Bubbloomi

Privacy Policy

Last updated: March 21, 2026

This Privacy Policy describes how Bubbloomi (“we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our website, dashboard, and related services (collectively, the “Service”). It is intended to support transparency for users and for platform review processes, including applications to the TikTok for Developers program.

For privacy-related requests, please use the contact options on our homepage. Operators should set NEXT_PUBLIC_LEGAL_CONTACT_EMAIL so this page displays a direct contact address.

1. Who we are

Bubbloomi is an AI-assisted video creation and multi-platform delivery product. Workflows are designed to be up to approximately 99% autonomous for production tasks (for example, scripting and media generation), while final publication is intended to remain under your control. Content is typically sent to connected accounts in a draft, pending, or non-public state (depending on each platform's features) so you can review and approve posts in the native apps before they become fully public, subject to your settings, authorization, and each platform's policies.

2. Information we collect

Depending on how you use the Service, we may collect:

  • Account and authentication data — such as email address, name (if provided), password hash or session identifiers, role, and similar credentials used to access the dashboard.
  • Content and workflow data — topics, prompts, scripts, video project metadata, scheduling preferences, job/run status, logs, and files or URLs needed to generate and publish media.
  • Integration / OAuth tokens — when you connect a third-party account, we store tokens or references needed to maintain that connection (for example, refresh tokens for YouTube, Meta, or TikTok), together with identifiers that associate the connection with your Bubbloomi account.
  • Technical and usage data — IP address, browser type, device information, timestamps, and diagnostic data from our servers and logs, used for security, reliability, and abuse prevention.

3. TikTok integration (Login Kit / OAuth and Content Posting API)

If you choose to connect TikTok, you will be redirected to TikTok to authorize our application. Bubbloomi requests access only for the scopes we need to operate the integration. Our current TikTok authorization request includes:

  • user.info.basic — to identify the authorized TikTok account and display basic profile information in your dashboard (for example, display name or handle as returned by TikTok).
  • video.upload — to upload video content that you initiate from the Service to your TikTok account (for example, as a draft or pending post where available), in line with TikTok's product rules and your instructions.
  • video.publish — to complete publishing workflows when you choose to post finalized content to TikTok (for example, after your review in TikTok).

We use TikTok data solely to:

  • Authenticate and maintain your voluntary connection to TikTok;
  • Perform upload and publish actions you explicitly trigger through the Service, consistent with draft-first and review workflows where applicable;
  • Show connection status and limited account context in the dashboard;
  • Operate, secure, and troubleshoot the Service.

We do not sell TikTok user data. We do not use TikTok data for unrelated advertising profiles. Processing is based on your consent when you authorize the integration, and on our legitimate interest in providing the Service you requested, where permitted by law.

TikTok's own terms and privacy practices apply to your use of TikTok. See TikTok's policies for how they handle information on their platform: TikTok Privacy Policy.

4. How we use information

We use the information above to:

  • Provide, operate, and improve the Service;
  • Authenticate users and enforce access controls;
  • Generate, process, and deliver content according to your settings and connected accounts, including preparing posts for your review where the platform supports drafts or equivalent states;
  • Communicate about the Service (e.g., security or operational notices where appropriate);
  • Detect, prevent, and respond to fraud, abuse, or technical issues;
  • Comply with applicable law and respond to lawful requests.

5. AI and third-party providers

The Service may use third-party AI or media providers to generate scripts, imagery, audio, or video based on your inputs. When you submit prompts or content, portions of that data may be sent to those providers solely to fulfill your request. We select and configure providers to support the Service; their use is governed by their respective terms and privacy policies.

6. Sharing of information

We may share information with:

  • Platform operators — when you publish or upload, the destination platform (including TikTok) receives the content and metadata required for that action.
  • Service providers — hosting, database, email, analytics, security, or AI vendors that process data on our behalf under appropriate safeguards.
  • Legal and safety — when required by law, court order, or to protect rights, safety, or integrity of users or the Service.

We do not sell your personal information as “sale” is commonly defined under U.S. state privacy laws.

7. Retention

We retain information for as long as your account is active, as needed to provide the Service, and as required by law. OAuth tokens may be deleted or invalidated when you disconnect an integration or delete your account. Backup and log retention periods may vary for security and compliance.

8. Security

We implement reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or restrict certain processing of your personal information, or to withdraw consent where processing is consent-based. You may disconnect third-party accounts (including TikTok) from the integrations section of the dashboard at any time, which stops future API use for that connection subject to TikTok's own controls.

To exercise privacy rights, contact us using the email shown at the top of this page (when configured) or the contact on our website.

10. Children's privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

11. International transfers

We may process and store information in the United States and other countries where we or our providers operate. Those jurisdictions may have different data protection laws than your country. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. For material changes, we may provide additional notice as appropriate.

13. Contact

Questions about this Privacy Policy or our data practices: use the contact email displayed above (when NEXT_PUBLIC_LEGAL_CONTACT_EMAIL is set) or the contact link on our homepage.