Summary: PEAK Time Post is a tool for hotel operators to publish their own videos to their own TikTok accounts. We collect only what's needed to provide this service, we never sell your data, and you remain in full control of your TikTok account access at all times.
Table of Contents
1. Who We Are
PEAK Time Post ("we," "us," "our") operates the website at peek-time-post.com and provides an automated video publishing platform for hospitality and travel businesses. This Privacy Policy describes how we collect, use, and protect information when you use our Service.
This platform uses TikTok's official developer APIs (Login Kit and Content Posting API v2) to publish hotel videos to TikTok on behalf of authorized users. We are an independent developer and are not affiliated with TikTok or ByteDance Ltd.
2. Information We Collect
2.1 Information You Provide
- Contact information: Email address when you contact us or sign up
- Account information: TikTok account usernames you choose to connect
- Video content: Hotel footage and video files you upload to be published
- Configuration data: Posting preferences, schedules, and account settings
2.2 Information We Receive from TikTok
When you authorize a TikTok account through our OAuth flow, we receive from TikTok:
- Access token and refresh token: Used to make API calls on your behalf
- Open ID: A unique, anonymized identifier for your TikTok account
- Basic profile information: Username and display name (via user.info.basic scope)
- Token metadata: Expiration time and authorized scopes
We do not receive your TikTok password, private messages, follower lists, analytics data, or any data beyond what is necessary to publish videos.
2.3 Automatically Collected Information
- Log data: IP address, browser type, pages visited, and access times (standard server logs)
- Posting logs: Records of when videos were posted, to which accounts, and whether posting succeeded or failed
- Error logs: Technical error information to diagnose and fix issues
3. How We Use Your Information
We use the information we collect solely to provide and improve the Service:
- To publish videos: Using your TikTok access tokens to call the Content Posting API on your behalf
- To manage your queue: Tracking which videos have been posted and which are pending
- To maintain your session: Refreshing OAuth tokens before they expire
- To display your dashboard: Showing posting status, account information, and clip inventory
- To diagnose problems: Using error logs to identify and fix technical issues
- To communicate with you: Responding to support requests and sending important notices
We do not use your information for advertising, profiling, or any purpose unrelated to providing the Service.
4. TikTok Data and API Access
This section specifically addresses how we handle data obtained through TikTok's APIs, in accordance with TikTok's developer policies:
4.1 Scope of Access
We request only the minimum TikTok API scopes necessary to provide the Service:
- user.info.basic — identifies the account for display and queue management purposes
- video.publish — publishes completed videos to your TikTok account
- video.upload — uploads video files via chunked transfer to TikTok's servers
4.2 Token Security
- Access tokens and refresh tokens are stored locally in an encrypted JSON file on your own machine or server
- Tokens are never transmitted to third parties or stored in any shared database
- You can revoke our access at any time through TikTok's app settings (Settings → Security → Apps and permissions)
- Upon revocation, all stored tokens for that account are invalidated and deleted from our system
4.3 Data Minimization
We do not store, cache, or archive any TikTok user data beyond what is actively required to post the next scheduled video. Once a video has been successfully posted, the associated posting record contains only a timestamp, video filename, and success/failure status — no personal data from TikTok.
4.4 User-Owned Accounts
All TikTok accounts connected to PEAK Time Post must be accounts you own or are explicitly authorized to manage. We do not facilitate access to accounts you do not own.
5. Information Sharing
We do not sell, rent, trade, or otherwise share your personal information with any third parties for their own purposes. We may share information only in the following limited circumstances:
- With TikTok: Video content and metadata are transmitted to TikTok's servers as part of the publishing process. This is subject to TikTok's own Privacy Policy.
- For legal compliance: If required by applicable law, regulation, legal process, or governmental request
- To protect rights: If we believe disclosure is necessary to protect the rights, property, or safety of PEAK Time Post, our users, or the public
- Business transfers: In the event of a merger, acquisition, or sale of assets, with prior notice provided to affected users
6. Data Storage and Security
PEAK Time Post is designed to run locally or on your own infrastructure. OAuth tokens and configuration data are stored on your own machine in a local JSON file (tiktok_tokens.json), not on our servers.
We implement reasonable security practices to protect any data handled through our Service, including:
- HTTPS-only communication for all API requests
- PKCE (Proof Key for Code Exchange) with SHA256 challenge for OAuth flows
- No logging of access token values in plaintext logs
- Rate-limiting and error handling to prevent unauthorized API calls
No security measure is perfect. We encourage you to revoke our TikTok access if you believe your tokens may have been compromised.
7. Data Retention
We retain information only as long as necessary to provide the Service:
- OAuth tokens: Retained until you revoke access or delete them from your local token file
- Posting logs: Retained for 90 days for debugging purposes, then automatically deleted
- Video files: Source video clips are moved to an archive folder after successful posting; we do not retain copies on any remote server
- Server logs: Standard access logs retained for up to 30 days
8. Your Rights and Choices
You have the following rights with respect to your data:
- Access: You can view all data we have about your accounts through your local configuration files and the dashboard
- Deletion: You can delete your OAuth tokens by removing entries from
tiktok_tokens.jsonor by revoking access through TikTok's settings - Revocation: You can revoke PEAK Time Post's API access at any time through TikTok → Settings → Security → Manage app permissions
- Portability: Your configuration and token data are stored in human-readable JSON files on your own system
- Opt-out: You may stop using the Service at any time by ceasing to run the software
To exercise any of these rights or to ask questions about your data, contact us at info@peek-time-post.com.
9. Children's Privacy
The Service is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under the applicable age, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Your continued use of the Service after changes to this policy constitutes your acceptance of the revised policy. If you disagree with any changes, you should revoke TikTok access and stop using the Service.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
PEAK Time Post
Email: info@peek-time-post.com
Website: https://www.peek-time-post.com
We will respond to privacy-related inquiries within 30 days of receipt.