What we collect
Email, name, and password (we never see the plaintext — Supabase, our auth provider, stores it hashed on our behalf). Optionally: handle, bio, niches you follow. Stripe handles all payment details — we never see card numbers.
Anonymised usage data: which features you click, how often, search queries (hashed). No content of your messages, no DMs, no contacts.
How we use it
To operate the product. To send you product emails (weekly digest, niche alerts) you opted into. To improve features. Nothing else.
Sharing
We do not sell or share your data. Sub-processors: Supabase (auth + database, US-East), Stripe (payments, US), Vercel (hosting + edge functions, global), OpenAI (AI hook generation, US), Apify (TikTok scraping, EU). Email privacy@viralvault.studio for the current detailed list.
Chrome extension
The ViralVault Chrome extension transmits exactly two things to viralvault.studio: (1) your license key, used to verify your subscription, and (2) the TikTok video IDs visible on the page you're browsing, used to look up their pre-computed Outlier Scores.
Your license key is stored locally in chrome.storage.local so you don't have to re-enter it. The extension never collects browsing history, video content, comments, DMs, your TikTok account credentials, or any other page data beyond the visible video IDs. It does not send data to any third party — only to viralvault.studio.
Daily lookups are capped per license to prevent abuse — see your /account page for the current limit on your plan. Lookups are not logged in a way that links them back to your identity — we count them, we don't retain the IDs.
Your rights
Export all your data anytime from /account → Danger zone. Delete your account same place. GDPR & CCPA compliant.
Cookies
Auth session cookie (essential). Optional analytics (PostHog, anonymised). No third-party ad cookies. Ever.
Contact
Privacy questions: privacy@viralvault.studio — we reply in 48h.