Privacy Policy

Last updated: 1 May 2026 · Effective immediately

Quick summary. Social Cashback is operated by Tik Joy Inc. We collect only the data we need to deliver the service: your TikTok profile basics, the actions you take in our app, and payment info if you withdraw rewards. We never sell your data. You can disconnect your TikTok account and delete all your data at any time from your dashboard or by emailing privacy@thesocialcashback.com.

1. Who we are

Social Cashback ("Service", "we", "us") is a product operated by Tik Joy Inc ("Controller"), a US-incorporated company. This Privacy Policy explains how we collect, use, share and protect your personal data when you use the Service at www.thesocialcashback.com, the user dashboard at app.tik-joy.com, or any retailer site embedding the Social Cashback widget.

For privacy questions, contact: privacy@thesocialcashback.com.

2. Data we collect

2.1 Data you give us directly

Email address (when you withdraw rewards or contact support)
Payout information (IBAN or PayPal email) when you request a withdrawal
Communications you send us

2.2 Data we receive from TikTok when you connect your account

When you sign in with TikTok via the official TikTok Login Kit, TikTok shares with us — only after your explicit consent — the following data fields, scope by scope:

TikTok scope	Data we receive	Why
`user.info.basic`	Open ID, Union ID, display name, avatar URL	Identify you across logins; show your TikTok handle in the dashboard
`user.info.profile`	Profile deep link, profile web link, bio description, verified status	Display your TikTok profile in your dashboard; verify your identity for premium features
`user.info.stats`	Follower count, following count, likes count, video count	Internal anti-fraud scoring of supporter actions. Never displayed publicly to other users.
`video.list`	List of your own public videos and their engagement counts (likes, comments, views)	Verify that supporters have actually liked or commented on your videos before paying out their reward (delta-check)
`video.upload`	Upload status of drafts you choose to send to your TikTok inbox	Allow you to draft promotional content from Social Cashback and finalize the post inside TikTok
`video.publish`	Publish status of posts you explicitly choose to publish from the dashboard	Allow you to publish promotional content directly to your TikTok profile after on-screen preview

We do not request any scope beyond those listed above. We do not read your private videos, your direct messages, your contacts, or any data of users other than yourself.

2.3 Data generated by your use of the Service

Wallet balance and transaction history (cashback earned, payouts requested)
Engagement actions (clicks on "Like", "Comment", "Share", "Send to TikTok", "Post to TikTok")
IP address, device type, browser, language, timestamps (security & anti-fraud)
Cookies and similar technologies (see §7)

3. How we use your data (purposes & legal bases)

Purpose	Legal basis (GDPR)
Provide the Service: log you in, credit cashback, process payouts	Contract performance (Art. 6(1)(b))
Verify TikTok engagement to attribute rewards correctly	Contract performance (Art. 6(1)(b))
Anti-fraud and abuse prevention (incl. follower-count scoring, IP/device pattern analysis)	Legitimate interest (Art. 6(1)(f))
Comply with anti-money-laundering and tax law (KYC for large payouts)	Legal obligation (Art. 6(1)(c))
Send transactional emails (confirmations, payout notifications, security alerts)	Contract performance
Send marketing emails (only if you opt in)	Consent (Art. 6(1)(a)) — withdrawable any time
Improve and secure the Service (logging, error tracking)	Legitimate interest

4. Sharing your data

We share data only with the following categories of recipients, and only as strictly necessary:

Stripe Inc. — to process payouts via Stripe Global Payouts and to receive payments from retailers (US; GDPR-compliant via SCC)
PayPal Holdings Inc. — alternative payout method (US; SCC)
Neon Inc. (managed PostgreSQL) — to store your account data (EU region by default)
Amazon Web Services Inc. — application hosting (data residency configurable)
SendGrid (Twilio Inc.) — transactional email delivery (US; SCC)
The retailer ("Shop") whose campaign you participate in — receives only your TikTok display name and the proof that you completed the action; never receives your email, payout details, IP or follower count
Law enforcement — only when legally required by a valid order

We never sell your personal data. We never share your data with advertising networks or data brokers.

5. International transfers

Some processors are located outside the EEA/UK. Transfers are protected by Standard Contractual Clauses (SCC) and equivalent safeguards under GDPR Chapter V.

6. Data retention

Active account data: retained while your account is active.
After you disconnect TikTok: all TikTok-derived data (open_id, tokens, video metadata) is deleted from our active database within 24 hours.
After you delete your account: all personal data is deleted within 30 days, except records we must keep for legal compliance (e.g. payout transaction records: 10 years for tax law).
Anonymous aggregate analytics may be retained indefinitely.

7. Cookies

We use only strictly necessary cookies (session token, CSRF, language preference). We do not use third-party advertising or tracking cookies. You can clear cookies in your browser settings without losing your account.

8. Your rights

Under GDPR, UK GDPR, CCPA and equivalent laws, you have the right to:

Access the personal data we hold about you
Rectify inaccurate data
Erase your data ("right to be forgotten") — see /disconnect
Restrict or object to processing
Receive your data in a portable format (JSON export)
Withdraw consent at any time
Lodge a complaint with your data protection authority (in the EU, your local DPA)

To exercise any right: email privacy@thesocialcashback.com from the address on your account, or use the self-service tools at /disconnect. We respond within 30 days.

9. Disconnecting TikTok specifically

You may revoke our access to your TikTok account at any time by visiting /disconnect. When you do this:

We immediately revoke the TikTok access token via the official TikTok revocation endpoint.
We delete from our database all data derived from TikTok (open_id, union_id, profile fields, follower count, cached video list).
You can also revoke our app independently from your TikTok account settings: TikTok app → Settings → Manage account → Apps and websites.

10. Security

We protect your data with industry-standard measures: TLS 1.2+ in transit, encryption at rest, hashed passwords (bcrypt), least-privilege access, audit logging, and regular security review.

11. Children

The Service is not intended for users under the age of 18 (or the higher local digital-consent age where applicable). We do not knowingly collect data from minors. If you believe a minor has used our Service, contact us and we will delete the account.

12. Changes to this policy

We may update this policy. Material changes will be notified by email and/or in-app banner at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

13. Contact

Tik Joy Inc — Controller
Email: privacy@thesocialcashback.com
Postal address: provided on request
For TikTok-specific data deletion requests under TikTok's developer policy, the same contact applies and we respond within the SLA required by TikTok for Developers.