tomeo
Dashboard Start free trial

Privacy Policy

Last updated: October 22, 2025 · This page explains how Tomeo ("we", "us") collects, uses, and protects your information. This is not legal advice.

1) Information we collect

  • Account data — name, email, authentication identifiers.
  • Content you create or upload — outlines, sections, documents, attachments.
  • Usage data — app interactions, device/browser info, approximate location (via IP), diagnostics.
  • Cookies and similar — session cookies and analytics; see “Cookies” below.
  • Billing — limited payment metadata via our payment processor (we do not store full card numbers).

2) How we use information

  • Provide and improve Tomeo, including background generation and exports.
  • Personalize templates and prompts (e.g., Tomeo Agent’s questions).
  • Security, fraud prevention, and debugging.
  • Customer support and service communications.
  • Analytics and product research (in aggregate or de‑identified form where possible).

3) Legal bases (EEA/UK users)

We process personal data under these bases: to perform a contract (the service), with your consent (where required), to comply with legal obligations, and for our legitimate interests (e.g., product security and improvement) when those interests are not overridden by your rights.

4) How we share information

  • Vendors/Processors who help operate the service (hosting, analytics, payments). They access data only to perform services for us and under contract.
  • Legal — to comply with law, protect rights, or respond to lawful requests.
  • Business transfers — part of a merger, acquisition, or asset sale.
  • We do not sell your personal information.

5) Cookies, analytics & advertising

Essential cookies are required to run Tomeo (authentication and session management) and are always active. We also use privacy-friendly, cookieless analytics (Plausible), which does not set cookies or collect personal data.

With your consent, we additionally use analytics and advertising technologies that set cookies and similar identifiers: the TikTok Pixel and Meta (Facebook) Pixel (to measure and optimize our marketing) and Amplitude (product analytics, which may include session replay and automatic capture of interactions). These non-essential technologies load only after you accept them in our cookie banner; if you decline, they are not loaded and no such cookies are set. You can change your choice at any time by clearing the tomeo-cookie-consent value in your browser storage, and you can also control cookies through your browser settings.

6) Data retention

We retain personal data as long as needed to provide the service and for legitimate business needs (e.g., security, legal compliance). You may request deletion; some data may be retained as required by law.

7) Security

We employ administrative, technical, and physical safeguards appropriate to the risk. No method of transmission or storage is 100% secure.

8) Your rights

Depending on your region, you may have rights to access, correct, delete, or port your data, and to object or restrict certain processing. To exercise rights, contact us using the details below. You may also complain to your local data protection authority.

9) Children

Tomeo is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children.

10) International data transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards for cross‑border transfers.

11) Connected social accounts (TikTok, Instagram, YouTube)

When you connect a third‑party social account so you can publish content you create in Tomeo to accounts you control, we process additional data to provide that feature.

  • What we receive from TikTok (via TikTok Login Kit / OAuth 2.0 with PKCE): your TikTok user identifier (open_id, and union_id where provided), your display name and avatar (so you can see which account is connected), and OAuth access and refresh tokens used to act on your behalf. If you enable metrics read‑back, we also store the IDs and basic status of videos that Tomeo posted for you.
  • What we send: when you choose to publish, we transmit the video you created to TikTok through its Content Posting API, using the privacy and disclosure settings you select. We do not read your followers, your feed, your direct messages, or videos we did not post.
  • Security: OAuth access and refresh tokens are encrypted at rest and transmitted over TLS.
  • Deleting data & revoking access: disconnecting an account in Tomeo immediately deletes the stored tokens and cached profile data for that account. You can also revoke Tomeo's access at any time in TikTok → Settings → Manage app permissions (and the equivalent settings for Instagram and YouTube).
  • Platform compliance: we share data with these platforms only to provide the features you use, and our TikTok integration complies with the TikTok Developer Terms of Service and Content Sharing Guidelines.

12) Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the app or by email.