Privacy Policy

Last Updated: February 2026

1. Introduction

This Privacy Policy explains how AAG Creator Engine, operated by WALTHER Holding ("Company," "we," "us," or "our"), collects, uses, and protects information when you use our platform and related services. We are committed to safeguarding your privacy and handling your data with transparency and care.

By using the AAG Creator Engine, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. This policy applies to all data processed through our integration with TikTok's APIs and any associated services.

2. Information We Collect

We collect the minimum amount of information necessary to provide and improve the Service:

• TikTok Profile Data: Username, display name, avatar URL, and follower count, obtained through the OAuth 2.0 authorization flow with your explicit consent;
• Content Metadata: Video titles, descriptions, hashtags, posting timestamps, and commercial disclosure flags associated with content published through the Service;
• Analytics Data: View counts, engagement metrics (likes, comments, shares), and audience demographics retrieved from TikTok's Display API;
• Technical Data: Browser type, IP address (anonymized), device information, and access timestamps for security monitoring and service reliability.

3. How We Use Information

We use the information we collect exclusively for the following purposes:

• Facilitating automated content posting to TikTok through the Content Posting API;
• Applying and verifying commercial content disclosure settings for compliance;
• Generating performance analytics reports based on TikTok Display API data;
• Managing and orchestrating media assets within the content pipeline;
• Ensuring platform security, detecting abuse, and maintaining service reliability;
• Communicating with you about service updates, changes, or issues affecting your account.

4. TikTok API Data

AAG Creator Engine accesses TikTok data exclusively through TikTok's official APIs in accordance with TikTok's Developer Platform Terms. We adhere to all data usage restrictions, retention requirements, and data portability obligations established by TikTok.

Data obtained through TikTok's APIs is:

• Used solely for the purposes authorized by the user during the OAuth consent flow;
• Never sold, rented, or provided to third parties for advertising or marketing purposes;
• Deleted upon user request or when no longer necessary for the authorized purpose;
• Subject to TikTok's Data Portability and Data Deletion requirements as specified in TikTok's Developer Platform policies.

5. Data Storage and Retention

We follow a minimal data retention approach:

• Video Content: Processed in-transit only. Video files are transmitted directly to TikTok's Content Posting API and are never permanently stored on our servers;
• Analytics Data: Performance metrics are cached for up to 90 days to support reporting functionality, then automatically purged;
• OAuth Tokens: Encrypted at rest using AES-256 encryption and refreshed according to TikTok's token lifecycle requirements;
• Account Data: Retained for the duration of your active account and deleted within 30 days of account closure or access revocation.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. Data is shared only in the following limited circumstances:

• TikTok Platform: Content and associated metadata are transmitted to TikTok through their API as required for the Service's core functionality;
• Legal Compliance: When required by law, court order, or governmental regulation;
• Service Providers: With carefully vetted infrastructure providers (hosting, security monitoring) who are contractually bound to maintain confidentiality and comply with data protection requirements.

7. Security Measures

We implement industry-standard security measures to protect your data:

• TLS 1.3 encryption for all data in transit;
• AES-256 encryption for OAuth tokens and sensitive data at rest;
• Regular security audits and penetration testing;
• Role-based access controls with principle of least privilege;
• Automated threat detection and incident response procedures;
• API key rotation and secure credential management.

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you;
• Right to Rectification: Request correction of inaccurate or incomplete data;
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations;
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format;
• Right to Restrict Processing: Request that we limit how we process your data;
• Right to Object: Object to processing of your data for certain purposes;
• Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to verified requests within 30 days.

9. Cookies and Tracking

The Service uses strictly necessary cookies to maintain authentication sessions and ensure platform security. We do not use advertising cookies, tracking pixels, or third-party analytics services that profile user behavior across websites.

Session cookies are automatically deleted when you close your browser or after a period of inactivity. No cross-site tracking technologies are employed.

10. Children's Privacy

The AAG Creator Engine is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a user under 18, we will take immediate steps to delete that information and terminate the associated account.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or TikTok's Developer Platform policies. When we make material changes, we will notify you through the Service interface or via email at least 14 days before the changes take effect.

The "Last Updated" date at the top of this policy indicates when the most recent revisions were made. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: