Data Security & Privacy Policy

Last updated: Sep 15, 2025

1. Introduction

2. Scope of Application

• All personal data collected by ATELICATA from customers, users, partners, or third parties when providing services, including integrations with TikTok Shop Partner APIs, SDKs, Advertising Tools, Lead Generation, and Custom Audiences.
• All activities related to data collection, processing, storage, transfer, and protection that involve TikTok Shop and related services.

3. Core Principles for Data Privacy & Security

1. Legal Compliance

   • All data collection and processing activities comply with relevant laws (e.g., GDPR in the EU, CCPA/CPRA in California, and local data protection laws).
   • If local regulations are stricter than this policy, ATELICATA will follow local requirements.

2. Transparency & Notice

   • Users will be clearly informed about the type of data collected, the purposes of use, and any sharing with third parties.
   • Privacy policies will be easily accessible and prominently linked in all data collection points (e.g., websites, apps, lead generation forms).

3. Data Minimization & Purpose Limitation

   • Only the minimum data necessary will be collected for specified purposes.
   • Data will not be used for other purposes without additional user consent.

4. User Rights

   • Users may access, correct, or delete their personal data where legally permitted.
   • Users have the right to opt-out of data usage for advertising or analytics, as required by law.
   • Appropriate age-gating and parental consent mechanisms will be applied if data is collected from minors.

5. Security Measures

   • Technical and organizational safeguards will be implemented, including:
     • Encryption of data in transit and at rest
     • Access control and role-based permissions
     • Strong authentication mechanisms
     • Secure hosting environments and monitoring systems
   • Any third-party vendors handling data must meet equivalent security and compliance standards under a Data Processing Agreement (DPA).

6. Data Retention & Deletion

   • Data will only be retained as long as necessary for the stated purpose.
   • Once no longer needed, data will be securely deleted or anonymized.
   • Retention requirements specific to certain jurisdictions will be strictly observed.

7. Incident Management & Breach Notification

   • ATELICATA maintains procedures for identifying and responding to data breaches.
   • In case of a breach that could harm individuals, ATELICATA will promptly notify affected users and relevant authorities, as required by law.

8. Ongoing Audits & Verification

   • Regular internal audits will be conducted to ensure compliance with this policy.
   • ATELICATA will provide TikTok with relevant security documentation or evidence of compliance when required.

9. Legal Roles & Responsibilities

   • ATELICATA will clearly define its role as Data Controller or Data Processor, depending on the context of integration with TikTok Shop (e.g., TikTok Pixel, SDK, APIs).
   • In cases of joint controllership with TikTok, responsibilities will be transparently communicated to users.

10. Special Data Categories

    • ATELICATA will clearly define its role as Data Controller or Data Processor, depending on the context of integration with TikTok Shop (e.g., TikTok Pixel, SDK, APIs).
    • In cases of joint controllership with TikTok, responsibilities will be transparently communicated to users.

4. Security Practices Implemented at ATELICATA

• SSL/TLS encryption for all data transmissions.
• Secure databases with encryption and logical partitioning.
• Strict internal access controls with “least privilege” enforcement.
• Strong password policies and multi-factor authentication (where applicable).
• Employee training on data security and privacy.
• Vendor and partner compliance with DPA contracts.
• Logging, monitoring, and anomaly detection systems.
• Regular data backups and disaster recovery planning.

5. TikTok Shop Partner – Additional Compliance Requirements

• Providing detailed documentation of our privacy and security practices, including system architecture, encryption methods, data access controls, and retention/deletion policies.
• Completing TikTok’s required security assessments and questionnaires regarding data storage, cross-border transfers, and third-party access.
• Ensuring compliance with stricter regulations (e.g., GDPR for EU users, CCPA/CPRA for California users).
• Cooperating with TikTok for independent audits or compliance checks if requested.

6. User Rights & Responsibilities

• Clear information on what data is collected and how it is used.
• The right to withdraw consent for data processing, where applicable.
• Request for erasure or anonymization of data when no longer necessary.
• Be informed in case of a data breach that affects their personal information.
• Access and correct their personal data as permitted under applicable law.

7. Policy Updates

• ATELICATA reserves the right to update this policy to reflect new legal requirements or TikTok Shop Partner compliance needs.
• Updates will be communicated clearly through our website and applications.

8. Contact Information

• Company: ATELICATA LLC
• Address: 2355 STATE ST STE 101, SALEM, OR 97301 USA
• Email: [email protected]