Data Security

Access Control

Access to advertising data and operational tools is restricted by role, advertiser scope, business purpose, and account authorization. Permissions follow least-privilege principles. Initial access focuses on reporting and monitoring before higher-risk campaign write permissions are requested.

Credential Protection

API credentials, access tokens, refresh tokens, seller tokens, and platform secrets are treated as sensitive information. They are not embedded in public pages, shared through unsecured channels, or used outside approved advertiser and business scopes.

Auditability

Sensitive campaign operations are designed to preserve audit records, including operator identity, account scope, rule name, customer configuration, timestamp, request ID, business reason, before-state, after-state, and execution status.

Automation Guardrails

Rule-based workflows use thresholds, spend caps, cooldown windows, exception detection, approval thresholds, rollback records, and operator review where appropriate. Automation is designed to support controlled execution rather than unmanaged campaign changes.

BI and Monitoring Controls

BI dashboards and minute-level monitoring workflows are designed to use aggregate advertising metrics, account authorization checks, request logging, reconciliation checks, and data validation before operational decisions are made.

Data Sharing

We do not sell TikTok API data, provide public data feeds, scrape TikTok, or share account-level advertising data with unauthorized third parties. Data access is limited to authorized operations, customer-approved workflows, and platform review.

Security Contact

Security questions can be sent to chuangjulimited@chuangjuhk.top.