1. Introduction

Welcome to Toklytics. This Privacy Policy explains how Toklytics (“we,” “us,” or “our”) collects, uses, stores, and protects information when you use our services, which include:

The Toklytics Chrome Extension (the “Extension”)
The Toklytics web platform at toklytics.app (the “Platform”)
Any associated APIs, tools, and services

By using any Toklytics service, you agree to the collection and use of information as described in this policy. If you do not agree with our practices, please discontinue use of our services.

2. Who We Are

Toklytics is a TikTok analytics platform that operates as a two-sided marketplace. Our free Chrome Extension crowdsources publicly available TikTok data, while our paid web platform provides analytics tools for agencies, brands, and creators. For privacy-related inquiries, you can contact us at support@toklytics.app.

3. Information We Collect

3.1 Information You Provide Directly

When you create an account on the Toklytics Platform, we collect:

Name and email address (via Google OAuth authentication)
Google profile picture (if available in your Google account)
Payment and billing information (processed by Stripe; we do not store full payment card details)
Subscription plan selection and token usage history

3.2 TikTok Data Collected by the Extension

The Toklytics Extension intercepts publicly available data from TikTok's web interface as you browse normally. This data includes:

Creator/Profile Data:

TikTok username, display name, bio, and profile picture URL
Follower count, following count, total likes, and video count
Verification status, account region, and account creation indicators
Calculated engagement metrics (engagement rate, average views, etc.)

Video Data (80+ data points per video):

Video ID, description, hashtags, creation time, and duration
Performance metrics: play count, like count, comment count, share count, save count
Video metadata: music/sound information, cover images, format details
Content flags: isPinned, isAd, isSlideshow, and similar indicators

Feed Data:

Video and creator data from For You, Following, and search result pages
Feed position context and discovery source

Time-Series Snapshots:

Each time the Extension captures video data, it creates a timestamped snapshot. This enables historical performance tracking (similar to how price-tracking tools monitor product prices over time). Snapshots contain only the performance metrics listed above and a capture timestamp.

3.3 Data Collected by the Platform

Search queries and analytics queries you perform on the Platform
Token consumption and usage patterns
CSV export activity
Pages visited and features used within the Platform

3.4 Automatically Collected Technical Data

IP address and approximate geographic location
Browser type and version, operating system
Device identifiers and screen resolution
Referral source (how you found Toklytics)
Session duration and page navigation paths
Language preferences (used for our internationalization system supporting 14+ languages)

3.5 Cookies and Similar Technologies

We use the following cookies and tracking technologies:

Technology	Purpose	Type	Duration
Google Analytics 4 (GA4)	Website analytics, user behavior tracking, conversion measurement	Analytics	Up to 2 years
Google OAuth Session	Authentication and login state	Essential	Session
Locale Preference Cookie	Stores your preferred language for internationalization	Functional	1 year
Stripe Cookies	Payment processing and fraud prevention	Essential	Session
Extension Analytics	Anonymous extension usage tracking (random UUID, no personal data)	Analytics	Persistent

4. How We Use Your Information

4.1 To Provide and Improve Our Services

Display analytics overlays on TikTok profiles via the Extension
Calculate engagement rates, performance metrics, and creator scores
Power the Platform's search, discovery, and analytics query features
Generate programmatic SEO pages (creator profiles, hashtag pages, sound pages, video detail pages) for organic discovery
Maintain historical time-series data for trend analysis and growth tracking
Enable CSV data export functionality
Process subscription payments and manage token-based access

4.2 To Power Aggregate Analytics

Extension-contributed data is aggregated and anonymized to power the Platform's database. This enables Platform users to search and analyze TikTok creators, videos, hashtags, and sounds — even for profiles they have not personally visited. No individual Extension user's browsing activity is disclosed to Platform users.

4.3 To Generate AI-Accessible Content

We maintain an llms.txt file and structured data to make our aggregated TikTok analytics discoverable by AI tools and search engines. This involves only publicly available TikTok statistics, not personal user data.

4.4 To Provide Multilingual Content

We use the Anthropic Claude API to dynamically translate Platform content into 14+ languages. Your language preference (detected from browser settings or manual selection) is used to serve translated content. Translation requests are cached and do not include any personal user data — only page content strings are sent for translation.

