Privacy Policy

Last updated: February 27, 2026

This Privacy Policy describes how NexoraAI ("we," "our," or "us") collects, uses, and shares your personal information when you use TikTokFlow, our website, Chrome extension, and services (collectively, the "Service").

Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to a plan, or use our services. This may include your name, email address, password, and payment information (processed securely through our payment provider Stripe). We also collect information about your usage of TikTokFlow, including the profiles you search for, messages you send, and your message history.

We automatically collect certain information about your device and usage of our Service, including your IP address, browser type, operating system, Chrome extension version, referring URLs, access times, and pages viewed. We may use cookies, web beacons, and other tracking technologies to collect this information and improve your experience.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our Service, including to process your message sending requests, track your usage limits based on your subscription plan, provide customer support, and communicate with you about your account. We use your message history and profile search data to display your activity within the Service and help you manage your outreach campaigns.

We may use your information to send you service-related notifications, updates about your subscription, and promotional materials (which you can opt out of at any time). We analyze usage patterns to understand how TikTokFlow is used, improve our features, detect abuse, and ensure compliance with our terms of service and TikTok's policies.

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in certain limited circumstances: with service providers who help us operate our Service, such as Stripe for payment processing, Clerk for authentication, Supabase for data storage, and cloud hosting providers; when required by law or to respond to legal process; to protect our rights, property, or safety, or that of our users or others; and in connection with a merger, acquisition, or sale of assets.

We want to be clear that TikTokFlow is an independent service and is not affiliated with, endorsed by, or associated with TikTok or ByteDance Ltd. Any data you provide to TikTok through our Service is subject to TikTok's own privacy policy and terms of service, which we encourage you to review.

Data Security

We take reasonable measures to protect your information from loss, theft, misuse, and unauthorized access. We use encryption for data transmission, secure servers, authentication systems, and other technical and organizational measures to safeguard your data. Your payment information is processed directly by Stripe and is never stored on our servers.

However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should never share your password with others.

Data Retention and Deletion

We retain your information for as long as your account is active and as necessary to provide our Service. When you delete your account, we will permanently delete your personal information, message history, profile search data, and all other account-related information from our active databases. Some information may remain in backups for up to 30 days before being permanently purged.

You can request deletion of your data at any time by deleting your account through your account settings or by contacting us at info@nexoraai.ch. We will process your deletion request within 30 days. Note that we may retain certain information if required by law or for legitimate business purposes such as fraud prevention.

Your Rights and Choices (Data Subject Requests)

Depending on your location, you may have certain rights regarding your personal information. If you are located in the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with data protection laws, you have the following rights:

Right to Access: You can view all data associated with your account directly within your TikTokFlow dashboard. You may also request a complete export of your personal data by contacting us at info@nexoraai.ch.
Right to Deletion (Right to be Forgotten): You can disconnect your TikTok account at any time through the Settings page, which immediately revokes API access and removes your TikTok data from our system. You can also request complete account deletion by contacting us, and we will fulfill your request within 30 days.
Right to Rectification: You can update your account information directly in your profile settings. For any data that cannot be self-corrected, contact us to request corrections.
Right to Data Portability: You can export your data in a machine-readable format (JSON) through your account settings or by contacting us.
Right to Restrict Processing: You may request that we limit the processing of your personal data in certain circumstances.
Right to Object: You may object to certain types of processing, including processing for direct marketing purposes.
Right to Withdraw Consent: Where we rely on your consent to process personal data, you may withdraw that consent at any time.

How to Submit a Data Subject Request: You can submit data subject requests by emailing us at info@nexoraai.ch. Please include "Data Subject Request" in the subject line and specify which right you wish to exercise. We will acknowledge your request within 48 hours and fulfill it within 30 days as required by GDPR. We may need to verify your identity before processing your request.

You can also access and update your account information through your account dashboard, manage your subscription and billing details, view and delete your message history, disconnect linked accounts, and configure your notification preferences.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience with TikTokFlow. Cookies are small data files stored on your device that help us remember your preferences, keep you logged in, track your subscription status, and provide personalized content. Our Chrome extension may also store local data to provide offline functionality and sync your settings.

You can control cookie preferences through your browser settings, though disabling cookies may limit your ability to use certain features of our Service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted or expired). Third-party services like Stripe and Clerk may use their own cookies.

International Data Transfers

TikTokFlow is an international service, and your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union, which may have data protection laws that differ from those of your country. When we transfer personal information internationally, we implement appropriate safeguards to protect your information.

For users in the European Economic Area, United Kingdom, or Switzerland, we comply with applicable data protection regulations including GDPR. We ensure that any international data transfers are conducted under appropriate safeguards such as standard contractual clauses or adequacy decisions by relevant authorities.

