1. Overview and scope
LVL1 is a self-contained corporate-satire comic IP and community project, operated by LVL1 itself (no parent company, no separate legal entity). This policy explains what data we handle.
“LVL1 Poster” is LVL1’s internal automation for publishing LVL1-owned video content. It posts only to the single TikTok account that authorizes it — LVL1’s own account. It does not read, collect, or post any other TikTok users’ data, content, or profiles.
2. Data we collect
- TikTok authorization data (the authorizing account only). Via TikTok Login Kit with the user.info.basic scope: an OAuth access token and refresh token, plus basic profile information of the single authorizing account — open id, display name, and avatar. No other TikTok account data is accessed.
- Website server logs. Standard request logs (e.g., IP address, user agent, timestamps) generated when visiting lvl1.io, used for security and operations.
- No advertising or cross-site tracking. We do not run ad networks or behavioural tracking pixels.
3. How we use data
The TikTok authorization data is used solely to publish LVL1’s own videos to LVL1’s own authorizing account via TikTok’s Content Posting API. Server logs are used only to operate and secure the Site. We do not use this data for profiling or advertising.
4. Sharing and disclosure
We do not sell or rent personal data. We do not share it with third parties except service processors that operate our infrastructure (e.g., hosting and cloud providers) strictly to provide the service, and where required by law.
5. Data retention
OAuth tokens are retained only for as long as the integration is authorized and active, and are deleted upon revocation or when no longer needed. Basic profile data is retained only as needed to operate the integration. Server logs are retained for a limited period for security and operational purposes.
6. Your GDPR rights
If you are in the EU/EEA you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. To exercise these rights, contact us at support@lvl1.io. You may also lodge a complaint with your local data protection authority (in Latvia, the Data State Inspectorate).
7. TikTok-specific disclosure
For our TikTok integration:
- OAuth access and refresh tokens are stored securely and are never shared publicly.
- Tokens are used only for video.publish / video.upload operations to publish LVL1’s own videos to the single authorizing account.
- No other scopes are used to access other users’ content or data.
- You can revoke access at any time from your TikTok app settings (Manage app permissions); revocation stops all posting and invalidates the stored tokens.
8. Data controller
The data controller is LVL1. For any privacy question or request, contact support@lvl1.io.
9. Changes
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.