A
WiivySign in

Privacy Policy

Effective date: 22 May 2026

Wiivy (“we”, “us”) is an AI social media management platform that helps you generate short-form videos and publish them to social accounts you own and connect. This policy explains, in plain language, what data we collect, why we collect it, how we use it, how long we keep it, and the rights you have over it.

We do not sell your personal data. We do not use your connected social-account data for advertising. We only publish content to a connected account when you explicitly tell us to.

1. What we collect

  • Account information — your name, email address, avatar (if provided by your sign-in provider), and a securely hashed password for password sign-in.
  • Authentication & session data — sign-in sessions, two-factor codes, and security event logs used to keep your account safe.
  • Connected social-account data — when you connect a Facebook Page, Instagram Business account, TikTok account, or YouTube channel we store the platform’s account/page id, public display name, username, avatar, and the OAuth tokens (access & refresh, where applicable) required to publish on your behalf. For TikTok specifically, this covers the basic profile data returned by the user.info.basic scope (open id, display name, avatar URL) plus the access/refresh tokens granted by the video.publish and video.upload scopes.
  • Content you create — the prompts, scripts, captions, hashtags, generated videos, generated images, and brand profile information associated with your projects.
  • Publishing & scheduling data — the platform you targeted, the scheduled time, the publish status, and the platform-issued post id returned after publishing.
  • Billing information — handled by Stripe (we do not store full payment card details on our servers); we keep customer ids, plan, subscription status, and invoice/event ids.
  • Usage and technical logs — IP address, user agent, request paths, error traces, and timing data used to operate, secure, and improve the service.

2. How we use your data

  • To authenticate you and keep your account secure.
  • To connect, refresh, and disconnect the social accounts you choose, and to publish or schedule content only when you explicitly request it.
  • To generate AI content from your prompts using third-party providers (see §4), and to store the resulting content in your library.
  • To show publishing history, status, and basic post-level analytics so you can see what ran.
  • To process subscription payments via Stripe and provide billing receipts.
  • To detect, investigate, and prevent abuse, fraud, and policy violations.
  • To improve product quality, reliability, and security.
  • To send transactional emails (account, billing, password reset, security alerts).

3. How TikTok data is used

When you connect a TikTok account, the data we receive from TikTok via OAuth is used only to provide the TikTok integration you requested:

  • Display your TikTok profile (name, username, avatar) in your Social Accounts list.
  • Publish or upload videos to your TikTok account through the Content Posting API only when you click publish or schedule from a project in Wiivy.
  • Refresh access tokens automatically so scheduled posts can run at their scheduled time.

We do not:

  • Sell TikTok data or share it with advertisers or data brokers.
  • Use TikTok data to train AI models.
  • Publish to your TikTok account without your explicit action inside Wiivy.
  • Claim affiliation with TikTok or any other social platform.

TikTok is a third-party platform with its own privacy policy and terms of service that govern your TikTok account independently of Wiivy.

4. Third-party services we use

To deliver the service we rely on the following processors:

  • Hosting & infrastructure — DigitalOcean (compute, networking) and Cloudflare R2 (asset storage).
  • Database — managed PostgreSQL.
  • Authentication — Google OAuth (for sign-in) and our own NextAuth session layer.
  • AI providers — OpenAI (text generation, captions, tone suggestions) and kie.ai (video generation). Prompts and generated outputs are transmitted to these providers in order to produce the content you requested.
  • Email — Resend (transactional email delivery).
  • Payments — Stripe (subscription & billing).
  • Social platforms — Facebook Graph API, Instagram Graph API, TikTok Login Kit + Content Posting API, YouTube Data API. Used only to publish on your behalf when you take an action inside Wiivy.
  • Error monitoring — Sentry (optional, for operational health).

Each processor handles your data under its own privacy policy. We choose processors with standard contractual protections in place.

5. How long we keep your data

  • Connected social-account data (including OAuth access & refresh tokens) is kept until you disconnect the account, you delete your Wiivy account, or the third-party platform notifies us of a deauthorization or data-deletion event.
  • Account, content, and publishing history is kept for the life of your account. After account cancellation we retain it as required by law and our data-retention policy to support reactivation and dispute resolution, after which it is deleted.
  • Billing records are retained as required by tax and accounting regulations (typically up to 7 years).
  • Logs and security events are retained as required by law and our data-retention policy unless required longer for abuse investigations or legal compliance.

6. Your rights and controls

  • Disconnect at any time — open Social Accounts in the dashboard and click Disconnect on any connected account. We revoke the stored tokens and stop publishing on your behalf. You can also remove Wiivy from the connected platform’s own settings.
  • Access & export — email us at support@wiivy.com to receive a copy of the data we hold about you.
  • Correct or update — edit profile or brand information from the dashboard.
  • Delete — request account deletion via the Data Deletion page, or by emailing us. We will erase your personal data within 30 days, subject to legal retention obligations.
  • Opt out of marketing — transactional emails cannot be turned off while you have an active account, but marketing emails (if any) include an unsubscribe link.

7. Security

We use industry-standard safeguards including HTTPS in transit, encrypted storage of OAuth tokens at rest, password hashing, rate limiting, and least-privilege access controls. No system is perfectly secure; please notify us immediately if you suspect a breach of your account.

8. International transfers

Your data may be processed in countries other than the one in which you live. When that happens, we rely on standard contractual safeguards with our processors to keep your data protected.

9. Children

Wiivy is not directed at children under the minimum age permitted in your jurisdiction (16 in most regions). If you believe a child has provided us personal information, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or in-product. The “Effective date” above always reflects the latest version.

11. Contact

Questions about this policy or about your data? Email us at support@wiivy.com.