Back to dashboard
ZenbxZenbx

TikTok Data Usage

Effective date: April 30, 2026

This page describes exactly what Zenbx does with the data we receive when you connect your TikTok account. It supplements the main Privacy Policy and is referenced from our TikTok developer review.

TikTok API Data Disclosure

Zenbx's use of information received from TikTok APIs adheres to the TikTok Developer Terms of Service. We access TikTok data solely to power identity verification and brand-deal rate suggestions for the connected creator. We do not sell TikTok data, do not share it with advertisers, and do not allow human review of TikTok-derived data except for security, compliance, or at your explicit request.

1. Overview

Zenbx is an AI inbox assistant for content creators. When you connect your TikTok account via TikTok Login Kit, we use a small set of read-only TikTok APIs to verify your creator identity and to suggest fair brand-deal rates based on your audience size and engagement. The integration is read-only — we cannot post, comment, send DMs, or modify anything on your TikTok account.

We request four scopes during the OAuth consent flow: user.info.basic, user.info.profile, user.info.stats, and video.list. Each scope and how we use the data it provides is detailed below.

2. Scopes, Data, and Use

The following four scope blocks list, for each TikTok permission we request, what TikTok grants under that scope, the specific fields we receive and store, and how Zenbx uses that data inside the product.

Account identity

user.info.basic

What this grants. A stable, opaque account identifier and the creator's TikTok username.

Fields we receive and store.

  • open_id
  • username

How Zenbx uses it. Used to identify which TikTok account is connected to your Zenbx account, and to inject your verified TikTok handle into our AI brand-deal classifier so emails referencing your handle by name receive a trust boost. This prevents impersonators from spoofing brand outreach.

Profile display

user.info.profile

What this grants. Public profile fields used to render your creator card inside Zenbx.

Fields we receive and store.

  • display_name
  • avatar_url
  • bio_description
  • is_verified
  • profile_deep_link

How Zenbx uses it. Displayed on your profile inside Zenbx (avatar, display name, bio, verified badge, link back to your TikTok). The verified flag also applies a 10% premium to the rate model's brand-deal suggestions, since verified creators command higher fees in-market.

Aggregate audience metrics

user.info.stats

What this grants. Public, aggregate counts about your TikTok account.

Fields we receive and store.

  • follower_count
  • following_count
  • likes_count
  • video_count

How Zenbx uses it. Shown on your Zenbx profile as proof points when negotiating with brands. Follower count is a primary input to the rate model — larger audiences command higher per-post pricing in standard creator-economy benchmarks.

Per-video performance

video.list

What this grants. A read-only list of your most recent TikTok videos with per-video view, like, comment, and share counts.

Fields we receive and store.

  • video.list (sample, up to ~300 most recent)
  • avg_view_count (computed)
  • engagement_rate (computed)
  • videos_sampled (count)

How Zenbx uses it. We sample up to ~300 of your most recent videos and compute average views and engagement rate (likes + comments + shares ÷ views). These two metrics are the strongest predictors of fair sponsorship pricing and cannot be derived from user.info.stats alone — they are primary inputs to our rate suggestion feature. We do not store individual video metadata; only the computed aggregates.

3. Storage and Security

Tokens. OAuth access and refresh tokens received from TikTok are stored encrypted at rest in our database (Supabase / AWS us-east-1) and are never exposed to client-side code. They are used only by server-side routes to call TikTok APIs on your behalf.

Profile and stats data. The fields listed above are stored in JSONB columns on your account record so we can render your profile and rate suggestions without re-fetching on every page load. Aggregates from video.list are stored as numeric summaries; we do not retain per-video metadata.

Access controls.Row-level security on our database limits every query to the authenticated user's own data. Service-role access is restricted to server-side trusted operations (OAuth callbacks, scheduled syncs).

4. What Zenbx Does Not Do

  • We do not post, comment, message, or otherwise write to your TikTok account.
  • We do not share TikTok-derived data with advertisers or third-party brokers.
  • We do not use TikTok data to train AI models that serve other Zenbx users.
  • We do not retain raw per-video metadata beyond the aggregates listed above.
  • We do not allow human review of TikTok-derived data except for security incidents, compliance investigations, or at your explicit written request.

5. Disconnecting and Data Deletion

You can disconnect your TikTok account at any time from Settings → Connected Accounts → TikTok → Disconnect. Disconnection takes effect immediately:

  • Your stored OAuth tokens are nulled out.
  • The connection is marked inactive and our scheduled syncs stop calling TikTok APIs for your account.
  • The cached profile fields and aggregate stats are retained on your account row in inactive state, so reconnecting the same TikTok later restores your history. They are deleted when you delete your Zenbx account.

You can also revoke Zenbx's access from TikTok's app management page. If you revoke from TikTok's side, our next API call will fail and the connection will be marked inactive automatically.

6. Contact

Questions about this disclosure or about how Zenbx handles TikTok data: email privacy@zenbx.com.

This page is part of Zenbx's Privacy Policy.