Privacy Policy, SignoLabs Social Media Manager (TikTok App)

Organization: SignoLabs

Application: SignoLabs

Platform: TikTok (Internal Business App)

Effective Date: May 18, 2026

Last Updated: May 18, 2026

1. Overview

This Privacy Policy describes how SignoLabs ("we," "us," or "the Company") collects, processes, stores, and protects data in connection with the SignoLabs Social Media Manager TikTok application ("the App"). The App is operated exclusively for internal business purposes and is accessible only to authorized SignoLabs employees and designated internal users.

By accessing or using the App, you acknowledge that you have read and understood this policy and agree to comply with its terms.

2. Purpose of the App

SignoLabs Social Media Manager is an internal tool that integrates with TikTok's developer platform to support the Company's social media operations. Its intended functions include, but are not limited to:

• Managing and scheduling TikTok content on behalf of SignoLabs-owned accounts

• Accessing analytics and performance data for Company TikTok profiles

• Coordinating content review and approval workflows internally

• Enabling authorized team members to publish, edit, or monitor TikTok posts and comments

This App is not a consumer-facing product. It is restricted to internal use only and is not made available to the general public, clients, or any third parties outside of SignoLabs.

3. Scope and Applicability

This policy applies to:

• All SignoLabs employees who are granted access to the App

• Contractors or agency partners explicitly authorized in writing by SignoLabs management

• Any data processed through the App in connection with SignoLabs' TikTok accounts

• It does not apply to data handled by third-party platforms (such as TikTok) outside the scope of this App's direct operations. Users should also consult TikTok's own platform policies where applicable.

4. Data Collected and Accessed

The App may collect, access, or process the following categories of data depending on operational needs:

4.1 TikTok Account & Profile Data

- SignoLabs' TikTok business account identifiers and profile information

- Connected account credentials managed through TikTok's authorized API

4.2 Content Data

- Posts, videos, captions, hashtags, and media assets created or scheduled through the App

- Draft and published content associated with SignoLabs' TikTok profiles

4.3 Analytics & Performance Data

- Engagement metrics (views, likes, comments, shares, follower data) from SignoLabs-owned TikTok accounts

- Audience demographic data at an aggregated level as provided by TikTok's API

4.4 Internal User Data

- Employee name and SignoLabs email address for account authentication and access control

- User activity logs within the App (e.g., logins, content edits, approvals, publishing actions)

- IP addresses and device/browser information for security monitoring

4.5 Communications & Workflow Data

- Internal notes, comments, or annotations added during content review and approval processes

- Notifications and activity history related to App usage

The App does not collect, access, or process personal data of TikTok's end users or the general public.

5. How Data Is Used

All data accessed or collected through the App is used solely for legitimate internal business purposes, including:

- Content management: Creating, editing, scheduling, and publishing TikTok content on behalf of SignoLabs

- Performance monitoring: Reviewing analytics to inform social media strategy

- Access control: Verifying that only authorized employees can use the App

- Security and auditing: Maintaining logs to detect unauthorized access, misuse, or security incidents

- Compliance: Meeting applicable legal, regulatory, or platform policy obligations

Data is never used for personal profiling of employees beyond what is necessary for access control and security, and is never sold, rented, or shared with third parties for commercial purposes.

6. Who Can Access the Data

Access to the App and its data is restricted on a need-to-know basis.

No individual outside of SignoLabs will be granted access without written authorization from an appropriate manager and the IT/Security team. All access is logged and subject to periodic review.

7. Data Retention

Data retained by the App is subject to the following guidelines:

- Content and publishing records are retained for a minimum of 12 months to support performance analysis and compliance review.

- User activity logs are retained for 90 days for security monitoring purposes, unless an active investigation requires longer retention.

- Access records (logins, permission changes) are retained for 12 months.

- Upon termination of an employee's access or employment, their App credentials are revoked within 24 hours and associated personal data is removed or anonymized within 30 days, unless retention is required for legal or audit purposes.

Data that is no longer required for its original purpose will be securely deleted or anonymized in accordance with Company data governance policies.

8. Security Practices

SignoLabs takes reasonable and appropriate technical and organizational measures to protect data processed through the App:

- Access controls: Role-based permissions with individual user authentication via SignoLabs' identity management system

- Encryption: Data transmitted between the App and TikTok's API is encrypted in transit using industry-standard protocols (TLS)

- Audit logging: All user actions within the App are logged and periodically reviewed

- API credential security: TikTok API tokens and credentials are stored securely and rotated on a defined schedule; they are never shared via email or messaging platforms

- Vulnerability management: The App is subject to periodic security reviews and updates to address known vulnerabilities

- Incident response: Any suspected security incident must be reported immediately per the Company's Incident Response Policy

No security measure is guaranteed to be absolute. Users are expected to follow all Company information security policies while using the App.

9. Internal-Use Limitations

The App is strictly limited to internal SignoLabs business use. The following are expressly prohibited:

- Using the App to access, manage, or post to any TikTok account other than officially designated SignoLabs accounts

- Sharing App credentials, access tokens, or login details with any unauthorized individual inside or outside the Company

- Downloading, exporting, or distributing data accessed through the App beyond what is required for an authorized business task

- Using the App for personal social media management or any purpose unrelated to SignoLabs' business objectives

- Circumventing access controls or attempting to elevate permissions without authorization

Violations of these limitations may result in disciplinary action up to and including termination, and may be referred to legal counsel if applicable.

10. User Responsibilities

All authorized users of the App are responsible for:

- Using the App only for its stated business purposes

- Keeping their login credentials confidential and not sharing them with others

- Reporting suspected unauthorized access, data exposure, or security incidents promptly

- Complying with this Privacy Policy, the Company's general IT and data security policies, and TikTok's platform terms of service

- Notifying the IT team immediately upon role change, departure, or if they believe their credentials have been compromised

11. Third-Party Platform Policies

The App operates through TikTok's developer API and is subject to TikTok's own Platform Terms of Service and Privacy Policy in addition to this internal policy. SignoLabs does not control TikTok's data practices and is not responsible for how TikTok processes data on its own platform. Users should familiarize themselves with TikTok's relevant policies as they relate to business account usage.

12. Changes to This Policy

SignoLabs reserves the right to update this Privacy Policy at any time. Material changes will be communicated to all authorized App users via their SignoLabs email address with a minimum of 10 business days notice before the updated policy takes effect. Continued use of the App following the notice period constitutes acceptance of the revised policy.

13. Contact and Escalation

For questions, concerns, or to report a potential policy violation or security incident related to this App, contact:

Primary Contact, IT & Security

📧 info@signolabs.com

Escalation, Management / Compliance

📧 info@signolabs.com

All reports will be acknowledged within 2 business days. Security incidents should additionally be reported through the Company's formal Incident Response process as outlined in the IT Security Policy.