Privacy Policy

Last updated: 15 June 2026

1. What we collect

When you sign in with TikTok we receive and store:

• Your TikTok open_id (a stable identifier)
• Your display name and avatar URL
• An access token and refresh token, used only to post videos on your behalf

When you add a YouTube channel, we store the channel ID and the last video ID we processed, so we don't repost duplicates.

2. What we don't collect

We do not collect your TikTok password, private messages, followers, or any data beyond what is listed above. We do not use third-party analytics or advertising trackers.

3. How we use it

Your tokens are used solely to authenticate posting requests to TikTok's Content Posting API on your behalf. We never sell, share, or transfer your data to third parties.

4. Where it's stored

Data is stored in a managed Postgres database (Supabase, EU region). Access tokens are stored encrypted at rest.

5. Retention

Your data is kept for as long as your account is active. If you disconnect or delete your account, all credentials and channel records are deleted within 30 days.

6. Your rights

Under UK/EU GDPR you have the right to access, correct, or delete your data. Email hello@getcrosspost.com and we will respond within 30 days.

7. Cookies

CrossPost uses only essential cookies needed to keep you signed in. No tracking or advertising cookies are used.

8. Contact

Privacy questions: hello@getcrosspost.com