Last updated: May 28, 2026
OneTingThatMattera ("we", "us", or "our") is a TikTok application that enables automated content publishing and analytics for the One Thing That Matters daily newsletter. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you connect your TikTok account to our application.
1. Information We Access
When you authorize OneTingThatMattera through TikTok's OAuth flow, we request access to the following data through TikTok's official API:
- Account profile information (user.info.profile): Your TikTok display name, avatar, and account ID — used to identify your account and display your profile within the app interface.
- Account statistics (user.info.stats): Aggregated metrics such as follower count, following count, and like count — used to understand your account's reach and audience.
- Video list (video.list): Access to view your published and drafted videos — used to display your content library and track publishing status.
- Video upload (video.upload): Permission to upload and publish video content to your TikTok account on your behalf — used exclusively for posting the daily One Thing That Matters newsletter content you create and approve.
We only request the minimum permissions necessary to provide our service. You can review and revoke these permissions at any time through your TikTok account settings.
2. How We Use Your Information
All information accessed through the TikTok API is used exclusively for the following purposes:
- Content publishing: Uploading and publishing video content to your TikTok account that you have created, reviewed, and explicitly approved.
- Performance analytics: Aggregating anonymized content performance metrics (views, likes, comments, shares) to help you understand what content resonates with your audience.
- Account management: Displaying your account information within the app so you can confirm which account is connected.
We do not use your data for advertising, profiling, automated decision-making, or any purpose beyond operating and improving the OneTingThatMattera service itself.
3. Data Storage and Retention
We store the following data to operate the service:
- TikTok OAuth tokens: Access tokens and refresh tokens are stored securely on our server to maintain your authenticated session. These tokens are encrypted at rest.
- Content performance metrics: Aggregated, anonymized analytics data (view counts, engagement rates) is retained to track content performance over time.
- Publishing history: A log of content published through the app, including timestamps and video IDs, is retained for operational purposes.
We retain this data only for as long as your account remains connected to the app, or as required to fulfill the purposes described in this policy. When you disconnect your account or revoke our access, your OAuth tokens are immediately invalidated and all associated personal data is deleted within 30 days.
4. Data Sharing and Disclosure
We do not sell, rent, trade, or otherwise share your personal information with third parties. Specifically:
- We do not share your data with advertisers, data brokers, or analytics companies.
- We do not use your content or account data to train AI models.
- We may disclose information only if required by law, court order, or governmental regulation.
- We may share anonymized, aggregated statistics (which cannot identify any individual user) for operational reporting.
5. Third-Party Services
Our application operates on the TikTok platform and relies on TikTok's official API. TikTok's own Privacy Policy governs how TikTok handles your account data, content, and interactions on their platform. We encourage you to review TikTok's Privacy Policy for information about their data practices.
Our application is hosted on Vercel, which may process metadata (such as IP addresses) for infrastructure purposes. Vercel's data processing is governed by their Privacy Policy.
6. Your Rights and Choices
You have the following rights regarding your data:
- Revoke access: You can disconnect OneTingThatMattera from your TikTok account at any time through TikTok's app permissions settings. This immediately revokes our API access.
- Data deletion: You may request deletion of all data we hold about you by contacting us at the email below. We will comply within 30 days.
- Data access: You may request a copy of the data we hold about you by contacting us.
- Opt-out: You are never required to use this application. It is an entirely optional tool for personal content automation.
7. Security
We implement appropriate technical and organizational measures to protect your information:
- OAuth tokens are encrypted at rest and transmitted only over HTTPS.
- Access to stored data is restricted to the application's automated processes — no human staff routinely accesses individual account data.
- We follow the principle of least privilege, requesting only the minimum API scopes necessary.
However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
8. Children's Privacy
Our service is not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of OneTingThatMattera after any changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: onethingthatmatters@substack.com
We will respond to all inquiries within 14 business days.
