Privacy policy
This policy describes what Made By Skill collects, why, how long it keeps it, and how to get rid of it.
Who this covers
Creators who use Made By Skill to produce videos and, optionally, to publish them to their own connected accounts.
What we collect
Account connection data
When a creator connects a TikTok account, we store the account identifier TikTok gives us, the scopes granted, the expiry of the authorization, and the display name, username and avatar reference — the last three so the creator can see which account a video will go to.
Authorization credentials
Access and refresh credentials are encrypted at rest with a key held outside the database. They are decrypted only in memory, only to make a request the creator asked for. They are never written to a log, an error message, an analytics event, a screen, or any report — not in full, not in part.
Creator capability data
When the creator opens the export page, we query TikTok for the account's current posting capabilities — the audience options available, whether comment, Duet and Stitch are enabled, and the maximum video duration. We store each response so there is a record of what the creator was actually shown.
Post data
For each post: the settings the creator chose, the confirmation record, the identifier TikTok returned, and the statuses TikTok reported.
Production data
The source material, scripts, narration and renders that make up a video, along with the licence records for the material used.
What we do not collect
- We do not collect a creator's TikTok password. Authorization happens on TikTok's own site; we never see it.
- We do not read a creator's TikTok messages, followers, or engagement.
- We do not build advertising profiles and we do not sell data.
Why we use it
To produce videos the creator asked for, to show the creator accurate information about their own account before they post, to carry out the specific posts they confirm, and to report what happened to those posts. Nothing here is used for another purpose.
Who we share it with
TikTok, when the creator asks us to send a video to their TikTok account — that is the whole point of the integration. Infrastructure providers that host this application. Nobody else.
How long we keep it
| Data | Retention |
|---|---|
| Authorization credentials | Until the creator disconnects or the authorization expires; deleted immediately on disconnect. |
| Connection record (identifier, scopes, expiry) | Until the creator deletes the connection. |
| Capability snapshots | Kept as the record of what the creator was shown at the time of a post. |
| Post records and statuses | Kept as the record of what was sent and what TikTok reported. |
| Production data | Until the creator deletes the video. |
Disconnecting and deleting
Disconnecting a TikTok account revokes the authorization with TikTok and deletes the stored credential. Deleting a connection removes the connection record and everything scoped to it. To request deletion of everything else, use the contact page.
Security
Credentials are encrypted at rest. Access to production data is restricted to the operators of this deployment. Credential values never enter logs or error reports by construction, not by filtering after the fact.
Changes
If this policy changes in a way that affects what we collect or why, the change is described here before it takes effect.
Contact
Questions about this policy: see the contact page.