Privacy Policy
This Privacy Policy describes how Etica Pro CRM ("Etica Pro CRM", "we", "us", "our"), operated by Etica Production from Dubai, United Arab Emirates, at https://crm.eticaproduction.com, collects, uses, stores, and protects personal data when you use the Etica Pro CRM service (the "Service"). This Policy covers data received directly from you, generated by your use of Etica Pro CRM, and obtained from third-party platforms you connect to Etica Pro CRM such as TikTok.
1. Who this Policy covers
Etica Pro CRM serves three categories of user, each with a different relationship to the data we process:
- Agency administrators and staff — employees of a creator agency that subscribes to Etica Pro CRM. They sign in with email and password to manage their roster of creators inside Etica Pro CRM.
- Connected creators — TikTok creators who, at the request of an agency that uses Etica Pro CRM, connect their own TikTok account to Etica Pro CRM via the official TikTok Login Kit. They are external end-users of Etica Pro CRM; they are not Etica employees.
- Site visitors — anyone visiting the Etica Pro CRM marketing or login pages without an account.
2. Information we collect
2.1 Account information (agency administrators)
When an agency administrator registers an Etica Pro CRM account, we collect their name, email address, password (stored only as a salted bcrypt hash — Etica Pro CRM never stores plaintext passwords), and the agency tenant they belong to.
2.2 Customer-managed records
Information that agency administrators create inside Etica Pro CRM about their roster: creators, companies, deals, tasks, activities, missions, broadcasts, and similar records. This data belongs to the subscribing agency and is processed by Etica Pro CRM on their behalf as the data processor.
2.3 TikTok data and other connected third-party platforms
When a connected creator authorizes Etica Pro CRM through the official TikTok Login Kit (OAuth 2.0 + PKCE), Etica Pro CRM receives and stores the following data, strictly within the OAuth scopes the creator explicitly approves on TikTok's consent screen:
| Field | TikTok scope | Purpose inside Etica Pro CRM |
|---|---|---|
| open_id, union_id, display_name, avatar_url_100 | user.info.basic |
Identify the connected creator account and show the avatar inside Etica Pro CRM. |
| username, bio_description | user.info.profile |
Render the creator profile card inside Etica Pro CRM. |
| follower_count, following_count, likes_count, video_count | user.info.stats |
Populate metric tiles and a follower-trend sparkline inside Etica Pro CRM. |
| video id, title, cover_image_url, embed_link, duration, create_time, view_count, like_count, comment_count, share_count | video.list |
Display the creator's recent public videos and compute an aggregate engagement rate inside Etica Pro CRM. |
| OAuth access token and refresh token | Issued by TikTok at consent | Authenticate subsequent Etica Pro CRM API requests on the creator's behalf. Tokens are AES-256-GCM encrypted at rest. |
| Public TikTok LIVE events (gift events, viewer counts, room timestamps) — only when the agency explicitly enables LIVE tracking for that creator inside Etica Pro CRM | Public LIVE WebSocket | Compute LIVE-stream diamond totals, hours streamed, and viewer averages for the subscribing agency's analytics inside Etica Pro CRM. |
Etica Pro CRM does not request and does not use the
video.upload, video.publish, or any other
write/posting scopes. Etica Pro CRM is read-only with respect to
TikTok content.
2.4 Technical data
Etica Pro CRM logs operational data — request timestamps, IP addresses, user agent strings, and identifiers needed to operate and secure the Service.
3. How Etica Pro CRM uses information
- To operate, maintain, and improve Etica Pro CRM.
- To authenticate users of Etica Pro CRM and protect the Service from abuse.
- To synchronize creator and content data from connected platforms (including TikTok) and present that data inside Etica Pro CRM.
- To compute analytics, leaderboards, and reports for the agency tenant that owns the data inside Etica Pro CRM.
- To communicate with Etica Pro CRM users about their account and security-relevant events.
- To comply with legal obligations applicable to Etica Pro CRM.
Etica Pro CRM does not sell personal data. Etica Pro CRM does not use TikTok-derived data for advertising, for building profiles of TikTok users beyond what is needed to display agency analytics inside Etica Pro CRM, or for training third-party foundation AI models.
4. Legal bases (where GDPR applies)
Where the EU General Data Protection Regulation applies, Etica Pro CRM relies on:
- Contract — to provide Etica Pro CRM to the agency that subscribes.
- Consent — for each TikTok connection, given by the creator on TikTok's consent screen before any data flows into Etica Pro CRM.
- Legitimate interest — to secure Etica Pro CRM, prevent abuse, and improve the Service.
- Legal obligation — when Etica Pro CRM is required to retain or disclose data by law.
