Privacy Policy

Last Updated: March 20, 2026

Project Baseline ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect information in connection with our multi-brand publishing platform (the "Service").

1. Information We Collect

OAuth Tokens: When you connect a TikTok or other social media account, we receive and store OAuth access tokens and refresh tokens. These are used solely to publish content on your behalf and are stored securely on our servers.

Account Identifiers: We store your TikTok Open ID and associated brand identifier to route content to the correct account.

Content Data: We temporarily process images, captions, and metadata for the purpose of publishing to connected platforms. Published content is governed by each platform's privacy policy.

Server Logs: Standard server access logs including IP addresses, timestamps, and request details for security and debugging purposes.

2. How We Use Information

Authenticate and maintain connections to social media accounts
Publish content (photos, carousels, captions) to connected platforms on your behalf
Monitor publish status and handle errors
Maintain and improve the Service

3. TikTok Integration

Our Service uses TikTok Login Kit for account authentication and Content Posting API for publishing photo posts. The following TikTok API scopes are used:

user.info.basic (Login Kit): Used to authenticate the TikTok account owner and retrieve basic account identifiers (Open ID, display name, avatar) to verify the connection and display the connected account in our admin panel.
video.publish (Content Posting API): Used to initiate and publish photo posts and carousels to the authenticated TikTok account.
video.upload (Content Posting API): Used to upload photo and image assets to TikTok as part of the content publishing workflow.

We do not access, collect, or store TikTok user data beyond what is necessary for authentication and content publishing. We do not access followers, analytics, direct messages, or any data not explicitly listed above.

4. Data Storage and Security

OAuth tokens are stored in encrypted files on our secured server infrastructure. Access is restricted to authorized administrators. We implement standard security measures including HTTPS encryption, rate limiting, and access logging.

5. Data Sharing

We do not sell, trade, or rent any information to third parties. Data is shared only:

With the social media platforms you have authorized (to publish content)
To comply with legal obligations
To protect our rights and safety

6. Data Retention and Deletion

OAuth tokens are retained as long as the account connection is active. When you disconnect an account through our admin panel, associated tokens are immediately deleted. Server logs are retained for 30 days. If you request deletion of your data, we will process the request within 30 days and confirm completion via email.

7. Your Rights

You may at any time:

Disconnect your TikTok or other social media account via our admin panel
Revoke access directly through TikTok's settings (Settings > Security > Manage app permissions)
Request deletion of all stored data by emailing [email protected]
Request a copy of your stored data

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, port, restrict processing of, and request erasure of your personal data. To exercise these rights, contact us at the email below.

If you are a California resident, under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information.

8. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly process data from children. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date.

11. Contact

Project Baseline
2501 South 10th Avenue, Broadview, IL 60155
Email: [email protected]

Home | Terms of Service