TikTask logo TikTask

Privacy Policy

Effective Date: July 19, 2025

Last Updated: October 15, 2025

Contact Email: support@tiktaskapp.com

1) Introduction

TikTask (“we”, “us”, “our”) is a privacy-first automation assistant. This policy explains what we collect, why we collect it, how we use it, and the choices you have. If you disagree, please do not use the app.

2) Data Minimization: What We Collect (and What We Don’t)

We design features so that your task content (messages, bucket texts, variables) stays on your device. By default, that content is not uploaded to our servers. We collect only what is necessary to provide core services:

  • Account/Identity: Email or social login identifiers; display name.
  • Purchases/Entitlements: SKU, region/currency, purchase tokens/receipts, entitlement state (via Google Play).
  • Device Metadata: Model, OS version, app version, coarse diagnostics to improve reliability.
  • Crash/Performance Telemetry: Anonymous crash traces and performance signals (via Firebase) to keep the app stable.
  • Advertising Signals: Only if ads are enabled and where legally permitted/consented (AdMob).
  • Optional Backups: If you turn it on, your app data is stored in your Google Drive App Folder.

We do not collect your task texts, buckets, variables, or recipients onto our servers. Those live locally, or in your Drive backup if you choose.

3) How We Use Data (Purposes & Legal Bases)

  • Provide the Service: Authenticate you, maintain entitlements, and deliver features you enable (Contract).
  • Reliability & Safety: Crash diagnostics, performance, fraud/abuse prevention (Legitimate Interests).
  • Billing & Compliance: Tax and accounting records related to purchases (Legal Obligation/Contract).
  • Advertising: Show ads where allowed; if required by law, only with your consent (Consent/Legitimate Interests).
  • Support: Respond to your emails and deletion requests (Contract/Legitimate Interests).

4) Android Permissions & Reliability

To execute the automations you configure, TikTask may request certain Android permissions. Permissions vary by OEM and OS version. We ask only for what a feature requires. You can revoke any permission at any time; related features will stop until re-enabled.

4.1 Accessibility Service

  • Purpose: Perform UI interactions you explicitly schedule—open app, focus field, type, tap, scroll.
  • Scope: Limited UI element access necessary to execute the steps; no continuous monitoring, no keylogging.
  • Timing: Access is active only while a run is executing or when you open a dependent feature.
  • Safeguards: Time-boxed, deterministic flows with retries/backoff and rate-limits.
  • Revoke: Device Settings → Accessibility → toggle TikTask off.

4.2 Display over Other Apps (Overlay)

  • Purpose: Show transient helper UI (progress, controls).
  • No Screen Capture: Overlays are visual; they do not record underlying content.
  • Revoke: Settings → Apps → Special access → Display over other apps.

4.3 Notification Access

  • Purpose: Detect on-device triggers/status to coordinate steps (e.g., sent/received signals).
  • Local Only: Processed on device; not transmitted to our servers.
  • Revoke: Settings → Apps → Special app access → Notification access.

4.4 Exact Alarms & Background Execution

  • Purpose: Run tasks on schedule, even if the app is closed or after reboot.
  • Mechanics: WorkManager + exact alarms; foreground service when OS requires.
  • Revoke: Disable exact alarms and/or background allowances in system settings.

4.5 Battery Optimization Exemptions & AutoStart

  • Purpose: Prevent OEM power managers from killing scheduled runs; survive reboots.
  • OEM Variance: Some vendors need extra steps; the in-app System Monitor links to the right screens.

4.6 Lock/Wake Helpers (Keyguard)

  • Purpose: Allow a run to wake/unlock only when necessary and permitted by OS policy.
  • Limits: Time-bounded; respects secure lock screens; never exports your credentials.

4.7 Your Controls

The System Monitor shows what’s missing and provides deep links. Revoking a permission disables only its dependent features; your on-device data remains intact (and your Drive backups if enabled).

5) Storage & Retention

  • On Device: Tasks, buckets, variables, labels, schedules, and run logs.
  • On Our Servers (minimal): Account identifiers, entitlement state, server access logs for security.
  • Retention Windows: Crash/perf logs — rolling operational period; purchase/entitlement — as required for tax/legal; server logs — pruned on schedule.
  • Backups: If enabled, data is written to your Google Drive App Folder; you control deletion there.

6) Cookies & Similar Technologies

The Android app does not use web cookies. Our website may use standard analytics/consent tooling; see the site banner or settings to control your choices.

7) Sharing & Processors (Vendors We Use)

We do not sell or rent data. We use processors bound by data-processing agreements:

7.1 Firebase (Auth, Crashlytics, Performance)

  • Purpose: Login, stability, and performance.
  • Data: Auth identifiers, device/app metadata, anonymized traces.
  • No Task Content: We don’t send your messages/buckets/variables.

7.2 Google Play (Billing)

  • Purpose: Purchases/subscriptions, entitlements, refunds under Play policy.
  • Data: SKU, region, purchase tokens, entitlement state.

7.3 AdMob (Ads, where applicable)

  • Purpose: Show ads; if required, only with your consent; ad-free if you upgrade.
  • Data: Ad identifiers, delivery/interaction signals, device metadata; settings depend on your consent.

7.4 Google Drive API (Optional)

  • Purpose: Your backups in your Drive App Folder; we do not host or read these files.

7.5 Email/Support

8) International Transfers

Vendors may process data in multiple regions. Where required, we rely on appropriate transfer safeguards (e.g., SCCs).

9) Your Rights & Choices

  • Access/Correction: Ask to view or correct data we hold about your account.
  • Deletion: Delete your account in-app (preferred) or submit a request via the form at Account Deletion.
  • Consent Choices: Manage ad consent (where applicable) or upgrade to remove ads.
  • Permissions: Revoke Android permissions at any time in system settings.
  • Appeals/Complaints: You may have rights under regional laws (e.g., GDPR/CCPA). We respond within applicable timelines.

10) Security

We employ industry practices: TLS in transit, scoped tokens, hashed credentials, least-privilege server access, and operational monitoring. No system is perfectly secure; you are responsible for securing your device and backups.

11) Children’s Privacy

The service is not intended for children under 13 (or local age of digital consent). We do not knowingly collect children’s data.

12) Changes to This Policy

We may update this policy for legal or product reasons. We will post the updated date and, where material, provide in-app notice or request consent where required.

13) Contact Us

Questions or requests: support@tiktaskapp.com.

We use privacy-friendly analytics to understand usage. No personal data is sold.