Privacy Policy

Effective date: April 20, 2026 · Last updated: April 20, 2026

This Privacy Policy explains how NETBRIDGEX PTE. LTD. ("CrossLion", "we", "us", "our") collects, uses, stores, shares and protects information when you use our website 558.la and our related services (collectively, the "Service").

CrossLion is operated from Singapore and complies with the Personal Data Protection Act 2012 (PDPA) of Singapore. Where relevant, we also align with the EU General Data Protection Regulation (GDPR).

1. Who we are

Data controller: NETBRIDGEX PTE. LTD., a company incorporated in Singapore
Registered address: 112 Robinson Road, #03-01, Robinson 112, Singapore 068902
Contact: 558@558.la

2. Information we collect

2.1 Information you give us directly

Account information: name, email, password (stored as a salted hash), and workspace settings.
Billing information: if you subscribe to a paid plan, billing is processed by a third-party, PCI-DSS compliant payment processor. We do not store full card numbers on our servers.
Content you upload: videos, captions, hashtags, scheduling preferences and metadata you choose to manage in CrossLion.
Support messages: any information you send when contacting support.

2.2 Information we receive from TikTok via authorised OAuth scopes

When you connect a TikTok account to CrossLion through TikTok's official Login Kit, you choose to share the following data with us. We only access what corresponds to the scopes you approve on TikTok's authorisation screen:

user.info.basic — your TikTok display name and avatar, used to identify the connected account inside CrossLion.
user.info.profile — your TikTok bio, profile link and verification status, used to display your profile in your dashboard.
user.info.stats — public statistics such as follower count, following count, like count and video count, used in your analytics view.
video.list — your public videos, used to display a list of past content for context and analytics.
video.upload — used to send draft content from CrossLion to TikTok for further editing in the TikTok app.
video.publish — used to publish content directly to your TikTok account when you (or a teammate you authorised) request a post.
OAuth tokens: short-lived access tokens and refresh tokens issued by TikTok, stored encrypted and used only to perform the actions you requested.

2.3 Information collected automatically

Device & log data: IP address, browser type, language, operating system, referrer, pages viewed, and timestamps.
Cookies & similar technologies: session cookies for authentication and limited analytics cookies. See Section 9.

3. How we use your information

We use the information described above for the following purposes:

To provide and operate the Service (display your dashboard, schedule posts, publish videos to TikTok on your request).
To maintain the security and integrity of the Service (fraud prevention, abuse detection).
To process payments and manage your subscription.
To respond to support requests and notify you about important changes to the Service.
To improve product features and user experience based on aggregated, non-identifying usage trends.
To comply with legal and regulatory obligations.

What we do not do: We do not sell your personal information. We do not use your TikTok content to train machine-learning models. We do not auto-generate or auto-publish content on your behalf — every post is something you (or a teammate you invited) prepared.

4. Legal bases for processing

For users in jurisdictions that require a legal basis (such as the EU/UK), we rely on:

Consent — for connecting your TikTok account and granting OAuth scopes.
Contract — to provide the Service you signed up for.
Legitimate interest — for security, fraud prevention and limited service analytics.
Legal obligation — when required by law.

5. How we share your information

We share information only in the limited circumstances below:

TikTok: when you publish content or read profile data, requests are made to TikTok's official APIs on your behalf.
Service providers / sub-processors: infrastructure providers (cloud hosting), a third-party payment processor (only if you subscribe to a paid plan), email delivery, error monitoring and customer support tools, all bound by contract to handle data only on our instructions.
Legal compliance: when required by valid legal process, or to protect the rights, safety or property of CrossLion, our users or the public.
Business transfer: in the event of a merger, acquisition or asset sale, with notice to you.

We do not sell or rent your personal information to third parties for advertising purposes.

6. International data transfers

CrossLion is operated from Singapore. Some of our service providers may process data in other regions (such as the United States or the European Union). When transferring personal data outside Singapore, we take steps to ensure a comparable standard of protection, including use of contractual safeguards.

7. Data retention

We keep personal information only for as long as needed to provide the Service or to meet legal, accounting or reporting obligations.

OAuth tokens: retained while your TikTok account is connected. Deleted within 7 days after you disconnect or revoke access on TikTok.
Uploaded videos and drafts: retained while your account is active; deleted within 30 days of account closure.
Account information: deleted within 30 days of account closure, except where law requires longer retention.
Server logs: typically retained for up to 90 days for security and debugging.

8. How we protect your information

All traffic to and from CrossLion is served over HTTPS / TLS.
OAuth tokens and other sensitive credentials are encrypted at rest.
Access to production systems is restricted to authorised engineers, secured by multi-factor authentication.
We perform regular security reviews and apply timely patches to our infrastructure.

No system is perfectly secure. If we become aware of a data incident affecting your personal information, we will notify you and the relevant authorities as required by law.

9. Cookies

We use a minimal set of cookies:

Strictly necessary: session cookies to keep you signed in and to protect against CSRF.
Analytics: aggregated, privacy-respecting analytics to understand how the Service is used. These can be disabled in your browser settings.

We do not use third-party advertising cookies.

10. Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your data, subject to legal retention obligations.
Object to or restrict certain processing.
Withdraw consent at any time (e.g. by disconnecting your TikTok account or deleting your CrossLion account).
Receive a copy of your data in a portable format.
Lodge a complaint with your local data protection authority — for Singapore users, the Personal Data Protection Commission (PDPC).

To exercise any of these rights, email 558@558.la. We will respond within 30 days.

11. Disconnecting and deletion

You can revoke CrossLion's access to your TikTok account at any time:

From inside CrossLion: Settings → Connected accounts → Disconnect.
From TikTok: Settings → Security → Apps and Websites → CrossLion → Remove.

Once revoked, the corresponding tokens are deleted from our system within 7 days. To delete your full CrossLion account, email us or use the in-app deletion option.

12. Children's privacy

CrossLion is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service before the changes take effect, and we will update the "Last updated" date above.

14. Contact us

Questions or requests regarding privacy:
NETBRIDGEX PTE. LTD.
112 Robinson Road, #03-01, Robinson 112, Singapore 068902
558@558.la