Privacy Policy

1. Introduction

This Privacy Policy describes how Naoki Matsukawa ("we," "us," or "our") collects, uses, and protects information when you ("the User") use Buzz Manager, our social media management platform (the "Service").

The Service is provided to content creators and small teams who wish to manage their own TikTok and X accounts more efficiently. By using the Service, you grant us limited, revocable access to the social media accounts you choose to connect.

Operator Information:

• Operator: Naoki Matsukawa
• Contact Email: [email protected]
• Website: https://buzzmanager.y-bz.com

2. Information We Collect

2.1 Information from Connected Social Media Accounts

When you authorize the Service to connect a TikTok account (or other social media account) via OAuth, we collect the following data on your behalf so that the Service can function:

• Account identifier (username, user ID)
• Profile information (display name, avatar)
• Posting permissions (as authorized by you)
• Content metadata (post titles, descriptions, scheduling information)
• Performance metrics (views, likes, comments, follower counts)

We do not collect:

• Your social media password
• Direct messages or private content
• Personal contact information of your followers

2.2 Information You Provide

• Email address (for service account creation)
• Display name
• Configuration preferences

2.3 Automatically Collected Information

• Login timestamps
• Operation logs (for audit and security purposes)
• Error logs

3. How We Use Information

We use collected information solely to provide the Service to you:

1. Service Operation: Generating content suggestions, scheduling/uploading posts you approve, and showing you analytics for your connected accounts
2. Account Authentication: Authenticating you and the social media accounts you connect
3. Security and Audit: Detecting unauthorized access and maintaining operational logs to protect your data
4. Service Improvement: Aggregated, anonymized analysis of usage patterns to improve features (no personal data is shared with third parties)

We do not:

• Sell, rent, or share your information with third-party marketers
• Display posts from your connected accounts publicly on our website or anywhere else
• Use your connected account data for any purpose other than providing the Service to you
• Train AI models on your private content without explicit consent

4. Information Sharing

4.1 No External Sharing

We do not share, sell, rent, or trade your information with external third parties.

4.2 Service Providers

The following service providers process data on our behalf strictly for service operation:

• Hetzner Cloud (Germany): Server infrastructure
• Cloudflare: Network security and content delivery
• Anthropic (Claude API): AI-assisted content generation
• OpenAI: AI-assisted image generation
• Notion: Account configuration and operational data storage

All service providers are bound by their own privacy policies and contractual obligations to protect data.

4.3 Legal Compliance

We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Storage and Security

5.1 Storage Location

Data is stored on private servers located in Helsinki, Finland (Hetzner Cloud). Backup copies are stored in geographically separated locations.

5.2 Security Measures

We implement multiple layers of security:

• Encryption in transit: All communications use TLS 1.2+
• Encryption at rest: Database encryption and disk-level encryption
• Access control: Role-based access via Cloudflare Access and SSH key authentication
• Network isolation: Private network access via Cloudflare Tunnel; server IP not publicly exposed
• Audit logs: All access and operations are logged for 90 days
• Secret management: Sensitive credentials encrypted using SOPS

5.3 Data Retention

• Operational data: Retained while your account is active
• Logs: 90 days
• Backup data: 30 days
• Upon account closure: Data deleted within 30 days

6. Your Rights

You have the right to:

1. Access: Request a copy of data we hold about your connected accounts
2. Correction: Request correction of inaccurate information
3. Deletion: Request deletion of your data and disconnect accounts
4. Withdrawal of Consent: Disconnect any connected social media account at any time through the Service interface
5. Portability: Request data in a machine-readable format

To exercise these rights, contact us at: [email protected]

We will respond within 30 days.

7. TikTok-Specific Disclosures

When you authorize the Service to connect your TikTok account, we comply with TikTok's API Services Agreement and Developer Terms of Service. Each TikTok scope below corresponds to a specific feature you can choose to use:

7.1 Scopes Requested and Their Use

• user.info.basic / user.info.profile: Display your TikTok display name and avatar in the Service so you can verify which account is connected. Not shared externally.
• user.info.stats: Display follower count, post count, and other public profile statistics to help you track growth over time.
• video.list: Retrieve metadata of posts you previously published, so the Service can show you per-post analytics (views, likes, comments).
• video.upload: Upload video and image content you generate or approve via the Service to your TikTok account, as a draft.
• video.publish: Once you confirm a draft, publish it on TikTok at the time you choose.

7.2 Default: Draft Mode

By default, content created by the Service is uploaded as SELF_ONLY drafts to your TikTok inbox. You always retain the choice to review, edit, and publish — the Service never publishes content publicly without your explicit action.

7.3 No External Sharing of TikTok Data

TikTok data accessed via your authorization is used only within the Service to provide features to you. We do not publish your TikTok posts on our website, share with advertisers, or expose your data to other users of the Service.

7.4 TikTok Data Deletion

You can revoke our access at any time from your TikTok account settings or via the Service interface. Once disconnected, our access tokens are invalidated and the associated data is deleted from our systems within 30 days.

8. Children's Privacy

The Service is intended for use by adults aged 18 or older. We do not knowingly collect data from children under 13.

If we discover that data from a child under 13 has been collected, we will delete it promptly.

9. International Data Transfers

Our servers are located in Finland (EU). By using this Service, you acknowledge that data may be transferred and processed in jurisdictions outside your country.

We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) and Japan's Act on the Protection of Personal Information (APPI).

10. Cookies and Tracking

This Service may use cookies and similar technologies for:

• Authentication session management
• User preferences

We do not use third-party tracking, analytics, or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated "Last Updated" date. Significant changes will be communicated to active users via email.

12. Contact Information

For privacy-related questions, requests, or concerns:

Naoki Matsukawa
Email: [email protected]
Website: https://buzzmanager.y-bz.com

We will respond to inquiries within 30 days.

13. Governing Law

This Privacy Policy is governed by the laws of Japan, without regard to conflict of law principles.

Last Updated: May 5, 2026