← Back to home

Data Retention & Deletion Policy

Last updated: May 28, 2026

1. Overview

Jobx ("we", "us", "our") is committed to collecting only the minimum data necessary to deliver our AI-powered messaging service and to deleting that data promptly when it is no longer needed.

This policy covers all personal data processed by Jobx, with specific detail for data collected through the TikTok Business Messaging API in compliance with TikTok's Data Security and Privacy Review (DSPR) requirements and applicable regulations including GDPR and CPRA.

2. Data We Hold and Retention Periods

Data typePurposeRetention period
Jobx account data (name, email, plan)Account management, billingUntil account is closed + 30 days
Knowledge base documentsAI agent contextUntil deleted by you or account closure
TikTok Business Account credentials (open_id, OAuth tokens)Send replies on your behalfUntil you disconnect the account — deleted immediately on disconnect
TikTok end-user identifiers (user ID, display name)Identify conversation participantsUntil TikTok account is disconnected — deleted immediately on disconnect
TikTok Direct Message content (conversation history)AI context, conversation continuityUntil TikTok account is disconnected — deleted immediately on disconnect
Meta / Instagram / WhatsApp message dataAI agent DM responsesUntil channel is removed or account is closed + 30 days
Encrypted database backupsDisaster recoveryPurged within 30 days of primary data deletion
Access / activity logsSecurity, fraud detection90 days
Billing and payment recordsLegal / tax compliance7 years (statutory requirement)

3. TikTok Business Messaging Data — Specific Rules

Because TikTok Direct Message data is classified as Protected Data under TikTok's Business Messaging API terms, we apply stricter handling rules:

3.1 Data minimization

We request only the TikTok API scopes required to read and send Direct Messages. We do not access or store TikTok video data, follower counts, analytics, or any other data unrelated to the DM service.

3.2 Automatic deletion on disconnect

When a Jobx user disconnects their TikTok Business Account (via Dashboard → Integrations → Remove), our system immediately and automatically:

  • Deletes all Direct Message content stored for that account
  • Deletes all associated conversation records and TikTok end-user identifiers
  • Removes the OAuth access token and refresh token from our database
  • Deactivates any TikTok channels linked to that account

This deletion is irreversible. Encrypted backups containing that data are purged within 30 days.

3.3 AI model processing

Message content is transmitted to an AI language model (Anthropic Claude or OpenAI GPT) solely to generate an automated reply. We use these providers under Data Processing Agreements. The AI provider does not retain message content for training purposes under our agreements.

3.4 EU user data (GDPR)

Messages from TikTok users located in the European Economic Area (EEA) are processed under the same pipeline and are subject to GDPR. We do not use this data for profiling, advertising, or any purpose other than generating the automated DM response. EEA users may exercise their data rights as described in Section 5.

3.5 No secondary use

TikTok Protected Data is used exclusively to operate the Jobx DM automation service. It is not shared with any party other than the AI model provider, is not used for advertising or marketing, and is not combined with data from other platforms to build user profiles.

4. How We Protect Your Data

  • Encryption at rest: all data in our database (Supabase / PostgreSQL) is encrypted with AES-256.
  • Encryption in transit: all connections between your browser, our servers, TikTok's API, and AI providers use TLS 1.2 or higher.
  • Access control: row-level security ensures each Jobx user can only access their own data. Admin access is restricted to authorized personnel and requires multi-factor authentication (MFA).
  • OAuth token security: TikTok access and refresh tokens are stored in the database, access-controlled by the account owner's user ID. They are never exposed in client-side code or logs.
  • Vulnerability management: we perform regular vulnerability scans and remediate issues promptly.

5. Your Rights & How to Exercise Them

5.1 Rights you have

  • Access: request a copy of all data we hold about you and your customers' interactions.
  • Correction: request correction of inaccurate data.
  • Deletion: request permanent deletion of your data and your customers' data.
  • Portability: request your data in a structured, machine-readable format (JSON / CSV).
  • Restriction: request that we restrict processing while a dispute is resolved.
  • Withdraw consent: disconnect any third-party integration at any time from your dashboard, which immediately stops data collection and triggers deletion.

5.2 How to request deletion of TikTok data

Option 1 — Self-service (immediate)
  1. Log in to your Jobx account at jobx.me
  2. Go to Dashboard → Integrations
  3. Find your TikTok Business Account and click Remove
  4. Confirm the removal — all associated data is deleted immediately
Option 2 — Email request (within 30 days)

Send an email to privacy@jobx.me with the subject "TikTok Data Deletion Request". Include your Jobx account email and the TikTok Business Account display name. We will process your request within 30 days and send you a written confirmation.

5.3 What gets deleted

Upon a valid TikTok data deletion request, we permanently remove:

  • All Direct Message content (incoming and outgoing) stored for that account
  • All TikTok end-user identifiers (user IDs, display names)
  • The TikTok Business Account open ID and display name
  • OAuth access token and refresh token
  • All conversation records linked to that TikTok account

Note: deleting TikTok data does not automatically delete your full Jobx account. To close your Jobx account entirely, contact privacy@jobx.me separately. Billing records are retained for the statutory period required by law.

6. Requests from TikTok End Users

If you are a TikTok user who sent a message to a business that uses Jobx and you wish to request access to or deletion of your data, please contact us at privacy@jobx.me with:

  • The TikTok Business Account display name you contacted
  • An approximate date of your interaction
  • Your TikTok username or unique identifier (if known)

We will respond within 30 days and will coordinate with the relevant Jobx Business Account holder to fulfill the request.

7. Subcontractors & Third-Party Processors

The following subcontractors may process personal data on our behalf:

SubcontractorRoleData processed
SupabaseDatabase & authentication hostingAll account and messaging data (encrypted at rest)
AnthropicAI language model (Claude)Message content for response generation only
OpenAIAI language model (GPT)Message content for response generation only (when selected)
VercelApplication hosting & CDNRequest logs, IP addresses

All subcontractors are bound by data processing agreements requiring them to protect data and use it only for the specified purpose.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date and, where appropriate, notifying affected users by email. Continued use of Jobx after changes are posted constitutes acceptance.

9. Contact & Data Protection

For questions about this policy, data deletion requests, or to exercise any data rights:

Jobx

Website: jobx.me

Privacy email: privacy@jobx.me

We aim to respond to all privacy requests within 30 days. If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Privacy PolicyData DeletionTerms of ServiceHome