Privacy Policy

Last Updated: 25 February 2026 (rev. 2)  ·  Governing Law: The Netherlands

Summary: Grapjes Maker collects only the minimum data needed to operate its features. We do not sell or share your personal data with third parties for marketing purposes. Data obtained from third-party platforms is used solely to provide the Service's core functionality.

1. Who We Are

Grapjes Maker ("we", "us", or "our") is a service operated under Dutch law. If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact our Privacy Team at contacts@grapjesmaker.com (subject line: Privacy Request).

2. Scope of This Policy

This Privacy Policy applies to all users of the Grapjes Maker website and associated services (collectively, the "Service"). It describes what personal data we collect, how we use it, and your rights regarding that data.

3. Third-Party Platform Integrations & API Scopes

Grapjes Maker integrates with third-party social media platforms using their official developer APIs. Currently, the Service integrates with TikTok and may integrate with additional platforms in the future. To use platform-related features you must authenticate with the respective platform account.

3.1 TikTok API

When you connect your TikTok account, your browser communicates directly with TikTok's API servers. We request the following OAuth permissions (scopes):

Data flow: When you log in via TikTok or publish a video, your credentials and content are sent directly to TikTok's API infrastructure. TikTok processes this data according to its own Privacy Policy. We do not control TikTok's subsequent use of data transmitted to their servers.

Data received from TikTok: In response to the scopes granted, TikTok returns to us: your TikTok Open ID (a pseudonymous identifier), your display name, and your profile picture URL. We do not receive your TikTok password, private messages, or financial information.

3.2 Future Platform Integrations

For any additional platforms we integrate with in the future, we will list the relevant permissions, data received, and applicable third-party privacy policies in an updated version of this document before those integrations become active.

We access third-party platform data strictly to deliver the functionality described above. We do not use platform API data for advertising profiling or sell it to third parties.

4. Data We Collect

4.1 Data from Third-Party Platforms

Depending on which platform integrations you enable, we may collect the following categories of data from those platforms:

We only collect data that the platform makes available for the scopes you have authorised.

4.2 Data You Provide

4.3 Automatically Collected Data

5. How We Use Your Data

We use the data we collect for the following purposes:

We do not use your data for automated profiling, targeted advertising, or any purpose unrelated to operating the Service.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (including the Netherlands), we process personal data on the following legal bases:

7. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

8. Data Storage & Retention

We retain each category of personal data only as long as necessary for its purpose:

Data category Retention period
TikTok display name, profile picture URL, Open ID Duration of active account; deleted within 30 days of deletion request or authorization revocation
Published content metadata (title, description, publish status) Up to 90 days after publication, then deleted; or immediately on request
User preferences and settings Duration of active account; deleted within 30 days of deletion request
Browser type and operating system Transient — processed only during the active session, not persistently stored
IP address Transient — used only to route service requests, not logged or stored
Anonymised usage statistics Indefinitely — these cannot be used to identify you

How to request deletion: Send an email to contacts@grapjesmaker.com with the subject line "Data Deletion Request" and include your TikTok display name or Open ID so we can locate your records. We will confirm deletion within 30 days of receipt, except where retention is required by law (e.g., statutory accounting records).

You may also revoke the Service's TikTok authorization at any time from your TikTok account settings under Privacy → Apps and websites. Revoking authorization immediately stops the Service from accessing your TikTok account; we will delete the associated data within 30 days.

9. International Data Transfers

The Service may use cloud infrastructure located outside the Netherlands or the European Economic Area. Where such transfers occur, we rely on European Commission-approved transfer mechanisms (such as Standard Contractual Clauses) to ensure an adequate level of protection.

10. Your Rights (GDPR Articles 15–22)

As an EU/EEA resident you have the following rights:

Additionally, you may revoke a platform authorisation at any time from that platform's own account settings. Revoking authorisation stops the Service from accessing your account on that platform going forward.

To exercise any of these rights, contact us at contacts@grapjesmaker.com. We will respond within one month as required by GDPR. Where consent is the legal basis for processing, you may withdraw it at any time by contacting us at the same address; withdrawal is as straightforward as the original grant of consent and does not affect the lawfulness of processing carried out before withdrawal. You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

11. Children's Privacy

Grapjes Maker is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at contacts@grapjesmaker.com and we will promptly delete it.

12. Security & Breach Notification

We implement the following technical and organisational measures to protect your personal data:

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerabilities.

Breach notification: In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens without undue delay and within 72 hours of becoming aware, as required by GDPR Art. 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (GDPR Art. 34), using contact details associated with your account or, where unavailable, a prominent notice on the Service.

13. Cookies & Tracking

Grapjes Maker uses only strictly necessary cookies and browser storage. We do not use advertising cookies, cross-site tracking cookies, or analytics cookies that identify you personally.

Cookie / storage item Purpose Duration
Session token (first-party) Keeps you authenticated during your visit so you do not need to re-login on every page Session (deleted when you close the browser tab or log out)
User preferences (localStorage) Stores your in-app settings (e.g., theme, language) locally in your browser Persistent until you clear browser storage or uninstall the app
TikTok OAuth state (first-party, transient) A short-lived CSRF token used during the TikTok login flow to prevent request forgery Deleted immediately after the OAuth callback completes
TikTok cookies (third-party) TikTok may set its own cookies on its domain during the OAuth login flow. These are governed by TikTok's own Cookie Policy. As defined by TikTok

How to manage cookies: You can control, block, or delete cookies at any time through your browser settings. Disabling session cookies will prevent you from logging in to the Service. Common browser guides:

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact our Privacy Team:

We will acknowledge your request within 5 business days and respond in full within 30 days as required by GDPR.