Privacy Policy
This Privacy Policy explains how HUAYU DIANA Publisher ("we", "us", "our") collects, uses, stores, and protects your information when you use our video publishing service at https://publisher.huayu.ltd. By registering or using the Service, you agree to the practices described in this policy.
1. Who We Are
HUAYU DIANA Publisher is operated by HUAYU. We provide a web-based service that enables registered users to connect their personal TikTok accounts via TikTok's official OAuth 2.0 interface and publish video content to TikTok asynchronously — with email notification upon completion.
For privacy inquiries, contact us at: privacy@huayu.ltd
2. Information We Collect
2.1 Account Information
- Email address — used for account identification, verification, and notification emails.
- Password — stored as a one-way bcrypt hash. We cannot recover or read your password.
- Email verification status — whether your email address has been confirmed.
2.2 TikTok Account Data
When you authorize HUAYU DIANA Publisher via TikTok's OAuth 2.0 flow, we receive and store:
- TikTok display name and avatar URL — shown in your dashboard for identification.
- TikTok Open ID — a unique, app-specific identifier for your TikTok account (cannot be used to identify you across other apps).
- OAuth access token and refresh token — used solely to publish videos to your TikTok account on your explicit instruction. Tokens are stored server-side and never exposed to other users.
We access only the TikTok API scopes listed in Section 4. We do not access your TikTok followers, direct messages, comments, analytics, or any data beyond what is required for publishing.
2.3 Video Files and Publish History
- Uploaded video files — temporarily stored on our servers during the publishing process. Video files are automatically deleted immediately after a successful publish, or within 48 hours at most.
- Publish history records — we retain metadata about each submission: caption text, submission timestamp, job status (queued / processing / published / failed), and any error messages. Video file content is not retained after publishing.
2.4 Technical Logs
We may collect standard server logs including IP addresses, browser user-agent strings, and request timestamps for security monitoring and debugging purposes. These are not linked to your account profile and are retained for a maximum of 30 days.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Account authentication and session management | Email, password hash |
| Email address verification | Email, verification token |
| Publishing videos to TikTok on your behalf | TikTok tokens, video file, caption |
| Displaying your publish history in the dashboard | Publish history records |
| Sending job completion notifications | Email, job status |
| Sending account deletion confirmation | Email, deletion token |
| Security monitoring and abuse prevention | Server logs |
We do not use your data for advertising, profiling, or any purpose other than operating the Service.
4. TikTok API Scopes We Request
HUAYU DIANA Publisher requests the following TikTok API permissions from users who choose to connect their TikTok account:
| Scope | Why We Need It |
|---|---|
user.info.basic |
To retrieve your TikTok display name and avatar so we can show you which account is connected in your dashboard. We do not use this to access followers, messages, or other profile data. |
video.upload |
To upload the video file to TikTok's servers as the first step of the two-phase Content Posting API process. |
video.publish |
To finalize and publish the uploaded video to your TikTok profile. Publishing only happens when you explicitly submit a job through the Service. |
You can revoke these permissions at any time by disconnecting your TikTok account from the Service or by visiting TikTok's app settings.
5. Data Sharing and Third Parties
We do not sell, rent, or share your personal data with third parties for commercial purposes. Data is disclosed only in the following limited circumstances:
- TikTok, Inc. — your video file, caption, and OAuth tokens are transmitted to TikTok's API servers as necessary to fulfill your publish request. This data is governed by TikTok's Privacy Policy.
- Infrastructure providers — our hosting provider processes data on our behalf under confidentiality obligations. No personal data is transferred to them independently.
- Legal requirements — we may disclose data if required by law, court order, or to protect the rights and safety of users.
6. Data Retention
| Data | Retention Period |
|---|---|
| Video files | Deleted immediately after successful publish, or within 48 hours |
| TikTok OAuth tokens | Retained while your account is active; deleted when you disconnect TikTok or delete your account |
| Publish history records | Retained for up to 1 year, or until account deletion |
| Account data (email, password hash) | Retained while your account is active; permanently deleted upon account deletion request |
| Server logs | Maximum 30 days |
7. Your Rights and Choices
- Access — you can view your publish history and connected TikTok account information in your dashboard.
- Correction — contact us at privacy@huayu.ltd to correct inaccurate information.
- Deletion — you may permanently delete your account and all associated data at any time by visiting our Data Deletion page. Deletion is confirmed via email link and processed immediately. We will also delete your data upon written request within 30 days.
- Revoke TikTok access — you can disconnect your TikTok account from within the Service, or revoke access directly in your TikTok account settings.
- Withdraw consent — you may stop using the Service and request account deletion at any time.
8. Security
- All connections to our Service use HTTPS (TLS encryption).
- Passwords are hashed using bcrypt with an appropriate cost factor and are never stored in plaintext.
- OAuth tokens are stored server-side only and never transmitted to the browser or other users.
- Email verification and account deletion tokens are HMAC-signed with a server-side secret key and expire after a fixed time window.
9. Children's Privacy
HUAYU DIANA Publisher is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us at privacy@huayu.ltd and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email. Continued use of the Service after changes have been posted constitutes your acceptance of the updated policy.
11. Contact Us
For any questions or concerns about this Privacy Policy or your data, please contact:
- Email: privacy@huayu.ltd
- Website: https://publisher.huayu.ltd