Privacy Policy

1. Who We Are

SlideGenie (“we”, “us”, or “our”) operates the website at slidegenie.organd the SlideGenie platform (the “Service”). The Service enables users to generate AI-powered TikTok slideshow content and schedule or publish that content directly to TikTok via the TikTok Content Posting API.

The data controller for the purposes of the UK GDPR and EU GDPR is: [REGISTERED COMPANY NAME], company number [NUMBER], registered at [REGISTERED ADDRESS].

For questions about this policy, contact us at: privacy@slidegenie.org

2. Data We Collect

2.1 Account Data

When you create a SlideGenie account we collect:

• Email address and password (hashed — we never store plaintext passwords)
• Date and time of account creation
• Account preferences and settings

2.2 Product and App Data

To generate content, you provide us with:

• Names and descriptions of your apps, products, or brands
• App Store / Play Store URLs (for mobile app customers)
• Any other descriptive information you voluntarily submit

2.3 TikTok Data (via OAuth)

When you connect your TikTok account via TikTok Login Kit, we receive and store:

• OAuth access token and refresh token — used solely to post content on your behalf
• TikTok user ID (open_id) — to identify which account is connected
• Token expiry timestamps — to manage token refresh

Important: We do not access, read, store, or analyse any of your TikTok content, followers, following lists, messages, analytics, or any data beyond what is necessary to publish the content you create in SlideGenie.

2.4 Generated Content

Generated slideshow content (slide text, captions, hashtags, and image selections) exists in your browser session only and is not persisted to our servers. Once you close or refresh the page the generated content is gone. The only record we retain is a count of how many slideshows you have generated, stored against your account. Slide images temporarily uploaded for TikTok posting are deleted from our storage immediately after the post is submitted.

2.5 Usage and Technical Data

• IP address and approximate geolocation (country-level)
• Browser type and version, operating system
• Pages visited, features used, and time spent
• Error logs and crash reports
• Number of posts generated per account

2.6 Payment Data

Payment processing is handled entirely by our payment processor. We do not store your card number, CVV, or full payment details. We receive only a transaction ID and confirmation of successful payment.

3. How We Use Your Data

We use the data we collect exclusively for the following purposes:

• Service delivery — generating slideshow content, scheduling posts, and publishing to TikTok on your behalf
• Account management — authenticating you, managing your subscription, and communicating about your account
• TikTok posting — using your OAuth tokens solely to call the TikTok Content Posting API with content you have reviewed and approved
• Service improvement — understanding how the product is used to fix bugs and build new features
• Legal compliance — meeting our obligations under applicable law

We do not sell your data. We do not use your data for advertising. We do not share your TikTok credentials or tokens with any third party other than TikTok itself.

3a. Legal Basis for Processing (UK / EU GDPR)

• Service delivery and account management — Article 6(1)(b): processing necessary for the performance of a contract with you
• TikTok publishing on your behalf — Article 6(1)(b): contract performance; and Article 6(1)(a): your explicit consent when connecting your TikTok account
• Payment processing and financial records — Article 6(1)(b): contract performance; Article 6(1)(c): legal obligation (financial record-keeping regulations)
• Service improvement and error logging — Article 6(1)(f): legitimate interests in maintaining and improving a functioning service
• Legal compliance — Article 6(1)(c): compliance with applicable law

4. TikTok API — Specific Disclosures

SlideGenie integrates with the TikTok Content Posting API under TikTok's Platform Terms of Service. In connection with this integration:

• We request only the minimum OAuth scope required: video.publish
• TikTok OAuth tokens are stored in a secured database with restricted access controls and are never transmitted to third parties
• We publish content only when you explicitly trigger a post — either manually or via a schedule you have set
• You can disconnect your TikTok account at any time via your SlideGenie account settings, which calls TikTok's token revocation endpoint and deletes your stored tokens from our database
• We comply with TikTok's data handling requirements including the prohibition on using TikTok user data for any purpose outside the approved use case
• TikTok data is not used to train AI models or for any analytics beyond service operation

TikTok's own privacy policy governs data held by TikTok. You can review it at tiktok.com/legal/privacy-policy.

5. Third-Party Services

We use the following sub-processors to operate the Service:

6. Data Retention

• Account data — retained for the lifetime of your account plus 30 days after deletion
• Generated content — not retained beyond your active browser session; only a generation count is stored against your account
• TikTok OAuth tokens — deleted immediately upon disconnecting TikTok or closing your account
• Usage logs — retained for 90 days for debugging and security purposes
• Payment records — retained for 7 years to comply with financial regulations

7. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

7.1 Rights Under GDPR (EEA / UK users)

• Right of access — request a copy of all personal data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your data (“right to be forgotten”)
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time where processing is based on consent

7.2 Rights Under CCPA (California users)

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, email privacy@slidegenie.org. We will respond within 30 days.

8. Security

• All data is transmitted over TLS 1.2 or higher (HTTPS)
• OAuth tokens and sensitive credentials are stored in a secured database (Supabase) with strict access controls and row-level security
• Access to production databases is restricted to authorised personnel only
• We conduct periodic security reviews of our infrastructure
• In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The cookies we set include:

• Session cookie — keeps you logged in during your browser session
• Auth token cookie — persists your login across browser sessions, managed automatically

10. Children's Privacy

SlideGenie is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@slidegenie.org and we will delete it.

11. International Transfers

Your data may be processed in countries outside your own, including the United States. Where we transfer data from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions, requests, or complaints: