Acaba ("we", "us", or "our") operates getacaba.com and app.getacaba.com (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Information We Collect

Account data

When you create an account we collect your email address and a hashed password. This is managed through Supabase Auth and stored on servers within the United States.

TikTok data (via TikTok Login Kit)

If you choose to connect your TikTok account, Acaba requests the following OAuth scopes from the TikTok API:

  • user.info.basic — your TikTok display name, profile picture URL, and unique user ID. We use this to identify your connected account within the dashboard.
  • video.list — a list of your public TikTok videos and their metadata (titles, view counts, like counts, share counts). We use this to power the analytics and trend-research features of the Service.

We do not request permission to post to TikTok on your behalf unless you have explicitly enabled the Content Posting feature. Connecting TikTok is optional; the core script-generation features work without it.

Usage data

We automatically collect standard server logs: IP address, browser type, pages visited, referring URL, and timestamps. This data is used for security monitoring and aggregate analytics only.

Content you create

Scripts, campaigns, and other content you generate or save in the dashboard are stored in our database solely to provide the Service back to you. We do not use your content to train AI models.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your account and enforce session security
  • Display your connected TikTok profile and video analytics inside the dashboard
  • Generate AI-powered scripts and content recommendations based on your selected topics
  • Send transactional emails (password reset, billing receipts) — no marketing without explicit opt-in
  • Detect and prevent abuse, fraud, and security incidents

3. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following categories of service providers, and only to the extent necessary to operate the Service:

  • Supabase — authentication and PostgreSQL database hosting
  • Amazon Web Services (AWS) — file storage (S3) and compute infrastructure
  • Anthropic — AI language model API used for script generation. Prompts sent to Anthropic do not include your TikTok credentials or raw video data
  • TikTok — your data is retrieved from TikTok's API under TikTok's own Privacy Policy

We may disclose information if required by law or to protect the rights, property, or safety of Acaba, our users, or the public.

4. TikTok Data — Retention & Revocation

TikTok profile and video data obtained through Login Kit is stored in our database to power the analytics dashboard. We retain this data for as long as your TikTok account remains connected to Acaba.

You can disconnect your TikTok account at any time from Dashboard → Settings → Connected Accounts. Upon disconnection:

  • We immediately revoke your TikTok OAuth token
  • Cached TikTok video data is deleted within 30 days
  • Your TikTok user ID and display name are removed from your account record

You may also revoke Acaba's access directly in your TikTok account under Settings → Security → Apps and Permissions.

5. Cookies & Local Storage

We use essential cookies for session management (Supabase Auth JWT). We do not use third-party advertising or tracking cookies. You can disable cookies in your browser, but the Service will not function without session cookies.

6. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Portability — receive your data in a structured, machine-readable format

To exercise any of these rights, email us at privacy@getacaba.com. We will respond within 30 days.

7. Data Security

We use industry-standard measures including TLS encryption in transit, encrypted storage at rest, and role-based access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and update the effective date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

Questions about this Privacy Policy? Contact us at:

Acaba
Email: privacy@getacaba.com
Website: getacaba.com