Last updated: [date]
This application is an internal business intelligence and inventory tool operated by [legal entity name] ("Happy Hills Co", "we", "us"). It is used only by our own staff to run the Happy Hills Co business. It is not a consumer product and is not offered to the public. There is no public sign up; accounts are created by an administrator for a small number of trusted employees.
This policy explains what data the application accesses, how we use it, and how we protect it. It covers two groups of people: our staff who use the application, and the buyers whose order information we receive from TikTok Shop in the course of running our store. We are the data controller for this information.
When an administrator connects our TikTok Shop account, the application reads order and product data through the TikTok Shop API and stores a copy in our own database so we can analyze sales and manage stock. Depending on what TikTok makes available, this may include:
We request read access only. We do not write to or modify your TikTok account. Where we store a buyer email, we store it as a one way hash rather than in readable form.
For staff accounts we store a name, an email address, a hashed password, a role, and basic sign in activity such as the last login time. This is used only to operate and secure the application.
We do not sell personal information. We do not use it for advertising. We do not share it with third parties except as described below.
Where applicable law requires a legal basis, we rely on our legitimate interest in operating and analyzing our own business, and on compliance with our obligations as a merchant. [Confirm the correct legal bases for your jurisdiction with counsel.]
We share information only with service providers that host or support the application (for example our hosting and database providers), and only to the extent needed to run it. We may disclose information if required by law or to protect our rights. We do not otherwise share buyer information.
We keep order and inventory data for as long as it is useful for business reporting and as long as required by tax and accounting obligations, after which it is deleted or anonymized. [Confirm specific retention periods with counsel.]
If we disconnect the TikTok Shop integration, we stop pulling new data. On request, or as required by the TikTok Shop developer terms, we will delete the data we have mirrored from TikTok Shop. To request deletion, contact us at [privacy contact email].
Access is limited to authenticated staff with role based permissions. Passwords are hashed, secrets are kept in environment configuration rather than in the code, sessions are protected, and traffic is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect the information we hold.
Depending on where you live, you may have rights to access, correct, or delete personal information we hold about you, or to object to certain processing. To make a request, contact us at [privacy contact email]. We will respond as required by applicable law.
The application is an internal business tool and is not directed to children, and we do not knowingly collect information from children.
We may update this policy from time to time. We will post the updated version here and revise the date above.
Questions about this policy can be sent to [privacy contact email], or by mail to [business mailing address].