Privacy Policy

Last updated: 9 July 2026

This Privacy Policy explains how Born Digital SAS (“Born Digital”, “we”, “us”) collects, uses, stores and protects personal data when you use the Born Digital platform available at tribes.borndigital.co (the “Service”), including data we access from third-party platforms such as TikTok, Instagram and Facebook with your authorization.

1. Who we are

The Service is operated by Born Digital SAS, a company registered in France (SIREN 504 589 631, RCS Paris), with its registered office at 9 rue des Colonnes, 75002 Paris, France. Born Digital acts as the data controller for the personal data described in this policy.

For any privacy request you can contact us at contact@borndigital.co.

2. What data we collect

2.1 Account data

When an account is created for you on the Service, we process your first name, last name, email address, password (stored hashed), language preference and the projects/roles assigned to you.

2.2 Content you create

We process the content you upload or schedule through the Service, such as videos, images, captions, publication dates and related metadata.

2.3 Data from connected social accounts

When you connect a third-party social account, we access — only with your explicit authorization and only to the extent needed to provide the Service — data returned by that platform’s official API.

TikTok data specifically. When you connect a TikTok account through TikTok Login (OAuth 2.0), we request the following scopes and use the associated data as described below. We do not access your direct messages, your followers, or any data outside the scopes you approve.
TikTok scopeData accessedWhy we use it
user.info.basicOpen ID, username, display name, avatarTo display and confirm which TikTok account is linked to your project.
video.uploadThe video you choose to uploadTo upload, on your instruction, the videos you schedule in the Service.
video.publishPublishing status and the resulting post/video identifiersTo publish those videos to your own TikTok account and confirm the result.

We also securely store the OAuth access and refresh tokens issued by the platform. These tokens are used solely to perform actions you initiate and are never shared with third parties for their own purposes.

2.4 Usage and technical data

We process technical data necessary to operate and secure the Service, such as log data, session information and basic analytics.

3. How we use your data

We do not sell your personal data, and we do not use TikTok data for advertising profiling or for any purpose other than delivering the features you use.

4. Legal basis (GDPR)

Where the EU General Data Protection Regulation applies, we process personal data on the basis of: the performance of our contract with you (providing the Service); your consent (connecting a third-party account and the associated data access); our legitimate interests (securing and improving the Service); and compliance with legal obligations.

5. Sharing and sub-processors

We share data only with service providers that help us operate the Service, under appropriate contractual safeguards:

Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

6. Data retention

We keep your account and content data for as long as your account is active. Data from connected social accounts (including OAuth tokens) is retained until you disconnect the account or delete it, after which it is removed from our active systems. We delete or anonymize data that we no longer need, subject to any legal retention obligations.

7. How to revoke access and delete your data

8. Security

We implement technical and organizational measures to protect personal data, including encryption in transit (HTTPS), hashed passwords, restricted access based on roles, and secure storage of credentials and tokens.

9. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. You may exercise these rights by contacting contact@borndigital.co. You also have the right to lodge a complaint with your local supervisory authority (in France, the CNIL).

10. Children

The Service is intended for professional use by adults and is not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the latest revision. Material changes will be communicated through the Service where appropriate.

12. Contact

Born Digital SAS — 9 rue des Colonnes, 75002 Paris, France — contact@borndigital.co.