← Back to duupe

Privacy Policy

Last updated: April 16, 2026

1. What We Collect

When you use duupe, we collect the following information:

  • Google account info: email address, display name, and profile picture (used for authentication).
  • TikTok account info: display name, username, avatar, and follower count (used to identify your connected accounts).
  • TikTok OAuth tokens: access and refresh tokens (used to post content on your behalf). These are stored server-side only and are never exposed to the browser.
  • Post metadata: captions, titles, privacy settings, and publishing status for posts you create through duupe.

2. What We Do NOT Collect

duupe does not store your videos or photos. Media files are uploaded directly from your browser to TikTok. For photo slideshows, images are temporarily uploaded to a hosting service to generate a URL for TikTok, but are not retained long-term.

3. How We Use Your Data

  • To authenticate you and maintain your session.
  • To connect your TikTok accounts and display account info.
  • To post videos and photo slideshows to TikTok on your behalf.
  • To display your post history and publishing status.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted by Supabase with row-level security enabled, ensuring each user can only access their own data. TikTok OAuth tokens are stored server-side and are never sent to the client browser.

5. Third-Party Services

duupe relies on the following third-party services:

  • Google — authentication (OAuth 2.0).
  • TikTok — account connection and content publishing via the TikTok API.
  • Supabase — database and authentication infrastructure.
  • Vercel — application hosting.

Each service has its own privacy policy. We encourage you to review them.

6. Cookies

duupe uses essential cookies only — session cookies to keep you logged in and temporary cookies for the TikTok OAuth flow. We do not use tracking or advertising cookies.

7. Children's Privacy

duupe is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 18 (or the age of majority in your jurisdiction), you may not use the Service. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal data, please contact us at the address below.

8. Data Retention

We retain your account data and post metadata for as long as your account is active. TikTok OAuth tokens are retained only while the associated TikTok account is connected. When you disconnect a TikTok account, its tokens and associated data are deleted immediately. If you delete your duupe account, all associated data is permanently removed within 30 days.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate personal data.
  • Delete your account and all associated data by contacting us.
  • Disconnect any linked TikTok account at any time, which immediately removes stored tokens and account data.

To exercise any of these rights, contact us at the address below.

10. Data Deletion

You can disconnect any TikTok account from duupe at any time, which removes all stored tokens and account data. To delete your entire duupe account and all associated data, contact us at the address below. We will process deletion requests within 30 days.

11. Governing Law

This Privacy Policy is governed by the laws of the United States.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.

13. Contact

If you have questions about this privacy policy or your data, reach out at support@duupe.space.