Tinilik← Back to home

Privacy Policy

Last updated: May 14, 2026

1. Introduction

Tinilik ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our social media scheduling platform. By using Tinilik, you agree to the practices described in this policy.

2. Information We Collect

We collect the following types of information:

Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

Social Media Account Tokens

When you connect a social media account (Facebook, Instagram, TikTok, YouTube, Twitter/X, Threads), we store the OAuth access tokens and refresh tokens provided by those platforms. These tokens are used solely to perform scheduling and publishing actions on your behalf.

Content Data

We store the content you create through our Service, including post captions, titles, links, scheduled times, and media files you upload. Media files are stored temporarily in our cloud storage and are deleted automatically after a post is published or after 30 days for drafts.

Usage Data

We may collect basic usage information such as pages visited and features used to improve the Service. We do not use third-party analytics services.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your account and maintain your session
  • Publish and schedule social media posts on your behalf
  • Refresh access tokens to maintain platform connections
  • Store and serve your uploaded media during the scheduling process
  • Send transactional emails if needed (e.g., password reset)
  • Improve and maintain the Service

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Your data is only shared with:

  • Social media platforms — when we publish content on your behalf using the permissions you granted
  • Supabase — our database and file storage provider, hosted on AWS (ap-southeast-1)
  • Vercel — our hosting provider that runs the application

All third-party providers are bound by their own privacy policies and data processing agreements.

5. Data Retention

We retain your data as follows:

  • Account data: retained until you delete your account
  • Published post records: retained indefinitely for your history
  • Media files: deleted immediately after publishing; draft media deleted after 30 days
  • Social media access tokens: retained while the account connection is active, deleted when you disconnect an account

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), hashed passwords using bcrypt, and restricted access to production databases. However, no method of transmission over the Internet is 100% secure.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect any connected social media account at any time

To exercise these rights, contact us at dimassetiaji30@gmail.com.

8. Third-Party Platform Data

Data obtained from third-party social media platforms (such as account names, profile pictures, and page IDs) is used exclusively to identify and manage your connected accounts within Tinilik. This data is governed by the respective platform's privacy policy and is not used for advertising, profiling, or any purpose other than enabling the scheduling functionality.

9. Cookies and Sessions

Tinilik uses session cookies to maintain your authenticated state. These are strictly necessary for the Service to function and do not track you for advertising purposes. We do not use any third-party tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at dimassetiaji30@gmail.com.