Privacy Policy

1. Introduction

This Privacy Policy describes how Pluggabl L.L.C. ("TokHQ," "we," "us," or "our") collects, uses, shares, and protects information when you use our shipping automation service at tokhq.io (the "Service"). We provide fulfillment automation for TikTok Shop sellers, helping manage orders, purchase shipping labels, and track shipments.

By using TokHQ, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (personal or business)
• Company name (optional)
• Password (encrypted)
• Phone number (optional, for support)

2.2 TikTok Shop Integration Data

When you connect your TikTok Shop account, we access and store:

• TikTok Shop ID and store name
• OAuth tokens (encrypted)
• Order information (order ID, items, quantities, SKUs, prices)
• Customer shipping addresses (name, address, phone)
• Order status and fulfillment requirements
• TikTok-imposed shipping deadlines and SLA requirements

2.3 Shipping and Label Data

For label generation and tracking, we collect:

• Package dimensions and weights
• Carrier selections and service types
• Tracking numbers
• Label costs and shipping rates
• Shipment status updates
• Return address information

2.4 Payment Information

Payment processing is handled by Stripe. We store:

• Stripe customer ID
• Last 4 digits of payment method
• Billing address
• Subscription status and plan details

2.5 Usage and Technical Data

We automatically collect:

• IP addresses
• Browser type and version
• Device information
• Access times and dates
• Pages viewed and features used
• Error logs and performance metrics
• Webhook events and API call logs

2.6 Communications

If you contact support or receive notifications, we store:

• Email correspondence
• Support ticket content
• Alert preferences
• Notification history

3. How We Use Your Information

3.1 Provide Core Services

• Process and fulfill TikTok Shop orders
• Purchase shipping labels on your behalf
• Post tracking information to TikTok
• Monitor shipping SLAs and compliance
• Send alerts about at-risk orders

3.2 Maintain and Improve Service

• Debug technical issues
• Monitor system performance
• Analyze usage patterns
• Develop new features
• Ensure security and prevent fraud

3.3 Business Operations

• Process payments and subscriptions
• Provide customer support
• Send service updates and critical alerts
• Comply with legal obligations
• Enforce our Terms of Service

3.4 Communications

• Send transactional emails (order confirmations, shipping alerts)
• Provide system notifications (downtime, updates)
• Respond to support requests
• Send billing and account notices

4. Information Sharing

4.1 Service Providers

We share information with third parties that help operate our Service:

4.2 Legal Requirements

We may disclose information if required to:

• Comply with legal obligations
• Respond to valid legal requests
• Protect our rights, property, or safety
• Investigate fraud or security issues

4.3 Business Transfers

If TokHQ is acquired or merged, your information may be transferred as part of the transaction. We will notify you via email and prominent notice on our Service before your information becomes subject to a different privacy policy.

4.4 Aggregated Data

We may share aggregated, non-identifying statistics about Service usage, such as average shipping times or popular carriers, for business development or industry reports.

5. Data Security

We implement industry-standard security measures:

• Encryption: All sensitive data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
• Access Controls: Role-based permissions and multi-factor authentication for staff
• Infrastructure: Secure AWS environment with VPC isolation
• Monitoring: 24/7 security monitoring and intrusion detection
• Regular Audits: Quarterly security reviews and vulnerability assessments
• Incident Response: Documented breach response plan with 72-hour notification

Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

We retain information for as long as necessary to provide our Service and comply with legal obligations:

Data Type	Retention Period
Account Data	Duration of account plus 30 days after deletion
Order/Shipment Data	180 days from order date
Event Logs	90 days
Support Tickets	2 years
Financial Records	7 years (legal requirement)
Security Logs	1 year

After retention periods, data is permanently deleted from production systems. Encrypted backups are retained for 30 additional days for disaster recovery.

7. Your Rights and Choices

7.1 Access and Portability

You can request a copy of your personal information in a structured, machine-readable format.

7.2 Correction

You can update account information through your dashboard or by contacting support.

7.3 Deletion

You can request deletion of your account and personal information. We will process deletion requests within 7 days, except where retention is required by law.

7.4 Restriction

You can request we limit processing of your information in certain circumstances.

7.5 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if information is sold or disclosed (we do NOT sell data)
• Right to opt-out of sale (not applicable as we don't sell)
• Right to non-discrimination for exercising privacy rights

7.6 European Privacy Rights (GDPR-Ready)

When we expand to the EU, users will have:

• Right to object to processing
• Right to withdraw consent
• Right to lodge complaints with supervisory authorities
• Rights related to automated decision-making

8. Cookies and Tracking

We use minimal, essential cookies only:

• Session Cookies: Maintain login state (expire on logout)
• Security Cookies: CSRF protection (required for security)
• Preference Cookies: Remember display settings (optional)

You can disable cookies in your browser, but this may limit Service functionality.

9. Children's Privacy

TokHQ is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 13, we will delete it immediately.

10. International Data Transfers

Your information is processed and stored in the United States. By using TokHQ, you consent to the transfer of information to the U.S., which may have different data protection laws than your jurisdiction.

For future EU users, we will implement appropriate safeguards such as Standard Contractual Clauses.

11. Third-Party Links

Our Service may contain links to third-party websites (TikTok Shop, carrier sites). We are not responsible for the privacy practices of these sites. Please review their privacy policies separately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify you via email or prominent Service notice at least 30 days before the changes take effect.

Continued use of TokHQ after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

14. Data Protection Officer

For privacy-specific matters, you may contact our Data Protection Officer at: [email protected]