Privacy Policy

Agency Chat is operated by TekSpert Ltd (Company No. 16711813), registered at 110 Pall Mall, Chorley, PR7 2LB, United Kingdom. TekSpert Ltd is the Data Controller for the platform. Each agency using the platform is the Data Controller for their own creator data, with TekSpert Ltd acting as Data Processor.

We collect the following categories of personal data:

• Account data: full name, email address, password (hashed), role, and agency affiliation.
• TikTok profile data: for creators — TikTok username, display name, avatar URL, open_id, and bio description, obtained via TikTok OAuth.
• Message content: text messages, file attachments, and metadata (timestamps, read receipts).
• Technical data: IP addresses, user agent strings, session identifiers, and device information.
• Audit data: action logs recording who did what and when, for compliance purposes.

• To provide and operate the Agency Chat platform.
• To authenticate users and enforce role-based access control.
• To deliver real-time messaging and push notifications.
• To generate audit trails for agency compliance.
• To send transactional emails (invitations, password resets).
• To improve the platform and resolve technical issues.

• Contract performance: processing necessary to provide the service you've subscribed to.
• Legitimate interests: security monitoring, fraud prevention, platform improvement.
• Consent: for optional features such as push notifications and marketing communications.
• Legal obligation: where required to comply with UK law.

We do not sell your data. We share data only with:

• Stripe: for payment processing (agency billing data only).
• TikTok: OAuth tokens are exchanged during creator authentication. We only request user.info.basic and user.info.profile scopes.
• Your agency: agency owners and admins can view all messages and audit logs within their agency.

• Messages are retained as long as the chat exists.
• Chats are retained as long as the agency exists.
• Agency data is retained for 14 days after cancellation, then permanently deleted.
• Creator data is hard-deleted 30 days after a deletion request (message content replaced with "[message removed]").

Under UK GDPR, you have the right to:

• Access your personal data (Right of Access).
• Rectify inaccurate data.
• Request erasure of your data (Right to be Forgotten).
• Restrict or object to processing.
• Data portability — export your messages from the Profile screen.
• Lodge a complaint with the ICO (ico.org.uk).

We implement industry-standard security measures including TLS 1.2+ encryption, argon2id password hashing, CSRF protection, rate limiting, and file scanning. All data is stored on UK-based servers.

For privacy enquiries, contact us at privacy@tekspert.co.uk or write to TekSpert Ltd, 110 Pall Mall, Chorley, PR7 2LB.