Privacy Policy

Last updated: 2026-05-12

This Privacy Policy describes how seesail.net collects, uses, and protects your data when you use our TikTok content publishing and creator management tools.

1. Who We Are

seesail ("we", "our", "us") is an independent SaaS service operated from Thailand by an individual developer. seesail helps TikTok content creators and e-commerce sellers create, manage, and publish short-form video content, and manage affiliate creator collaborations — all through official TikTok APIs.

We operate multiple TikTok developer apps under the seesail brand to serve different product functions (content publishing, shop management, etc.).

Data Controller: seesail, operating from Thailand.
Contact: Mio13266737796@gmail.com

seesail is not affiliated with, endorsed by, or sponsored by TikTok or ByteDance Ltd.

2. Data We Collect

2.1 From TikTok for Developers — Login Kit & Content Posting API

When you connect a TikTok account via Login Kit, we receive the following data that TikTok shares with us under the scopes you authorize:

• Identity fields (user.info.basic): open_id, union_id, display_name, avatar_url

When you use Content Posting API to upload or publish videos through seesail, we additionally collect:

• Video files you upload to seesail — the actual video content you choose to publish
• Video metadata — title, description, hashtags, visibility setting, privacy level, cover image, and any other publishing parameters you provide
• Publishing results returned by TikTok — video_id, share_url, publish_id, publish timestamp, and any error codes

2.2 From TikTok Shop Partner API

When you connect a TikTok Shop seller or creator account, we collect the following data under each scope you explicitly authorize:

• Seller scope: shop metadata (shop name, shop status, region), shop cipher, authorized seller profile identifiers
• Creator scope: public creator profile data — nickname, avatar URL, content categories, creator tier, follower count, estimated GMV range, live streaming status. This data is publicly available on TikTok's platform and is used solely to display creator discovery results within your seesail dashboard.
• Analytics scope: your own shop's aggregated performance metrics — views, clicks, orders, GMV — as reported by TikTok for your authorized store
• Collaboration scope: invitation records you initiate within seesail, and per-creator target_collaboration status values returned by TikTok

2.3 From Your Use of seesail

• Account email — used for login and account communications
• OAuth access tokens and refresh tokens — stored encrypted using AES-256-GCM; decryption keys are held server-side and never exposed to the browser
• API call audit logs — task_id, timestamp, API endpoint called, result summary (success / error code). Used for error diagnosis and compliance auditing.

2.4 Data We Do NOT Collect

• Creators' private contact details — TikTok does not expose creator email addresses or phone numbers via its APIs, and we do not scrape or infer them by any other means
• Buyer / consumer PII — order buyer information is outside our API scope
• Financial or tax data — bank accounts, tax IDs, and payout details are outside our scope
• Behavioural tracking or advertising data — we do not deploy any advertising pixels, third-party analytics SDKs, or behavioural profiling tools

3. How We Use Your Data

We use the data described above exclusively for the following purposes:

• Rendering your seesail dashboard — displaying creator search results, shop analytics, invitation management, and publishing history
• Executing actions you explicitly trigger — uploading video to TikTok draft or publishing it, sending collaboration invitations, pulling analytics snapshots. We do not take any action on your TikTok account without a direct instruction from you.
• Error diagnosis and service improvement — audit logs help us identify and fix failures in API calls or publishing jobs
• Compliance and audit — invitation records and API audit logs are retained to meet TikTok Partner API compliance requirements and applicable law

We do not use your data for cross-tenant analytics, advertising targeting, training machine-learning models on your content, or sale or transfer to third parties.

4. Data Storage & Security

• Database: Supabase (PostgreSQL 17), hosted in the AWS ap-south-1 (Mumbai) region. Row Level Security (RLS) policies enforce strict tenant isolation — your data is never accessible to other seesail users.
• File storage: Cloudflare R2 is used for temporary storage of video files you upload before they are transmitted to TikTok. Files are not permanently archived on R2 (see Section 7 for retention periods).
• Backend: Deployed on Render (cloud hosting provider).
• Frontend: Deployed on Vercel.
• Encryption in transit: All network connections use TLS 1.2 or higher.
• Encryption at rest: OAuth tokens (access_token and refresh_token) are encrypted with AES-256-GCM at the application layer before being written to the database.
• Access control: Internal access to production data follows a least-privilege principle. System access events are logged and retained for a minimum of one year.

