Short App

Privacy Policy

Last updated: April 2, 2026

TikTok App Name: short-team

1. Introduction

short-team (also known as “Short App”) (“we”, “our”, “the Service”, “the App”) is an automated content pipeline that generates and publishes short-form video content to social media platforms on behalf of its operators.

This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights as a user. It applies to all interactions with the Service, including OAuth authorizations for YouTube, TikTok, Instagram, and Google services.

2. Data We Collect

We collect only the minimum data necessary to operate the Service:

2.1 Platform OAuth Tokens

When you authorize the Service to act on your behalf on a platform (YouTube, TikTok, Instagram, Google Drive), we receive and store:

  • Access tokens and refresh tokens for the authorized account
  • Account identifiers required by the platform API (e.g., TikTok Open ID)

These tokens are stored securely in environment variables or a secrets manager and are never exposed to the browser or logged in plaintext.

2.2 Content Metadata

We store metadata about generated and published videos in a MongoDB database, including:

  • Video title, source article URL, and niche tags
  • Platform external IDs (YouTube video ID, TikTok publish ID)
  • Publication status, timestamps, view counts, and like counts
  • Google Drive file IDs and web view links
  • Instagram captions and hashtags you edit

2.3 Source Data

The Service scrapes publicly available content from sources such as Hacker News (news.ycombinator.com) to generate video scripts. No personal data is extracted from these sources — only public article titles and URLs.

2.4 Data We Do NOT Collect

We do not collect:

  • Passwords or login credentials
  • Financial or payment information
  • Personal communications (emails, DMs, comments)
  • Data from platform users who watch or interact with published content
  • Analytics or behavioral tracking data from end viewers

3. How We Use Your Data

Data collected is used exclusively to:

  • Authenticate API requests to connected platforms on your behalf
  • Upload generated video files to YouTube, TikTok, or Instagram
  • Store videos in Google Drive for review and archival
  • Track publication status and basic performance metrics (views, likes)
  • Display a dashboard for reviewing and managing published content

We do not use your data for advertising, profiling, or any purpose beyond operating the Service as described.

4. Third-Party Platform Data Access

The Service integrates with the following third-party APIs. Each integration accesses only the data scopes listed:

YouTube (Google)

Scopes requested:

  • youtube.uploadupload videos to your YouTube channel
  • youtube.readonlyread video statistics (views, likes)

Use of the YouTube API Services is additionally governed by the Google Privacy Policy.

Google Privacy PolicyRevoke access: Google Security Settings
TikTok

Scopes requested:

  • video.publishupload and publish videos to your TikTok creator account
  • user.info.basicread your Open ID and display name for creator info queries

Content posted by apps in sandbox mode may be restricted to private visibility until TikTok app approval.

TikTok Privacy PolicyRevoke access: TikTok Settings → Apps and Permissions
Instagram / Meta

Scopes requested:

  • instagram_content_publishpublish Reels and posts to your Instagram account
  • instagram_basicread your Instagram account ID required for publishing
Instagram Privacy PolicyRevoke access: Instagram → Settings → Apps and Websites
Google Drive

Scopes requested:

  • drive.fileread and write files created by this app only
Google Privacy PolicyRevoke access: Google Account → Security → Third-party access

5. Data Storage and Security

All platform tokens are stored as environment variables on the server and are never committed to version control or exposed to the client. Video metadata is stored in MongoDB Atlas with access restricted to the application server.

Video files are stored temporarily on the server filesystem during processing and then uploaded to Google Drive. Local files are removed after a successful upload.

We implement reasonable technical measures to protect stored data, including server-side access controls and encrypted connections (TLS) to all external APIs.

6. Data Retention

Video metadata in MongoDB is retained indefinitely unless manually deleted by the operator. OAuth tokens are retained until revoked by the user or rotated by the Service’s token refresh mechanism.

You may request deletion of your data at any time by contacting us at contact@short-app.dev.

7. Data Sharing

We do not sell, rent, or share your personal data with any third parties, except as required to operate the Service (i.e., transmitting content and tokens to YouTube, TikTok, Instagram, and Google Drive APIs as described above) or as required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure— request deletion of your data (“right to be forgotten”)
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing of your data
  • Revoke OAuth consent — disconnect any platform at any time via platform settings (see Section 4)

To exercise any of these rights, contact us at contact@short-app.dev.

9. Cookies and Tracking

short-team (Short App) does not use cookies, web beacons, or any client-side tracking technologies. No analytics SDKs (Google Analytics, Mixpanel, etc.) are embedded in the Service.

10. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us at contact@short-app.dev and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For questions, requests, or concerns about this Privacy Policy: contact@short-app.dev

Terms of ServiceBack to Dashboard