PRIVACY POLICY.

Last updated: March 21, 2026

1. INTRODUCTION.

Moontrain Technology ("Company", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our AI agent services, including TikPilot and related products (the "Services").

2. INFORMATION WE COLLECT.

Account Information: When you register, we collect your name, email address, and account credentials for the Services.

Platform Data: When you connect third-party accounts (TikTok, Twitter/X, Reddit), we access data authorized through OAuth authentication, including:

  • Public profile information (display name, avatar, account ID)
  • Published content metadata (video titles, descriptions, engagement metrics)
  • Analytics data (views, likes, shares, follower counts)

Usage Data: We collect information about how you interact with our Services, including features used, content generated, and preferences set.

Technical Data: IP address, browser type, device information, and access timestamps for security and analytics purposes.

3. HOW WE USE YOUR INFORMATION.

We use your information to:

  • Provide, maintain, and improve our Services
  • Generate AI-powered content suggestions and analytics
  • Post content to your connected accounts with your explicit approval
  • Send you notifications, briefs, and alerts via your chosen channel (Telegram, email)
  • Analyze usage patterns to improve our AI models and user experience
  • Ensure security and prevent fraud or abuse

4. DATA SHARING.

We do not sell your personal information. We may share data with:

  • AI Model Providers: We send anonymized content to large language model providers (e.g., DeepSeek, Anthropic) for content generation. No personally identifiable information is included in these requests.
  • Third-Party Platforms: When you authorize posting, we transmit content to TikTok and other connected platforms via their official APIs.
  • Service Providers: We use cloud hosting, analytics, and payment processing providers who are contractually bound to protect your data.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect the rights and safety of our users.

5. OAUTH AND THIRD-PARTY ACCESS.

When you connect your TikTok or other social media accounts, we use OAuth 2.0 authentication. This means:

  • We never see or store your TikTok password
  • You explicitly grant specific permissions (scopes) during authorization
  • You can revoke access at any time through your TikTok account settings or through our Services
  • Access tokens are encrypted at rest and in transit

6. DATA RETENTION.

We retain your data for as long as your account is active or as needed to provide the Services. Analytics and generated content history is retained for up to 24 months. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

7. DATA SECURITY.

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • OAuth tokens stored in encrypted databases with restricted access
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for internal systems

8. YOUR RIGHTS.

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a portable format
  • Revoke Consent: Disconnect third-party accounts and revoke permissions at any time

To exercise these rights, contact us at admin@moontrain.io.

9. COOKIES AND TRACKING.

Our Services use minimal cookies for authentication and session management. We do not use third-party advertising trackers. Analytics are collected using privacy-respecting tools.

10. CHILDREN'S PRIVACY.

Our Services are not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

11. INTERNATIONAL DATA TRANSFERS.

Your data may be processed in servers located outside your country of residence, including in the United States and Singapore. We ensure appropriate safeguards are in place for cross-border data transfers in compliance with applicable data protection laws.

12. CHANGES TO THIS POLICY.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Services. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. CONTACT.

For privacy-related questions or requests, contact our team at admin@moontrain.io.

Moontrain Technology
Jakarta, Indonesia