We do not hold certifications such as SOC 2 or ISO 27001. If you require enterprise-grade compliance guarantees, please contact us before subscribing.

5. International Data Transfer

seesail is operated from Thailand. Our infrastructure involves servers in India (Supabase / AWS ap-south-1), the United States (Render, Vercel edge network), and globally distributed CDN nodes (Cloudflare).

Under Thailand's Personal Data Protection Act 2019 (PDPA), Section 28, personal data may be transferred to a foreign country only if that country has adequate data protection standards, or if appropriate safeguards are in place. We rely on the contractual commitments (equivalent to Standard Contractual Clauses) provided by our infrastructure vendors (Supabase, Cloudflare, Render, Vercel) who maintain their own data processing agreements.

For users in the European Economic Area (EEA), transfers of personal data to third countries are made on the basis of the Standard Contractual Clauses adopted under GDPR Article 46(2)(c) as incorporated in our vendors' data processing agreements.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right of rectification — ask us to correct inaccurate data
• Right of erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations
• Right to data portability — receive your data in a structured, machine-readable format (JSON)
• Right to object — object to processing in certain circumstances
• Right to withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal

How to exercise your rights:

• Revoke TikTok authorization: Go to seesail Settings → Connected Accounts and revoke any linked TikTok account. We will immediately stop calling TikTok APIs on your behalf and purge your OAuth tokens within 30 days. You may also revoke via TikTok directly at TikTok Connected Apps Settings.
• Data export or deletion request: Email Mio13266737796@gmail.com with your request. We will respond within 30 calendar days.

7. Data Retention

• OAuth tokens: Kept active until you deauthorize. After deauthorization, tokens are purged within 30 days.
• Video files (uploaded to seesail): After a successful publish to TikTok, the file on Cloudflare R2 is deleted within 7 days. If publishing fails, the file is retained for up to 30 days to allow retries, then deleted.
• Creator profile cache: Public creator data is cached to reduce API calls. Stale entries are purged after 90 days.
• Analytics snapshots: Retained for up to 12 months, then deleted or anonymized.
• Invitation records: Retained for 2 years to meet TikTok Partner API compliance audit requirements.
• API audit logs: Retained for 1 year, then deleted.
• Account data (email, settings): Retained until you delete your seesail account. Upon deletion, OAuth tokens are immediately revoked, personal data is hard-deleted, and invitation records are anonymized.

8. Children's Privacy

seesail is not directed to children. We do not knowingly collect personal data from individuals under 18 years of age. Under Thailand's PDPA, individuals under 20 years of age are considered minors for data protection purposes and require consent from a legal guardian.

If we become aware that we have inadvertently collected personal data from a minor without verifiable guardian consent, we will delete that data promptly. If you believe we have collected such data, please contact us at Mio13266737796@gmail.com.

9. Cookies & Tracking

seesail uses only essential cookies. We do not use advertising cookies, tracking pixels, or any third-party analytics services.

• Authentication session cookie: Maintains your logged-in session. Required for the service to function.
• User preference cookies: Stores settings such as interface language and display preferences.

No cookies are placed for advertising purposes, remarketing, cross-site tracking, or behavioral profiling.

10. Third-Party Services

seesail integrates with the following third-party services to operate. Each has its own privacy policy:

• TikTok / ByteDance — Content Posting API, Login Kit, TikTok Shop Partner API. TikTok Privacy Policy
• Supabase — Database and authentication hosting. Supabase Privacy Policy
• Cloudflare R2 — Video file storage. Cloudflare Privacy Policy
• Render — Backend API hosting. Render Privacy Policy
• Vercel — Frontend hosting. Vercel Privacy Policy

We do not share your personal data with these vendors beyond what is strictly necessary to deliver the service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For any material change — such as adding new data types, new uses of existing data, or new third-party integrations — we will:

• Post an in-app notification banner at least 14 days before the change takes effect
• Send an email notification to your registered address at least 14 days in advance

Non-material changes (such as clarifications of existing practices or corrections of typographical errors) may be posted without advance notice. The "Last updated" date at the top of this page will always reflect when the policy was last revised.

12. Contact / Data Controller

For any privacy-related questions, data access requests, or complaints:

• Email: Mio13266737796@gmail.com
• Data Controller: seesail, operating from Thailand
• Response time: We aim to respond to all privacy requests within 30 calendar days.

If you are located in the European Union and believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with your local data protection authority.