Stay Viral Command Center — Privacy Policy

Effective Date: April 18, 2026

Last Updated: April 18, 2026

1. About This Policy

This Privacy Policy applies to the Stay Viral Command Center application ("the App"), an internal operations platform operated by SV Group LLC ("Stay Viral," "we," "us," or "our"), a Delaware limited liability company doing business as Stay Viral.

The App is an internal tool used exclusively by authorized employees and contractors of SV Group LLC to manage TikTok Shop seller and affiliate operations on behalf of brand partners who have explicitly authorized our access. This policy describes how we collect, use, store, and protect data accessed through the TikTok Shop Open API and TikTok Shop Affiliate API.

Contact:

SV Group LLC

Attn: Privacy Officer

8605 Santa Monica Blvd, West Hollywood, CA 90069-4109

Email: [email protected]

2. Scope of Data Access

The App accesses data from TikTok Shop exclusively under the following conditions:

Seller data is accessed only from TikTok Shops that have explicitly authorized SV Group LLC via TikTok Shop's OAuth 2.0 authorization flow. Shop owners retain the right to revoke access at any time through their TikTok Shop Seller Center.

Affiliate data is accessed only in connection with SV Group LLC's status as an approved TikTok Affiliate Partner (TAP) and pertains solely to affiliates and campaigns managed under our agency.

We do not access, collect, or store data from TikTok Shops, creators, or affiliates outside of these authorized relationships.

3. Categories of Data Collected

Through the TikTok Shop APIs, the App may access and process the following categories of data:

Shop and product data — product listings, SKUs, inventory levels, pricing, category data, and product performance metrics for authorized shops.

Order data — order numbers, order status, fulfillment status, shipping tracking information, and aggregate order statistics. We do not collect or retain end-customer personal information beyond what is strictly necessary for fulfillment operations.

Financial data — settlement reports, commission records, payout schedules, and fee breakdowns for authorized shops.

Affiliate performance data — creator identifiers, affiliate GMV attribution, commission calculations, campaign participation, and content performance metrics for affiliates within our managed network.

Authentication data — OAuth access tokens and refresh tokens issued by TikTok Shop for authorized shops.

4. How We Use Data

Data accessed through the TikTok Shop APIs is used exclusively for the following internal business purposes:

Monitoring campaign performance and GMV across authorized shops and affiliate programs
Reconciling commission payments and identifying payout discrepancies
Matching creators in our network with appropriate brand partners
Generating internal reports for SV Group LLC leadership and operations teams
Communicating performance data back to the authorizing brand partner in aggregate or shop-specific form

We do not use data for advertising, resale, training of machine learning models, or any purpose outside the scope of our agency relationship with authorized brands and creators.

5. Data Sharing

We do not sell, rent, or trade data accessed through the TikTok Shop APIs. Data may be shared only in the following limited circumstances:

With the authorizing brand partner whose shop data is being accessed — reports and aggregate insights derived from their own shop data
With service providers (cloud hosting, analytics infrastructure) who are contractually bound to confidentiality and data protection obligations consistent with this policy
As required by law — in response to valid legal process, court orders, or regulatory requirements
In connection with a business transfer — if SV Group LLC is acquired or merges with another entity, subject to the acquirer agreeing to equivalent privacy protections

6. Data Storage and Security

Data accessed through the TikTok Shop APIs is stored on secure cloud infrastructure with the following protections:

Encryption at rest using AES-256 encryption for all stored data
Encryption in transit using TLS 1.2 or higher for all API communications
Access controls via role-based permissions — only authorized SV Group LLC employees with a documented business need can access the App
Token security — OAuth access tokens and refresh tokens are stored encrypted and rotated in accordance with TikTok Shop security guidelines
Audit logging of all data access events, retained for 12 months
Incident response procedures requiring notification of affected parties and TikTok Shop within 72 hours of any suspected data breach

7. Data Retention

We retain data accessed through the TikTok Shop APIs only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Specifically:

Active shop and affiliate data: retained for the duration of the authorized relationship plus 24 months for historical reporting
Financial and settlement data: retained for 7 years to comply with US tax and accounting recordkeeping requirements
OAuth tokens: deleted immediately upon revocation of authorization

When an authorizing brand or affiliate terminates their relationship with SV Group LLC or revokes API authorization, we delete all associated operational data within 90 days, except where retention is required by law.

8. Compliance with Applicable Laws

We comply with applicable privacy and data protection laws, including:

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
General Data Protection Regulation (GDPR) where data pertains to EU/UK residents
TikTok Shop Developer Terms of Service and TikTok Shop API Usage Policies

Individuals may exercise applicable rights — including access, deletion, and correction — by contacting [email protected].

9. Changes to This Policy

We may update this policy to reflect changes in our practices, applicable law, or TikTok Shop API requirements. Material changes will be communicated to affected brand partners at least 30 days before taking effect. The most current version is always available at the URL where this policy is hosted.

10. Contact

Questions, concerns, or requests regarding this policy or our data practices:

SV Group LLC