Privacy Policy

Last updated: March 29, 2026

1. Introduction

Liftloop Inc. ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Liftloop platform ("Service").

2. Information We Collect

Account Information

  • Name, email address, and password (hashed with bcrypt)
  • Organization/workspace name
  • Billing information processed by Stripe (we do not store card numbers)

TikTok Data (with your authorization)

  • Public video metadata: titles, descriptions, hashtags, timestamps
  • Video analytics: views, likes, comments, shares, engagement rates
  • Basic profile info: display name, avatar, follower count
  • OAuth access tokens (encrypted at rest with AES-256-GCM)

Usage Data

  • Pages visited, features used, content generated
  • Error logs and performance data (via Sentry)
  • IP address and browser information for security and rate limiting

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Analyze your content performance patterns to generate AI-powered suggestions
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, billing receipts)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only with:
  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • TikTok — API access to your authorized data. Subject to TikTok's Privacy Policy.
  • Anthropic (Claude AI)— Content generation. Your content patterns are sent to Claude's API for generation. Anthropic does not use API inputs for training.
  • Sentry — Error monitoring. Collects anonymized technical data only.
  • PostHog — Anonymized product analytics to improve the Service.
  • Vercel — Hosting and infrastructure.

5. Data Security

  • Passwords are hashed with bcrypt (cost factor 12)
  • TikTok OAuth tokens are encrypted at rest using AES-256-GCM
  • All connections use HTTPS/TLS
  • Database access is restricted to authenticated application servers
  • Rate limiting and audit logging protect against brute force and abuse

6. Data Retention

  • Account data is retained while your account is active
  • TikTok data is synced periodically and updated with each sync
  • When you delete your account, all associated data is permanently removed within 30 days
  • You can disconnect your TikTok account at any time, which deletes stored tokens immediately

7. Your Rights

Depending on your jurisdiction, you may have the right to:
  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for TikTok data access
  • Object to data processing

To exercise any of these rights, contact us at privacy@liftloop.io.

8. Cookies

We use essential cookies only:
  • Session cookie — maintains your login state
  • CSRF token — protects against cross-site request forgery during OAuth
We do not use advertising or third-party tracking cookies.

9. Children's Privacy

Liftloop is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. International Data Transfers

Your data may be processed in the United States where our servers are hosted. By using the Service, you consent to this transfer. We apply appropriate safeguards to protect your data regardless of where it is processed.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

12. Contact Us

For privacy inquiries, contact us at privacy@liftloop.io.

Liftloop Inc.