Privacy Policy

1. Introduction

Welcome to Rehook ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media analytics platform at rehook.me (the "Service"). By using the Service you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

• Registration data: Email address, name, and password when you create a Rehook account.
• Authentication tokens: Session tokens managed by Supabase Auth.

2.2 TikTok Data

When you connect a TikTok account via OAuth, we request and store the following data solely to provide the analytics features of the Service:

• Profile information: Display name, profile picture URL, follower count, following count, like count, and video count.
• Video data: Video titles, cover images, share URLs, view counts, like counts, comment counts, share counts, and publication dates.
• Access tokens: OAuth access token and refresh token, stored encrypted, used only to retrieve your data from TikTok on your behalf.

We do not post, publish, or modify any TikTok content on your behalf. We do not share TikTok data with third parties. You can disconnect your TikTok account at any time from your account settings, which immediately revokes our access and deletes stored tokens.

2.3 Instagram / Meta Data

When you connect an Instagram Business or Creator account via the Instagram API with Instagram Login, we request and store the following data solely to provide analytics features:

• Profile information: Instagram username, display name, profile picture URL, follower count, following count, and media count.
• Media data: Media IDs, captions, media type, permalink URLs, thumbnail images, publish timestamps, like counts, and comment counts.
• Insights data: Per-media metrics including views, reach, shares, and saves — retrieved via the Instagram Graph API.
• Access tokens: Long-lived Instagram access token (valid 60 days, refreshed automatically), stored encrypted and used only to retrieve your data.

We use the permissions instagram_business_basic and instagram_business_manage_insights exclusively to read analytics data. We do not publish, edit, delete, or otherwise modify your Instagram content. We do not share Instagram data with third parties. You can disconnect your Instagram account at any time from your account settings.

2.4 Usage and Technical Data

• Usage data: Features accessed, pages viewed, and interactions within the Service.
• Log data: IP address, browser type, operating system, and access timestamps.

3. How We Use Your Information

We use the information we collect exclusively to:

• Display analytics dashboards showing your content performance across connected platforms
• Synchronise your profile statistics and video metrics on demand
• Refresh OAuth tokens to maintain uninterrupted access to your data
• Send technical notices, security alerts, and support messages
• Detect, prevent, and address technical issues
• Comply with applicable legal obligations

We do not sell, rent, or share your personal data or social media data with advertisers, data brokers, or any third parties for commercial purposes.

4. Data Storage and Security

Your data is stored on Supabase infrastructure (PostgreSQL), which provides enterprise-grade security including encryption at rest and in transit. We implement the following measures:

• TLS encryption for all data in transit
• Encryption at rest for all stored credentials and tokens
• Row-level security policies ensuring users can only access their own data
• Access controls limiting internal access to authorised personnel only

5. Third-Party Services

The Service integrates with the following platforms. Each has its own privacy policy:

• Supabase — authentication, database, and storage (supabase.com/privacy)
• TikTok — social platform data access (tiktok.com/legal/privacy-policy)
• Meta / Instagram — social platform data access via Instagram Graph API (facebook.com/privacy/policy)
• Vercel — hosting and edge network (vercel.com/legal/privacy-policy)

6. Your Rights and Controls

You have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and all associated data, including synced social media data. Contact us at privacy@rehook.me or use the account deletion option in settings.
• Disconnect social accounts: Revoke access to TikTok or Instagram at any time from your dashboard. This deletes stored tokens and stops future syncing.
• Portability: Request an export of your data in a machine-readable format.
• Objection: Object to processing of your personal data where we rely on legitimate interests.

For EU/EEA residents, you also have rights under the GDPR. To exercise any of these rights, contact us at privacy@rehook.me. We will respond within 30 days.

7. Data Deletion

You may request deletion of all your data at any time by:

• Emailing privacy@rehook.me with subject line "Data Deletion Request"
• Using the account deletion feature in your dashboard settings

Upon receiving a valid request, we will delete your account, all synced social media data, OAuth tokens, and usage history within 30 days. Backups are purged within 90 days.

To also revoke Rehook's access at the platform level: for Instagram, visit instagram.com/accounts/manage_access; for TikTok, visit TikTok Settings → Security → Authorized Apps.

8. Data Retention

We retain your data for as long as your account is active. If you disconnect a social account, its synced data is deleted immediately. If you close your account, all data is deleted within 30 days. We do not retain social media data beyond what is necessary to provide the analytics Service.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@rehook.me and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service, and by updating the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For questions, data requests, or concerns about this Privacy Policy, contact us at:

Email: privacy@rehook.me

Response time: Within 30 days for data requests