Privacy Policy - GDPR Compliance

Contents

  1. Preamble
    1. Legal basis for processing
    2. Protection of minors
  2. Identity of the data controller
  3. Personal data collected, used and processed
    1. Data actively collected
    2. Data collected automatically
    3. Data from TikTok
    4. Videos generated and technical processing
    5. Technical logs
  4. Data recipients
  5. Data security
  6. Rights of data subjects
  7. Policy changes
  8. Contact and Data Protection Officer (DPO)

1. Preamble

The purpose of this privacy policy is to inform users of our services in a clear, transparent and accessible manner about how their personal data is collected, used, stored, protected and, where applicable, shared.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (GDPR), we are committed to ensuring confidentiality, security and respect for your rights.

1.1 Legal basis for processing

In accordance with Article 6(1)(a) of the GDPR, the legal basis for all processing carried out by VibeCut is your explicit consent.

This consent is:

  • essential to use our services,
  • clearly and actively collected at the time of your registration or when connecting to third-party services (e.g. TikTok),
  • may be revoked at any time, without affecting the lawfulness of processing prior to such withdrawal.

You may withdraw your consent:

  • directly from your personal space,
  • or by sending a written request to the following address: contact@vibecut.net

1.2 Protection of minors

Use of the VibeCut platform is strictly reserved for persons aged 15 or over.

We do not intentionally collect or process personal data relating to minors under the age of 15, in accordance with Article 8 of the GDPR.

If we discover that a child under the age of 15 has transmitted personal data via our services, we will immediately take the necessary steps to:

  • delete the data concerned from our systems,
  • deactivate access to the account, if applicable.

Legal representatives (parents, guardians) may contact us at any time at the following address: contact@vibecut.net to exercise their rights in relation to the data of a minor.

2. Identity of the data controller

The controller of personal data, within the meaning of the General Data Protection Regulation (GDPR), is the entity that determines the purposes and means of processing personal data.

In the context of the use of our services, the data controller is:

  • Organization name: VibeCut
  • Legal representative / GDPR manager: Paul Noël-Bertin
  • Contact e-mail address: contact@vibecut.net

In accordance with Article 37 of the GDPR, VibeCut has appointed a Data Protection Officer (DPO), responsible for ensuring compliance with the applicable regulations and serving as a point of contact for any questions relating to personal data.

3. Personal data collected, used and processed

This section describes the types of personal data we collect, their purposes, and how long they are kept.

In accordance with Article 6(1)(a) of the GDPR, all processing carried out by VibeCut is based on your explicit consent, which conditions access to and use of our service.

Important: You may withdraw this consent at any time, without affecting the legality of the processing carried out prior to such withdrawal. Withdrawal can be made via your account settings or by written request to: contact@vibecut.net

3.1 Actively collected data

When you use our platform, you voluntarily provide us with the data required to provide the service:

Type of dataExamplesPurposeRetention period
Identification dataFirst name, last name, e-mail, passwordAccount creation, authentication, access to your personal spaceUntil account deletion or 6 months of inactivity
User preferencesCreators followed, preferred publication timesPersonalized experience, automated publication schedulingSame as above
Publication settingsTikTok login via OAuth, linked credentialsAutomatic publishing on your behalf via TikTok APIUntil you log out or delete your account

4. Data security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

4.1 Protective measures in place

  • Data encryption: All personal data is encrypted at rest and in transit via HTTPS (TLS 1.3)
  • Secure infrastructure: Services hosted on recognized cloud platforms with security certifications
  • Authentication and access control: Limited access with strong authentication systems
  • Monitoring and logging: Active monitoring for unauthorized access or abnormal behavior

5. Rights of data subjects

In accordance with the General Data Protection Regulation (GDPR), you have several rights regarding the personal data we process about you.

You can exercise the following rights at any time, by contacting us at: contact@vibecut.net

  • Right of access: Obtain confirmation and access to your personal data
  • Right of rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw consent at any time

6. Contact and Data Protection Officer (DPO)

If you have any questions about this privacy policy, exercising your rights, or the way in which we process your personal data, you can contact our Data Protection Officer (DPO).

Last update: January 15, 2025
We undertake to respond to any request within the timeframe stipulated by the GDPR (generally within 30 days).