CACHALOT
Privacy Policy

1. Who we are

CACHALOT is an application and service that provides content-factory services: production of videos and SEO articles, and automated posting of content to social platforms (including TikTok, YouTube, Instagram, VK, and Telegram) on behalf of users who explicitly connect their accounts via OAuth.

The data controller for CACHALOT is:

• NATALIA BOBROVSKAIA PR CACHALOT (Preduzetnik / sole proprietorship)
• Registered address: Gajeva 3, 21000 Novi Sad, Serbia
• Tax ID (PIB): 115284342
• Registration number (MB): 68244382
• Registered on: September 25, 2025
• Contact: [email protected]

2. Data CACHALOT collects

2.1. From visitors to cachalot.cc

When you submit the contact form on the Contact page, CACHALOT stores your name, contact (Telegram username or phone), the service category you selected, the message body, your IP address, and your browser User-Agent. This data is used only to reply to your inquiry and is kept in an append-only log on our server. A notification about the submission is delivered via Telegram to the CACHALOT operator.

2.2. From clients who connect social accounts via OAuth

When a CACHALOT client signs in with TikTok (or another platform) from the Login page, CACHALOT receives an access token and a refresh token from the platform, scoped strictly to what the client granted (user.info.basic, video.upload, video.publish). CACHALOT stores these tokens encrypted at rest and uses them only to publish content that the client has explicitly queued for posting through the CACHALOT dashboard.

CACHALOT does not collect analytics about other TikTok users, does not read third-party content, and does not sell or share tokens with third parties.

2.3. Technical data

The server logs standard HTTP request metadata (IP, timestamp, path, response status) for security and diagnostic purposes. Logs are rotated every 14 days.

3. Why CACHALOT collects data

• Contact submissions: to reply to you via Telegram or email and discuss your project.
• OAuth tokens: to publish videos and articles to your social accounts at your explicit request.
• Technical logs: to keep the service available and secure.

4. Where data is stored

CACHALOT servers are physically located in Europe (Serbia or Germany, depending on the infrastructure provider). Data is not exported outside CACHALOT infrastructure and is not shared with third parties except as described in section 5.

5. Sharing with third parties

CACHALOT shares data only with the following services:

• Telegram Bot API — to deliver contact form submissions to the CACHALOT operator's Telegram.
• TikTok / YouTube / VK / Instagram / Telegram APIs — to publish content that you explicitly asked CACHALOT to publish on your behalf.
• Cloudflare — CDN and DDoS protection (processes IPs and standard HTTP headers).

CACHALOT does not sell personal data. CACHALOT does not use data for advertising and does not build marketing profiles.

6. Data retention

• Contact submissions — until project closure or until you request deletion.
• OAuth tokens — until you revoke access via TikTok (or the relevant platform) or until you ask CACHALOT to delete the token.
• Technical logs — 14 days.

7. Your rights

At any time you may:

• Request a copy of all data CACHALOT stores about you.
• Request deletion of your data and OAuth tokens.
• Revoke CACHALOT's access through your TikTok Connected Apps settings.

To exercise these rights, write to [email protected]. CACHALOT responds within 30 days.

8. Security

CACHALOT uses HTTPS for all connections (via Cloudflare), stores OAuth tokens encrypted at rest, restricts server access to SSH keys, and enforces rate limits on public endpoints.

9. Children

The CACHALOT service is not intended for users under 18 and does not knowingly collect data about minors.

10. Changes to this policy

CACHALOT may update this policy. The current version is always available at cachalot.cc/privacy-policy. Active OAuth clients will be notified by email about material changes.

11. Contact

Questions about the CACHALOT Privacy Policy:
[email protected]