Privacy Policy

Last updated: 4 March 2026

1. Who We Are

TikControl (“TikControl”, “we”, “us”, “our”) is a software product operated as a sole trader business based in England, United Kingdom.

We are the data controller for personal data collected through the TikControl desktop application and website at tikcontrol.io.

Contact us at any time regarding your data: hello@tikcontrol.io

2. What Data We Collect and Why

2.1 Account Data

When you register, we collect:

  • Email address — to identify your account, send verification codes, and contact you about your subscription
  • Username — your chosen display name within the app
  • Password — stored as a one-way hash (PBKDF2). We never store or see your actual password
  • TikTok username — entered by you when you connect to a TikTok LIVE stream. Used solely to establish your stream connection

Lawful basis: Performance of contract (providing you the service you signed up for).

2.2 Subscription & Billing Data

Payments are processed by Lemon Squeezy, who act as Merchant of Record. We do not store or process your payment card details — these are handled entirely by Lemon Squeezy.

We store:

  • Your subscription tier (Free, Pro, or Ultra)
  • Subscription status (active, cancelled, expired)
  • A Lemon Squeezy customer ID and subscription ID (references only, not payment data)

Lawful basis: Performance of contract; legal obligation (financial record-keeping).

2.3 Live Session Data

When you connect TikControl to a TikTok LIVE stream, we record a “live session” containing:

  • Your TikTok username
  • The game you are playing
  • The time you connected and disconnected
  • Periodic heartbeat timestamps (to confirm your session is still active)

⚠️ Public visibility: Your TikTok username and chosen game are displayed publicly on the /live page of our website while your session is active. This is equivalent to publicly listing that you are currently live on TikTok — information that is already publicly available on TikTok itself. You can stop this at any time by disconnecting TikControl.

Lawful basis: Legitimate interests (community feature; information already public on TikTok).

2.4 Technical & Usage Data

We do not currently run analytics or ad tracking. Basic server logs (IP address, request timestamps) may be retained for up to 30 days for security and debugging purposes only.

Lawful basis: Legitimate interests (security and abuse prevention).

3. Third-Party Services We Use

We share limited data with the following trusted third parties to operate the service:

ServicePurposeData SharedLocation
SupabaseDatabase & authenticationEmail, username, subscription status, live session dataUSA (SCCs apply)
Lemon SqueezyPayment processing & subscriptions (Merchant of Record)Email, name, billing infoUSA
EulerStreamTikTok LIVE connection authenticationTikTok username (at connection time only)Variable
VercelWebsite hostingIP address, page requests (standard web logs)USA/Global

International transfers to the USA are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by UK GDPR.

4. How Long We Keep Your Data

  • Account data — kept until you delete your account, then removed within 30 days
  • Live session records — kept for 30 days after the session ends, then automatically deleted
  • Payment records — kept for 7 years as required by UK financial regulations
  • Server logs — kept for up to 30 days

5. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of all data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request deletion of your account and personal data
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to restriction — ask us to limit how we use your data

To exercise any of these rights, email us at hello@tikcontrol.io. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookies

Our website uses only essential cookies required for authentication (login session). We do not use advertising cookies, tracking pixels, or third-party analytics. No cookie consent banner is required for strictly necessary cookies under UK PECR.

7. Children

TikControl is not intended for use by anyone under the age of 13, in line with TikTok's own minimum age requirement. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it promptly.

8. Security

We take reasonable technical and organisational measures to protect your data, including:

  • Passwords stored using PBKDF2 hashing with unique salts — never in plain text
  • All data transmitted over HTTPS/TLS
  • Database access protected by Row Level Security (RLS) via Supabase
  • Two-factor authentication (2FA) available on your account

No system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.

9. Third-Party Links

Our app and website may link to third-party services (TikTok, game platforms, etc.). We are not responsible for the privacy practices of those services. Please review their own privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email. Continued use of TikControl after changes constitutes acceptance of the updated policy.

11. Contact Us

For any questions, data requests, or concerns about this Privacy Policy:

📧 hello@tikcontrol.io

TikControl, England, United Kingdom