← Back to Wouchh

Privacy Policy

Wouchh ("we", "us", "our", "the Service") is operated by Wouchh, a company registered in Maharashtra, India ("Wouchh", "the Company"). The Service helps businesses manage customer engagement, publish content, and analyze performance across social media platforms including TikTok, Facebook, and Instagram.

This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and the choices you have. By using Wouchh, you acknowledge that you have read and understood this policy. If you do not agree, please do not use the Service.

1. Information We Collect

We collect only the data necessary to provide the features you authorize when connecting your social media accounts. We follow the principle of data minimization — we never request access to more data than is required for the functionality you use.

1.1 Data from TikTok

When you connect a TikTok Business account, we may access:

Regional limitation (EEA, Switzerland, UK): Due to TikTok's privacy restrictions, direct message features are limited for users in the European Economic Area, Switzerland, and the United Kingdom. For these users, we receive only message timestamps and recipient identifiers — message content is not available.

1.2 Data from Facebook & Instagram

When you connect Facebook Pages or Instagram Business accounts, we may access:

1.3 Usage Data

1.4 Data We Do Not Collect

2. Legal Basis for Processing

We process your data under the following legal bases (as defined by GDPR Article 6):

3. How We Use Your Data

We use collected data exclusively to provide, maintain, and improve the Service:

We do not: sell your data, use it for advertising or profiling, share it with data brokers, use it to train machine learning models, or process it for any purpose beyond operating the Service.

4. How We Store and Protect Data

4.1 Encryption

4.2 Infrastructure Security

4.3 Token Handling

Platform access tokens are decrypted in-memory solely to execute authorized API calls. Tokens are never logged, exposed in URLs, or transmitted to any party other than the respective platform provider. Refresh tokens are rotated according to each platform's schedule (TikTok: 24-hour access tokens, 1-year refresh tokens).

5. Data Sharing and Sub-processors

We share data only when strictly necessary to operate the Service:

We maintain a list of sub-processors and will update this section if additional processors are engaged. We do not sell your data, share it with advertisers, or provide it to data brokers under any circumstances.

6. Data Retention

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8. Age Requirements

The Service is intended for use by businesses and individuals who are at least 18 years of age. We do not knowingly collect personal data from anyone under 18. TikTok's Business APIs require all authorizing users to be 18 or older. If we become aware that we have collected data from a person under 18, we will delete that data promptly.

9. Cookies and Local Storage

Wouchh does not use cookies for tracking, analytics, or advertising. We use browser session storage (a temporary, tab-scoped storage mechanism) solely to maintain your authenticated session while using the dashboard. Session storage is automatically cleared when you close the browser tab. No persistent local storage or third-party cookies are used.

10. International Data Transfers

Your data may be processed in regions where our infrastructure and sub-processors operate, including the United States. When data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including:

11. Incident Response

In the event of a data breach that poses a risk to your rights and freedoms, we will:

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Continued use of the Service after notification constitutes acceptance of the updated policy.

13. Contact

For privacy questions, data subject requests, or concerns about this policy, contact our designated privacy contact:

We aim to respond to all privacy-related inquiries within 30 days. For data subject access requests under GDPR, we will respond within the legally mandated timeframe.