5. Sharing and disclosure
Etica Pro CRM shares personal data only with:
- Sub-processors — infrastructure hosting, database, transactional email, and other vendors that process data on behalf of Etica Pro CRM under written agreements limiting use to delivering the Service.
- The subscribing agency — administrators within the same agency tenant can see records created inside their own Etica Pro CRM workspace. They cannot see other tenants' data.
- Authorities — when legally required, with notice to the affected user where permitted.
- Successors — in connection with a merger or acquisition, with continued protection of the data.
Etica Pro CRM does not share TikTok-derived data with any third party for any purpose other than delivering the features the connected creator authorized.
6. International transfers
Etica Pro CRM is operated from the United Arab Emirates. Personal data may be processed in other countries where our sub-processors operate. When Etica Pro CRM transfers personal data internationally, we rely on lawful safeguards such as standard contractual clauses.
7. Data retention
- TikTok-derived data: retained inside Etica Pro CRM only while the TikTok connection is active. On disconnection (see Section 8), Etica Pro CRM deletes the connected-account record, video records, snapshot records, and LIVE session records for that creator within 30 days.
- Customer-managed records (creators, deals, activities, etc.): retained for the duration of the agency's Etica Pro CRM subscription. On account closure, Etica Pro CRM deletes or anonymizes records within 90 days, except where retention is required by law.
- Operational logs: kept up to 180 days for security and debugging by Etica Pro CRM.
- Backups: rotated on a 35-day window.
8. Data deletion process
A connected creator or an agency administrator can delete TikTok-derived data from Etica Pro CRM in any of three ways:
- Self-service inside Etica Pro CRM — open the creator detail page in Etica Pro CRM, click "Disconnect" on the TikTok card, and confirm. Etica Pro CRM immediately calls TikTok to revoke the access token and removes the stored TikTok-derived records.
- Revoke at TikTok — open tiktok.com/setting/connected-apps and remove Etica Pro CRM. Etica Pro CRM detects the revocation on the next sync and deletes the affected records within 30 days.
- Email request — email privacy@etica.app. Etica Pro CRM responds within 30 days.
9. Security
- Data inside Etica Pro CRM is stored in databases under our control. Access is restricted to authenticated server processes on a principle-of-least-privilege basis.
- OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM with a server-side key held by Etica Pro CRM. Plaintext tokens are never returned to the browser and are decrypted in memory only when an outbound API call is made.
- Passwords are stored as bcrypt hashes (cost 12).
- All data inside Etica Pro CRM is segregated by tenant. One agency cannot access another agency's data.
- Network traffic between the client and Etica Pro CRM uses TLS.
- Audit logging of sensitive actions is enabled inside Etica Pro CRM.
10. Your rights
You have the right to:
- Access, correct, or delete personal data Etica Pro CRM holds about you.
- Withdraw consent for any TikTok or third-party connection at any time — disconnecting inside Etica Pro CRM immediately purges the associated data.
- Export the data you uploaded to Etica Pro CRM.
- Lodge a complaint with your local data-protection authority.
To exercise these rights against Etica Pro CRM, contact us at the address below. Etica Pro CRM responds within 30 days.
11. Children
Etica Pro CRM is a B2B SaaS platform intended for use by creator agencies and their staff, not by children. Etica Pro CRM is not directed to children under 16 and does not knowingly collect personal data from children. If you believe a child has provided us data, contact Etica Pro CRM and we will delete it.
12. Cookies and similar technologies
Etica Pro CRM uses strictly necessary cookies and browser local storage to keep signed-in users authenticated (access and refresh tokens) and to remember UI preferences. Etica Pro CRM does not use advertising or cross-site tracking cookies.
13. TikTok-specific notices
- Etica Pro CRM's use of information received from TikTok adheres to the TikTok Developer Policies, including the requirement to use the data only for the purposes the connected creator authorized.
- Etica Pro CRM does not sell, rent, or use TikTok data to serve advertising, build profiles of TikTok users beyond agency analytics inside Etica Pro CRM, or train third-party foundation AI models.
- Etica Pro CRM requests only the read scopes
user.info.basic,user.info.profile,user.info.stats, andvideo.list. Etica Pro CRM does not requestvideo.upload,video.publish, or any write scope. - Users may revoke Etica Pro CRM's access at any time at tiktok.com/setting/connected-apps or from inside Etica Pro CRM. Revocation triggers deletion of all TikTok-derived data Etica Pro CRM stored for that creator within 30 days.
14. Changes to this Policy
Etica Pro CRM may update this Policy from time to time. Material changes will be communicated via Etica Pro CRM or by email at least 14 days before the change takes effect. The "Last updated" date at the top of this Policy reflects the latest revision.
15. Contact
Privacy questions or data-rights requests about Etica Pro CRM:
Primary: privacy@etica.app
Secondary: hello@eticaproduction.com