Privacy Policy
Last updated: February 12, 2026
1. Introduction
TokoMetrics ("we", "our", or "us") operates TokoMetrics (the "Service"), a business analytics and management dashboard for TikTok Shop merchants. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service.
By using TokoMetrics, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not use our Service.
2. Information We Collect
2.1 Account Information
When you register for TokoMetrics, we collect:
- Name and email address
- Password (stored as an irreversible cryptographic hash — we never store plain-text passwords)
- Account preferences and settings
2.2 TikTok Shop Data (via TikTok Shop API)
When you connect your TikTok Shop account, we access the following data solely on your behalf and with your explicit authorization through TikTok's official OAuth flow:
| Data Category | API Scope | Purpose |
|---|---|---|
| Shop profile & settings | shop.base.read | Display shop name, status, currency |
| Order data (IDs, amounts, status) | order.base.read | Order analytics and reporting |
| Product listings & inventory | product.base.read | Product performance ranking |
| Revenue and financial metrics | finance.data.read | Revenue tracking and target monitoring |
⚠️ We request read-only permissions only. TokoMetrics never modifies, deletes, or writes data to your TikTok Shop account.
2.3 Usage Data
We automatically collect certain technical information when you use the Service:
- IP address, browser type, and operating system
- Pages visited, features used, and time spent on each page
- Device identifiers and session tokens
2.4 Cookies and Tracking Technologies
We use strictly necessary cookies for authentication sessions. We do not use advertising cookies or tracking pixels.
3. How We Use Your Information
We use the collected information exclusively to:
- Provide, operate, and maintain the TokoMetrics dashboard
- Display analytics, performance metrics, and reports within your account
- Authenticate your identity and maintain secure sessions
- Send transactional emails (password reset, security alerts)
- Detect and prevent fraudulent or unauthorized access
- Comply with legal obligations
- Improve the reliability and performance of the Service
We do not: sell, rent, trade, or share your personal data or TikTok Shop data with third parties for marketing or advertising purposes.
4. TikTok Data Usage Policy
TokoMetrics accesses TikTok Shop data strictly in accordance with TikTok Shop Partner Program Terms and the TikTok Shop API Developer Agreement.
- TikTok Shop data is only used to provide features you requested within TokoMetrics
- TikTok Shop data is never transferred to third-party services except as required for core Service functionality
- We do not use TikTok data to build user profiles for advertising
- We do not combine TikTok data with data from other sources to infer sensitive information
- Access tokens are stored encrypted and refreshed via TikTok's OAuth refresh flow
- You can revoke TokoMetrics's access to your TikTok Shop at any time via TikTok's authorization settings
5. Data Storage and Security
Your data is stored on secured servers with industry-standard protections including:
- TLS/HTTPS encryption for all data in transit
- AES-256 encryption for sensitive data at rest (access tokens, credentials)
- Bcrypt hashing for all passwords
- Regular security audits and vulnerability assessments
- Strict access controls — only authorized personnel can access production systems
6. Data Retention
- Account data: Retained for the duration of your account, deleted within 30 days of account deletion
- TikTok Shop data: Retained for analytics history (up to 2 years), or until you disconnect your shop or delete your account
- Usage logs: Retained for 90 days for security and debugging purposes
- OAuth tokens: Deleted immediately upon shop disconnection or account deletion
7. Data Sharing and Disclosure
We do not sell your personal data. We may share data only in the following limited circumstances:
- Service Providers: We may use trusted third-party companies to operate our infrastructure (e.g., cloud hosting, email delivery)
- Legal Requirements: We may disclose your information if required by law, court order, or governmental authority
- Business Transfers: In the event of a merger, acquisition, or sale of assets, we will notify you before your data is transferred
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Request your data in a structured, machine-readable format
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, email us at privacy@tokometrics.com. We will respond within 30 days.
9. Children's Privacy
TokoMetrics is intended exclusively for use by business merchants aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18.
10. International Data Transfers
Your information may be transferred to and maintained on servers located outside of your country. By using TokoMetrics, you consent to this transfer. We implement appropriate safeguards to protect your data during such transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a prominent notice on our website and/or sending an email to the address associated with your account.
12. Contact Us
If you have any questions regarding this Privacy Policy, please contact us: