Privacy Policy

noticed.one is a SaaS platform for generating and publishing TikTok-native content. For purposes of EU/UK data protection law, [Company Name] is the data controller of the personal data described below, except where we act as a processor on behalf of customers (for content they upload into a workspace).

We collect the following categories of data:

• Account data — name, email, password hash, workspace and team membership, role.
• Brand inputs — URLs you submit, brand profile fields, briefs, and uploaded assets (images, video, audio).
• Generated content — concepts, scripts, scene plans, voiceovers, captions, and rendered videos.
• TikTok integration data — your TikTok user ID, creator settings (privacy options, comment/duet/stitch preferences), encrypted access and refresh tokens, and post status returned by TikTok.
• Usage data — log entries, request IDs, IP address, device and browser metadata, feature usage events, error reports.
• Billing data — plan, usage counts, invoices, and the last four digits of your payment method (full card data is held by our payment processor, not us).

We use your data to:

• Provide, operate, secure, and improve the Service;
• Generate concepts, scripts, voiceovers, and rendered videos based on the inputs you provide;
• Publish videos to TikTok on your behalf when you initiate a publish action;
• Process payments, prevent fraud, and enforce our Terms of Service;
• Communicate with you about your account, security, and product updates;
• Comply with legal obligations and respond to lawful requests.

We do not sell your personal data. We do not use your brand inputs, uploaded assets, or generated content to train foundation models. Our AI subprocessors are contractually prohibited from using your data for their own model training.

If you are in the EEA or UK, we rely on the following legal bases:

• Contract — to provide the Service you have requested.
• Legitimate interest — to secure, monitor, and improve the Service, and to communicate about it.
• Legal obligation — to keep records, respond to lawful requests, and meet tax/accounting requirements.
• Consent — for optional features that require it (for example, connecting your TikTok account, or marketing emails). You can withdraw consent at any time.

We share data with vetted subprocessors who help us run the Service. The current categories include:

• Cloud hosting and storage — for application hosting and asset storage.
• AI model providers — for brand understanding, concept generation, and copywriting. Inputs are sent for inference only, not for training.
• Voice and transcription providers — for voiceover and caption timing.
• TikTok— when you publish or export content through TikTok’s Content Posting API.
• Payment processor — for subscription billing and invoicing.
• Product analytics and error tracking — for understanding feature usage and diagnosing errors.

We may also share data when required by law, to protect our rights or those of our users, or in connection with a corporate transaction (in which case your data continues to be protected under terms at least as protective as this Policy).

We may process and store data in countries outside your country of residence, including in the United States. Where required, we use appropriate safeguards (such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum) to protect your data during transfer.

We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. When you delete a workspace or your account, we delete or anonymize your data from active systems within 90 days, subject to retention required for backups, legal holds, or accounting records.

We use industry-standard safeguards to protect your data, including encryption in transit, encryption at rest for sensitive fields (such as TikTok access tokens), least-privilege access controls, and regular monitoring. No system is perfectly secure; if we become aware of a breach affecting your personal data we will notify you and the relevant authorities as required by law.

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to lodge a complaint with a data protection authority.

You can exercise most of these rights directly from settings (export, delete a workspace, edit your profile). For other requests, email us at privacy@noticed.one. We will respond within the timeframe required by applicable law.

The Service is not intended for children under 16 (or under the age of digital consent in your country). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We use a minimal set of cookies and similar technologies that are strictly necessary to operate the Service (for example, session cookies to keep you signed in) and to measure aggregate product usage. We do not use third-party advertising cookies. Where consent is required by law, we will request it before placing non-essential cookies.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or in-product notice at least 14 days before they take effect, except where a shorter notice period is required. The “Last updated” date at the top of this page reflects the most recent revision.

Questions or requests about this Policy? Email us at privacy@noticed.one.