4.5 For Communication and Support

Respond to support requests and inquiries
Send important service updates and policy changes
Notify you of changes to your subscription or token balance

4.6 For Analytics and Business Intelligence

Monitor Platform health and performance via admin dashboards
Track extension adoption, user conversion rates, and revenue metrics
Analyze search engine indexing performance and SEO effectiveness
Identify and fix technical issues in the data pipeline

5. Data Sharing and Third-Party Services

We do NOT sell your personal data. We share information only in the following limited circumstances:

5.1 Service Providers

Provider	Purpose	Data Shared
Supabase	PostgreSQL database hosting	All stored data (encrypted at rest)
Vercel	Web hosting and serverless functions	Request data, logs
Stripe	Payment processing and subscription management	Email, payment details, plan info
Google (OAuth)	User authentication	Email, name, profile picture
Google Analytics 4	Website and extension analytics	Anonymous usage data, IP (anonymized)
Anthropic (Claude API)	Dynamic content translation	Page content strings only (no personal data)
Google Search Console / IndexNow	Search engine indexing	Public page URLs only

5.2 Aggregated Public Data

TikTok analytics data collected by Extensions is aggregated into our database and made available to Platform users through paid queries. This data consists entirely of publicly available TikTok statistics (follower counts, video metrics, etc.) and does not include any information about the Extension users who contributed the data.

5.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Toklytics, our users, or others.

6. Data Storage and Security

6.1 Where Data Is Stored

Extension local data: Stored in your browser's local storage (IndexedDB) on your device
Cloud database: Hosted on Supabase (PostgreSQL) with encryption at rest
Platform hosting: Vercel (serverless infrastructure)
Payment data: Processed and stored by Stripe under PCI DSS compliance

6.2 Security Measures

HTTPS encryption for all data in transit
Database connection pooling with proper access controls
API key authentication for Extension-to-Platform data sync
Google OAuth 2.0 for secure user authentication
Stripe webhook signature verification for payment events
Admin access restricted to authorized email addresses

6.3 Data Retention

Extension local data: Retained until you clear it or uninstall the Extension
Cloud-synced TikTok data: Retained indefinitely to maintain historical analytics accuracy
Account data: Retained for the duration of your account; deleted upon verified request
Payment records: Retained as required by financial regulations
Analytics data: Google Analytics retains data per your GA4 settings; extension analytics retained in our database
Translation cache: Cached translations expire after 30 days

7. Your Rights and Choices

7.1 All Users

Access your locally stored Extension data via the Extension popup
Export your data using the CSV export feature
Delete local Extension data by clearing browser storage or uninstalling
Request deletion of cloud-synced data by emailing support@toklytics.app
Choose your preferred language via the language picker
Disable cloud sync through Extension settings

7.2 Rights Under GDPR (EU/EEA Users)

If you are located in the European Economic Area, you have the right to: access your personal data, rectify inaccurate data, request erasure of your data, restrict processing of your data, data portability, object to processing, and withdraw consent at any time.

To exercise these rights, contact us at support@toklytics.app. We will respond within 30 days.

7.3 Rights Under CCPA (California Users)

If you are a California resident, you have the right to: know what personal information we collect and how it is used, request deletion of your personal information, opt out of the sale of personal information (note: we do not sell personal information), and non-discrimination for exercising your rights.

To exercise these rights, contact us at support@toklytics.app.

8. Chrome Extension: Permissions and Data Practices

8.1 Permissions Explained

Permission	Why It's Needed
storage	Save captured TikTok analytics data locally in your browser
unlimitedStorage	Store data for many creators and videos (standard 5MB limit is insufficient)
activeTab	Detect when you navigate to TikTok and inject the analytics overlay
scripting	Inject the analytics overlay UI and API interceptor on TikTok pages
tiktok.com (host)	Only operates on TikTok website domains — no access to other sites
toklytics.app (host)	Sync captured data to the Toklytics cloud database

8.2 How the Extension Collects Data

The Extension uses network interception (patching the browser's fetch and XMLHttpRequest APIs) to capture responses from TikTok's internal API endpoints as you browse TikTok normally. The Extension does NOT:

Log into TikTok on your behalf
Access your TikTok password or credentials
Modify any data on TikTok
Auto-scroll or simulate user behavior
Access any website other than TikTok and toklytics.app
Collect any personally identifiable information about you as the Extension user

8.3 Data Flow

The data flow works as follows:

You browse TikTok normally
The Extension captures TikTok's public API responses in the background
Data is stored locally in your browser (IndexedDB)
If cloud sync is enabled, data is periodically sent to the Toklytics backend via a secure API endpoint
The backend processes and stores the data in the shared analytics database

9. Children's Privacy

Toklytics is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. The Extension processes only publicly available TikTok statistics and does not collect personal information about Extension users. If you believe a child has provided us with personal information, please contact us at support@toklytics.app and we will promptly delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. Our service providers (Supabase, Vercel, Stripe, Google) operate globally. We ensure that any transfer of personal data complies with applicable data protection laws and that appropriate safeguards are in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through:

Extension update notes in the Chrome Web Store
A notice on the Toklytics Platform
Email notification to registered Platform users

We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Compliance

This Privacy Policy and our data practices are designed to comply with:

Chrome Web Store Developer Program Policies
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Applicable data protection and privacy laws in the jurisdictions where we operate

13. Contact Us

For privacy questions, data access requests, or data deletion requests:

Email: support@toklytics.app
Website: https://toklytics.app

We aim to respond to all privacy-related inquiries within 30 days.