Privacy Policy
Last updated: June 2026
This Privacy Policy describes how EditOffice, operated by [LEGAL OPERATOR NAME] ("we", "us", "our"), collects, uses, and stores information when you use our platform at editoffice.co.
If you have questions about this policy, contact us at [email protected].
What we collect
We collect the following information:
- Account data — your name and email address, provided by Google when you sign in with Google OAuth.
- Profile data — TikTok handles you link, follower counts fetched during verification, and your verification status.
- Application data — information you submit when applying for roster access: your handle, contact email, platform, edit link, and any notes you provide.
- Campaign data — information you submit when booking a campaign brief: track name, streaming link, mood description, budget range, and contact email.
- Usage data — standard server and network logs may be retained by our infrastructure provider (Supabase).
How we use your data
- To provide platform features: account access, TikTok verification, roster management, campaign brief dispatch, and payout tracking.
- To contact you about your application, active campaigns, or payout status.
- To review roster applications and campaign briefs manually before they are processed.
- To maintain the integrity of the editor roster by verifying TikTok account ownership.
We do not sell your data. We do not use your data for advertising.
TikTok profile scan
When you initiate TikTok verification, our server-side function fetches your public TikTok profile page to check whether a verification code is present in your bio. This is a one-time read-only operation per verification attempt. We store only the result (handle, follower count, verified status) — not the full profile content.
TikTok's terms of service and privacy policy govern how TikTok handles your public profile data.
Storage and infrastructure
Your data is stored in Supabase, a cloud database provider. Supabase stores data in the EU (Frankfurt) region by default. Row-level security is enabled: each user can only access their own data.
We do not use cookies beyond those required by our authentication provider (Google OAuth session tokens stored in browser localStorage).
Data retention
Your account data is retained as long as your account exists. You may request deletion by emailing [email protected]. Submitted applications and campaign briefs may be retained for administrative purposes after deletion.
Your rights
Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact [email protected].
If you are located in the European Economic Area (EEA), you may have additional rights under GDPR. We process your data based on the legitimate interest of operating the platform and, where applicable, on your consent at sign-in.
Changes to this policy
We may update this policy. Continued use of the platform after changes constitutes acceptance of the updated policy. Material changes will be communicated via email where possible.