Third-Party Services and TikTok

TikTokFlow integrates with TikTok's platform to provide our messaging and profile searching services. When you use TikTokFlow, you are also subject to TikTok's Terms of Service and Privacy Policy. We are not responsible for TikTok's data practices, and we encourage you to review their policies.

TikTokFlow is an independent service and is not affiliated with, endorsed by, or associated with TikTok or ByteDance Ltd. We provide tools for research and outreach purposes, and users are solely responsible for ensuring their use of the Service complies with TikTok's terms and all applicable laws.

TikTok Data Portability API

For users located in the European Economic Area (EEA) or United Kingdom (UK), TikTokFlow utilizes TikTok's Data Portability API to enable you to exercise your GDPR data portability rights (Article 20 GDPR). This feature allows you to request, view, and manage exports of your personal TikTok data within a user-friendly dashboard interface.

Data We Access: Through the Data Portability API, we may access the following categories of your TikTok data, only with your explicit consent and authorization through TikTok's official OAuth flow:

Posts & Profile: Your TikTok profile information (username, bio, profile photo), video posts with metadata (title, description, privacy settings, content disclosures), and your follower and following lists with dates.
Activity Data: Your TikTok activity including browsing and watch history, videos you've liked, comments you've posted, searches you've performed, favorite sounds/effects/hashtags, and saved videos.
Direct Messages: Your DM conversation history, including message content, timestamps, and sender information. This data is displayed in a read-only interface for your review only.
All Available Data: A comprehensive export of all the above categories plus additional data such as app settings, login history, and other TikTok account information as provided by TikTok's Data Portability API.

How We Handle This Data: Data accessed through the Data Portability API follows a specific lifecycle:

Data export is initiated only when you explicitly request it within the TikTokFlow dashboard.
TikTok prepares the data on their servers and notifies us when it is ready (typically within seconds to hours).
We download the data from TikTok's servers and temporarily cache it for display purposes.
Data is displayed to you in a read-only format within your TikTokFlow dashboard.
Cached data is automatically purged and is not retained beyond what is necessary for display.
We do not use this data for any purpose other than displaying it to you, the data owner.
We do not share, sell, or transfer this data to any third parties under any circumstances.
We do not use this data for profiling, marketing, analytics, or any purpose beyond presenting it to you.

Authorization & Consent: Before any data is transferred, you will be shown a clear summary of exactly which categories of data will be requested and how they will be used. You must explicitly authorize the transfer through TikTok's official authorization page. You may choose to grant one-time or ongoing access for each data category. You can review and modify your consent at any time.

Revoking Access: You can revoke TikTokFlow's access to your TikTok data at any time by disconnecting your TikTok account in your TikTokFlow settings. This immediately revokes our API access, removes any cached data associated with your TikTok account from our systems, and prevents any future data requests from being made on your behalf.

Data Protection Policy and Processes

We maintain comprehensive data protection policies and processes to ensure the security and privacy of your information, including data accessed through the TikTok Data Portability API:

Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. TikTok API access tokens and refresh tokens are stored encrypted in our database.
Access Controls: Data accessed via the Data Portability API is scoped to your account only. Our systems enforce strict authentication (via Clerk) to ensure only you can view your exported data.
Data Minimization: We only request the data categories you explicitly select. We do not request more data than necessary for the features you use.
No Secondary Use: Data obtained through the Data Portability API is never used for advertising, marketing, profiling, training AI models, or any purpose other than displaying it to you.
Audit Logging: We maintain logs of data access requests for security and compliance purposes.
Incident Response: We have established procedures for detecting, reporting, and responding to data breaches in accordance with GDPR Article 33 requirements (notification within 72 hours).
Regular Review: We periodically review and update our data protection practices to ensure ongoing compliance with applicable regulations.

Children's Privacy

Our Service is not intended for persons under hte age of 18, and we do not knowingly collect personal information from persons under this age. If we become aware that we have collected personal information from a person under the applicable age limit, we will take immediate steps to delete such information. If you believe we have collected information from a person under this age, please contact us immediately at info@nexoraai.ch.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website, updating the "Last Updated" date, and sending you an email notification if the changes significantly affect your rights. Your continued use of our Service after any changes constitutes acceptance of the updated privacy policy.

We encourage you to review this privacy policy periodically to stay informed about how we collect, use, and protect your information. If you do not agree with any changes to our privacy policy, you should discontinue use of the Service and delete your account.

Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our privacy practices, please contact us at info@nexoraai.ch. We will respond to your inquiry within 30 days or as required by applicable law.

For users in the European Economic Area, United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.