Skip to Content

Privacy Policy

Privacy Policy

We are committed to protecting the privacy of all individuals whose data we access through the TikTok Shop Developer API. Our privacy practices include:

  • We only collect personal data necessary for order processing, product synchronization, and customer support.
  • Data is not sold, shared, or transferred to any unauthorized third party.
  • We store personal data on secure cloud servers with encryption in transit and at rest.
  • Access to personal data is restricted to authorized personnel and managed through role-based permissions.
  • We honor data subject rights including access, correction, and deletion of personal information upon request.
  • All external communications and data processing follow TikTok Shop Developer data usage guidelines.

This privacy policy is reviewed annually and updated as needed to stay aligned with legal and platform requirements.

Incident Response Policy

Incident response responsibilities are clearly assigned:

  • All incidents are reported to Brian Creager within 2 hours
  • System logs and breach reports are reviewed promptly
  • Third-party partners are notified if their data is affected
  • Affected parties are informed within 72 hours, if needed

Vulnerability and Threat Management Procedure

We regularly review systems and third-party services:

  • Use automated vulnerability scans every 30 days
  • Subscribe to Odoo and upstream security alerts
  • Patch critical vulnerabilities within 48 hours
  • Keep a changelog of all security updates

Issued May 1, 2025

Data Protection Policies

Information Security Policy

We maintain an information security policy that governs how our organization protects client and platform data. The policy includes:

  • Designation of a Security Officer (currently Brian Creager)
  • Regular audits of access controls and permissions
  • Security awareness training for all team members
  • Secure development lifecycle practices for all software

Network Segregation and Threat Prevention Policy

We use secure cloud platforms (Odoo.sh and n8n) that apply network-level segregation. Our internal systems use the following protections:

  • Cloud provider firewalls and IP restrictions
  • No open ports beyond HTTPS (443)
  • Internal data only accessible over secure VPN connections
  • Enforced device-level antivirus and firewall settings

Endpoint Protection Policy

We require all company endpoints (laptops, desktops) to have:

  • Active antivirus software
  • Auto-updating OS patches
  • Enforced password policies
  • Disk encryption enabled

Security Baseline Policy

All users accessing sensitive systems must:

  • Use unique passwords with minimum complexity (12+ characters)
  • Use multi-factor authentication (MFA) for all admin and platform logins
  • Lock screens after 5 minutes of inactivity
  • Store no sensitive data locally unless encrypted

Access Control Policy

We enforce least privilege access across all systems:

  • Developers only access test/sandbox environments unless elevated temporarily
  • Admin access is restricted to Brian Creager
  • Role-based permissions are reviewed quarterly
  • All access logs are retained for at least 90 days

Data Classification and Encryption Policy

All customer data is classified as confidential and:

  • Stored in encrypted cloud storage (AES-256)
  • Transmitted via HTTPS/TLS 1.2+ only
  • Not shared or transferred outside authorized tools

Personal Data Protection Policy

We maintain a personal data protection policy to ensure the ethical and lawful handling of all identifiable information. The policy includes:

  • Collection and use of personal data only for defined, legitimate business purposes
  • Data minimization practices to avoid storing excessive or unnecessary information
  • Regular reviews of data retention timelines and deletion procedures
  • Clear documentation of consent where applicable
  • Regular reviews and updates to this policy at least once per year or following a major change in business processes