← Back to home

Social Media Automation — Privacy Policy

Effective date: 19 April 2026
Last updated: 19 April 2026

1. Introduction

This Privacy Policy explains how Midnite Compile GmbH ("we", "us", "our", "Midnite Compile") collects, uses, stores, and protects information in connection with our internal social media automation service ("the Service"). The Service is a self-hosted tool used by Midnite Compile and its authorised personnel to schedule and publish content to third-party social media platforms, including TikTok, Instagram, and others.

We are committed to protecting your privacy and handling personal data in compliance with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the terms of the third-party platforms we integrate with.

2. Who We Are

Data Controller:
Midnite Compile GmbH
Otto-Bauer-Gasse 5/17, 1060 Vienna, Austria
Commercial register: FN 676204v (Handelsgericht Wien)
Email: office@midnitecompile.com

For all privacy-related inquiries, data access requests, or deletion requests, please contact us at the email address above.

3. Scope of This Policy

The Service is used exclusively by Midnite Compile and its authorised employees, contractors, and AI agents for the purpose of managing the company's own social media presence. It is not a public-facing application and is not offered as a service to external users.

This policy applies to:

• Authorised users of the Service (Midnite Compile personnel)
• Data obtained from connected third-party platforms (e.g., TikTok, Instagram)

4. Information We Collect

4.1 Information from TikTok

When an authorised user connects a TikTok account to the Service via TikTok's OAuth authorisation flow, we access and store data corresponding to the following scopes:

TikTok Scope	Data Collected	Purpose
user.info.basic	Open ID, Union ID, avatar URL, display name	Identifying the connected account
user.info.profile	Profile web link, deep link, bio description, verification status	Displaying account information within the Service
user.info.stats	Likes count, follower count, following count, video count	Displaying performance metrics for scheduling decisions
video.list	List of public videos posted by the connected account	Reviewing existing content before scheduling new posts
video.upload	Ability to upload video drafts to the connected account	Draft creation for manual review before publishing
video.publish	Ability to publish video content to the connected account	Automated publishing of scheduled content

In addition, we store:

• OAuth access tokens and refresh tokens (used to authenticate with TikTok's API)
• Scheduled post content authored by authorised users (captions, hashtags, media files)
• Log entries recording when posts are published and whether publishing succeeded

4.2 Information from Other Platforms

The Service may integrate with other social media platforms (e.g., Instagram, Facebook). When it does, equivalent categories of data (profile information, authentication tokens, post content) are collected from those platforms under their respective terms.

4.3 Technical Data

Server logs may record technical information such as IP addresses, timestamps, and API request details as part of normal server operations.

5. How We Use Information

We use the collected information solely to:

• Authenticate with connected third-party platforms on behalf of authorised users
• Display account information and performance statistics to authorised users within the Service
• Schedule and publish content to connected accounts
• Diagnose technical errors and maintain the Service
• Comply with legal obligations

We do not use collected information for advertising, profiling, resale, or any purpose outside the operation of the Service.

6. Legal Basis for Processing (GDPR)

We process personal data on the following legal bases:

• Consent (Art. 6(1)(a) GDPR): when an authorised user connects a third-party account
• Legitimate Interests (Art. 6(1)(f) GDPR): operating and securing the Service
• Legal Obligation (Art. 6(1)(c) GDPR): where applicable

7. Data Storage and Security

All data is stored on servers operated by Midnite Compile, hosted in a data centre in Nuremberg, Germany (Hetzner Online GmbH). Security measures include:

• Full-disk LUKS encryption on all storage volumes
• Encrypted data transmission (TLS)
• SSH key-based access control with no password authentication
• Principle of least privilege for user and agent access
• Regular security updates

Data is processed and stored exclusively within the European Union.

8. Data Retention

• OAuth tokens: retained as long as the connected account remains linked to the Service. Revoked or expired tokens are deleted within 7 days.
• Scheduled content: retained until published or deleted by an authorised user.
• Published-post logs: retained for up to 24 months for analytics and troubleshooting, then deleted.
• Server logs: retained for up to 90 days.

9. Data Sharing and Disclosure

We do not sell, rent, or share collected data with third parties, except:

• With the third-party platforms themselves (e.g., TikTok) when the Service publishes content or retrieves data on your behalf, as authorised by you
• With our hosting provider (Hetzner Online GmbH) as a data processor under a GDPR-compliant Data Processing Agreement
• When required by law, court order, or to protect our legal rights

10. Your Rights Under GDPR

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time
• Lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, www.dsb.gv.at)

To exercise any of these rights, contact us at office@midnitecompile.com.

11. Data Deletion Process

To request deletion of your data:

• Email office@midnitecompile.com with the subject line "Data Deletion Request"
• Include the connected account identifier (e.g., TikTok username)
• We will confirm receipt within 48 hours and complete deletion within 30 days

Alternatively, you may revoke the Service's access directly in your TikTok account settings at tiktok.com/setting/connected-apps — upon revocation, we will delete all associated tokens and profile data within 7 days.

12. Children's Privacy

The Service is not intended for, and not made available to, individuals under the age of 16 (or the age of majority in the applicable jurisdiction, whichever is higher). We do not knowingly collect personal data from children. If you believe a minor's data has been collected, contact us immediately and we will delete it.

13. International Data Transfers

All personal data processed by the Service is stored and processed within the European Economic Area (EEA). We do not transfer personal data outside the EEA.

When you use the Service with a third-party platform (such as TikTok), that platform may transfer data internationally under its own privacy policy. Please refer to the relevant platform's privacy policy for details.

14. Third-Party Services

The Service integrates with third-party platforms. Your use of those integrations is also subject to the respective platform's privacy policy:

• TikTok: tiktok.com/legal/privacy-policy
• Instagram / Meta: privacycenter.instagram.com/policy

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated to authorised users through the Service.

16. Contact

Midnite Compile GmbH
Otto-Bauer-Gasse 5/17, 1060 Vienna, Austria
FN 676204v (Handelsgericht Wien)
Email: office@midnitecompile.com