Privacy Policy
Effective date: 21 June 2026 · Last updated: 21 June 2026
This Privacy Policy explains how the Yoyo El Patron Publisher (“the Service”, “we”, “us”) collects, uses, stores and protects information when it is used to publish the music artist Yoyo El Patron’s own videos to the artist’s own TikTok account through TikTok’s official APIs. We are committed to data minimisation: we request only what is strictly needed to publish content you explicitly choose.
1. Data Controller & contact
The Service is operated on behalf of the Yoyo El Patron music project. For any privacy request (access, correction, deletion, objection), contact: yohan.aboujdid@gmail.com. We respond within 30 days.
2. Information we access
Only with the account holder’s explicit authorization through TikTok Login Kit (OAuth 2.0), and limited to these scopes:
user.info.basic— the account’s open ID, avatar and display name. Used solely to display which TikTok account a video will be posted to, so the user can confirm before publishing.video.publish— used only when the user clicks “Publish”, to post a single video that the user selected, to that same authorized account.
We do not request user.info.profile, user.info.stats,
video.list, or video.upload. We do not read your followers, your
statistics, your private messages, or your existing videos.
3. How we use the information
Exclusively to provide the publishing feature you request: identify the connected account, render the compliant “Post to TikTok” page (caption, privacy level, interaction settings, disclosures), and submit the post you confirm. We do not use your data for advertising, profiling, analytics resale, or any purpose unrelated to publishing.
4. Storage & retention
- The TikTok access token is kept only in a temporary, HttpOnly, Secure session cookie in your browser, for the lifetime of the token, to perform the actions you request. It is transmitted to TikTok’s API over HTTPS and is not stored in any database by us.
- We do not store your videos. A video you publish is transferred to TikTok via the official API and handled thereafter by TikTok.
- The session ends and the token is cleared when you click Log out, when the token expires, or when you close your browser session.
5. Cookies
We use strictly necessary cookies only: a CSRF state cookie during login and a
session cookie holding the access token. No advertising or tracking cookies.
6. Sharing & disclosure
We do not sell, rent, or share your personal data with third parties. Data is shared only with TikTok (as the destination platform, to perform the publication you request) and our hosting provider Netlify (to serve the application). We may disclose information if required by law.
7. International transfers
Because the Service integrates with TikTok and is hosted on Netlify, data may be processed outside your country. Such transfers rely on the providers’ own safeguards (e.g., Standard Contractual Clauses where applicable).
8. Your rights (GDPR & similar laws)
You have the right to access, rectify, erase, restrict, and object to the processing of your personal data, and to data portability. You can:
- Disconnect from the Service at any time (“Log out”), which clears the session.
- Revoke the app’s access from your TikTok account: Settings → Security & permissions → Manage app permissions.
- Email yohan.aboujdid@gmail.com to exercise any right, or lodge a complaint with your local data protection authority (e.g., the CNIL in France).
9. Security
All traffic is served over HTTPS. Tokens are held in HttpOnly, Secure cookies and never exposed to page scripts. The client secret is stored only as a protected server environment variable and is never sent to the browser.
10. Children
The Service is not directed to children. The connected account holder must meet TikTok’s minimum age requirements.
11. Changes to this policy
We may update this Policy; the “Last updated” date will change accordingly. Continued use after an update constitutes acceptance.
12. Contact
Questions or requests: yohan.aboujdid@gmail.com.