Privacy Policy
Last Updated: April 7, 2026
1. Information We Collect
When you use TikTok Comment Monitor for HubSpot, we collect:
- HubSpot Portal ID - To identify your account
- HubSpot OAuth Tokens - To create deals on your behalf
- Apify API Token - To scrape TikTok comments (encrypted at rest)
- Campaign Configuration - TikTok URLs and keywords you want to monitor
- TikTok Comments - Public comments that match your keywords
2. How We Use Your Data
- Monitor TikTok comments for specified keywords
- Create HubSpot deals when keywords are detected
- Track usage for billing and subscription management
- Improve app performance and reliability
3. Data Storage
- All data is stored on Supabase (GDPR compliant, EU region)
- Apify tokens are encrypted using AES-256-GCM
- Data is logically isolated by HubSpot portal ID - each customer can only access their own data
- All API requests require valid HubSpot OAuth authentication
- Database queries are scoped to the authenticated portal ID on every request
- Retention: Data is deleted immediately upon app uninstall
4. Third-Party Services
- HubSpot - OAuth authentication and CRM operations
- Apify - TikTok comment scraping (you control your own token)
- Supabase - Database and encryption
- Gumroad - Payment processing for Pro plan
5. Data Deletion
When you uninstall the app:
- All campaign data is deleted immediately
- Your Apify token is permanently removed
- Stored HubSpot OAuth tokens are deleted from our application database upon uninstall
- Audit logs associated with your portal are deleted upon uninstall
To request manual deletion, email stainedglass@post.com with your portal ID.
6. Security
- AES-256-GCM encryption for sensitive data (Apify tokens, OAuth tokens)
- Server-side portal isolation (no cross-tenant data access)
- Regular security audits and dependency updates
- Webhook signature verification to prevent spoofing
- Stored tokens are encrypted at rest
- Stored HubSpot OAuth tokens are deleted from our systems upon uninstall
- Audit logs associated with your portal are deleted upon uninstall
7. Your Rights (GDPR)
You have the right to:
- Access all data stored about your portal
- Request data export in machine-readable format
- Request deletion of your data
- Lodge a complaint with your local supervisory authority
8. Changes to This Policy
We will notify users via email of any material changes to this privacy policy at least 14 days before they take effect.
9. Contact Us
Email: stainedglass@post.com
Terms of Service | Setup Guide | Data Deletion