Why kieroFeaturesPricingFAQsJoin Waitlist

Privacy Policy

Effective date: 7 April 2026 · Last updated: 7 April 2026

1. Who we are

kiero Labs Ltd (“kiero”, “we”, “us”, “our”) is a TikTok Shop analytics and order management platform registered in England & Wales. We provide sellers with a unified dashboard for sales analytics, affiliate management, and business intelligence.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact

hello@kierolabs.com
kierolabs.com

2. What data we collect

We collect the minimum data necessary to provide our service. The data we process depends on how you interact with kiero.

If you visit our website

  • Analytics data— page views, referral source, and general usage patterns via Vercel Analytics. This data is aggregated and does not identify you personally.
  • Waitlist submissions— your email address, if you choose to join our waitlist.

If you connect your TikTok Shop

  • Account information— your Google email address and display name (used for dashboard login via Google OAuth).
  • Shop analytics— sales data, product performance, affiliate metrics, and order information from your TikTok Shop, accessed via the TikTok Shop API with your explicit authorisation.
  • Fulfilment data— recipient names and delivery addresses for active orders only, used solely to facilitate shipping.

What we do not collect

  • We do not collect or store buyer personal data (the end consumers purchasing from your shop) beyond what is required for active fulfilment.
  • We do not collect payment card information.
  • We do not build profiles of individual buyers.
  • We do not sell, rent, or share your data with third parties for marketing purposes.

3. How we use your data

We use your data for the following purposes only:

  • Providing the kiero dashboard— displaying your shop analytics, affiliate performance, and business intelligence.
  • Order management and fulfilment— facilitating shipping and delivery tracking for your orders.
  • Platform improvement— understanding aggregate usage patterns to improve our product (no individual data is used for this purpose).
  • Communication— sending you service updates and product announcements if you have opted in.

4. Legal basis for processing

Under the UK GDPR, we process your data under the following lawful bases:

  • Consent— when you authorise kiero to access your TikTok Shop data via OAuth, or when you submit your email to our waitlist.
  • Legitimate interest— for platform access control (Google OAuth login), service delivery, and platform security.
  • Contractual necessity— where processing is necessary to provide the services you have signed up for.

5. How we protect your data

We take data security seriously and have implemented the following measures:

  • Encryption in transit— all connections use TLS 1.2 or higher. Every API request to TikTok Shop is signed with HMAC-SHA256.
  • Encryption at rest— our database uses AES-256 encryption. All credentials are stored in encrypted environment variables.
  • Access controls— dashboard access is restricted by Google OAuth with an email whitelist. All API endpoints require authentication.
  • Security monitoring— rate limiting, security headers, and platform-level threat detection are active on all services.

6. Data retention

We retain your data only for as long as necessary to provide our service:

  • Session data— 24 hours, then automatically deleted.
  • Shop analytics— 90-day rolling window. Older data is automatically purged.
  • Fulfilment addresses— deleted within 48 hours of delivery confirmation.
  • On disconnection— if you revoke your TikTok Shop authorisation, all associated data is deleted immediately.
  • On account deletion— all data is deleted within 30 days. You will receive confirmation.

7. Your rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access— request a copy of the data we hold about you.
  • Rectification— request correction of inaccurate data.
  • Erasure— request deletion of your data (“right to be forgotten”).
  • Restriction— request that we limit how we process your data.
  • Portability— receive your data in a structured, commonly used format (CSV or JSON).
  • Objection— object to processing based on legitimate interest.

To exercise any of these rights, contact our Data Protection Officer at hello@kierolabs.com. We will respond within one calendar month.

8. Where your data is stored

Your data is processed and stored within the United Kingdom and the European Economic Area. Our infrastructure providers (Supabase and Vercel) maintain appropriate data protection agreements and safeguards for any international data transfers.

9. Third-party services

We use the following third-party services to operate kiero. Each has their own privacy policy:

  • Vercel— hosting and analytics
  • Supabase— database
  • Google— OAuth authentication
  • TikTok Shop— shop data via their Open API

We do not sell your data to any third party. Data is shared with these providers only to the extent necessary to deliver our service.

10. Cookies

kiero uses only essential cookies required for the application to function (authentication session cookies). We do not use tracking cookies, advertising cookies, or third-party marketing cookies. Our website analytics (Vercel Analytics) are privacy-friendly and do not use cookies.

11. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify affected users by email or through the kiero dashboard. The “Last updated” date at the top of this page indicates when the policy was last revised.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113

We would appreciate the opportunity to address your concerns directly first. Please contact us at hello@kierolabs.com.