TokCaptionAPI Docs

Privacy Policy

Effective February 25, 2026 — This policy explains how TokCaption collects, uses, stores, and protects your personal information.

1. Information We Collect

1.1 Account Information

When you create an account we collect your email address, display name (if provided), and authentication credentials. If you sign in with Google, we receive your name, email, and profile picture from Google OAuth.

1.2 Content You Submit

We process TikTok URLs you submit, the extracted video metadata (author, description, statistics, thumbnail), and the resulting transcript text. If you use AI Agents, we store the generated outputs (hooks, scripts, virality analysis, scores).

1.3 Usage Data

We automatically collect device type, browser, IP address, pages visited, feature usage patterns, and timestamps. This data helps us operate, secure, and improve the service.

1.4 Payment Information

Payments are processed by Stripe. We do not store your full credit card number. Stripe provides us with a tokenized reference, last four digits, expiration date, and billing address for record-keeping.

2. How We Use Your Information

  • Provide, maintain, and improve transcription and AI analysis features
  • Process payments and manage your subscription
  • Enforce usage limits and prevent abuse
  • Send transactional emails (account confirmation, billing receipts)
  • Respond to support requests
  • Generate aggregated, anonymized analytics to improve the product
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your transcript content to train AI models.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your personal data on the following legal bases:

  • Contract — processing necessary to provide the service you signed up for
  • Legitimate interest — security, fraud prevention, product improvement
  • Consent — where required, such as optional marketing emails
  • Legal obligation — tax records, law-enforcement requests

4. Data Sharing

We share data only with the following categories of recipients:

  • Infrastructure providers — Supabase (database & auth), Vercel (hosting), to operate the service
  • Payment processor — Stripe, to handle billing
  • AI providers — OpenAI and/or other LLM providers, to run AI Agent features. Transcript text is sent as input; providers do not retain it for training under our data-processing agreements.
  • Law enforcement — only when legally compelled by a valid court order or subpoena

5. Data Retention

Transcript data and AI Agent outputs are retained for the duration of your account. You can delete individual transcripts at any time from the History page. When you delete your account, all associated data is permanently removed within 30 days.

Usage logs and anonymized analytics may be retained for up to 12 months for operational and security purposes.

6. Data Security

We use encryption in transit (TLS) and at rest. Authentication tokens are securely stored. API keys are hashed before storage. We conduct periodic security reviews and follow industry best practices.

No system is 100% secure. If we discover a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you
  • Rectify inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. See our Cookie Policy for details.

9. International Transfers

Our servers are located in the United States and European Union. If you access the service from outside these regions, your data may be transferred internationally. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

10. Children's Privacy

TokCaption is not directed at children under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

12. Contact

If you have questions about this policy or your data, contact us at [email protected].