws. Please note that we may require proof of identity to process certain requests.


Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a data protection authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

A list of supervisory authorities in the EU and their contact details can be found here:
https://edpb.europa.eu/about-edpb/board/members_en

We always encourage you to contact us first so that we can address your concerns directly.


Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our services, legal requirements, or data protection practices.

The most current version of the Privacy Policy will always be available on our website or platform. If significant changes are made, we will notify you where appropriate (e.g., via the extension interface or by email, if applicable).

We recommend that you review this policy periodically to stay informed about how we protect your personal data.