Privacy Policy

1. Controller and Scope

AnentLab, with registered office in Valencia, Spain, is the data controller for all information processed through the website www.anentlab.com and the associated SaaS platform. This Privacy Policy applies to all users who register an account, connect a TikTok profile, or otherwise interact with the service. AnentLab does not knowingly collect data from individuals under the age of thirteen. If such data is discovered, it will be deleted immediately.

2. Categories of Personal Data

When a user creates an account, AnentLab collects an email address and a password which is stored in hashed form. Optionally, the user may provide a display name and profile preferences such as content niche, content goal, target audience, a short biography, current growth phase, and main creative struggle. These data are used solely to personalize the artificial intelligence recommendations and are not shared with any external party except as necessary to provide the service.

When the user connects a TikTok account through TikTok Login Kit, AnentLaw accesses specific scopes as mandated by TikTok Developer Terms. The accessed data includes the user’s open identifier, username, display name, avatar URL, bio description, verification status, follower count, following count, total likes received, total video count, and for the twenty most recent videos: video identifier, title, description, creation time, cover image URL, view count, like count, comment count, share count, download count, music information, and duration. No password, private message, direct message, or draft video is ever collected. AnentLab does not store the video files themselves, only the metadata listed above.

3. Purposes of Processing

The collected data serves the following purposes exclusively: to present analytics dashboards, to generate AI‑driven content recommendations, to predict viral potential of user ideas, to compare user performance against aggregated niche benchmarks, to maintain the content calendar, to improve the relevance of future suggestions through a closed‑loop learning system, and to provide customer support. No data is used for advertising, marketing, retargeting, or any form of cross‑platform user profiling. AnentLab does not sell, rent, or trade any personal data with third parties.

4. Legal Basis (GDPR Compliance)

For users within the European Economic Area, AnentLab relies on the following legal bases: contract performance for the provision of the service (account registration, TikTok connection, analytics); consent for optional profile fields and cookies; legitimate interest for fraud prevention, service improvement, and security monitoring; and legal obligation for tax and law enforcement requests. Users may withdraw consent at any time by deleting their account or adjusting settings.

5. TikTok API Compliance and Revocation

AnentLab strictly complies with the TikTok Developer Terms of Service, API Terms of Use, and Platform Policy. The four scopes used are user.info.basic, user.info.profile, user.info.stats, and video.list. No data obtained from TikTok is ever transferred to any third party, nor is it used for advertising or profiling outside the AnentLab service. Users may revoke access at any time directly from TikTok’s settings under “Manage app permissions” or from within the AnentLab settings page. Upon revocation or account deletion, all TikTok data is removed from the production database within forty‑eight hours and from backups within thirty days.

6. Data Retention and Deletion

Account data is retained for as long as the account remains active. Upon account deletion, the user’s email, profile preferences, and TikTok data are erased from the active database within forty‑eight hours. Backups may retain the data for up to thirty additional days, after which it is permanently deleted. Usage logs containing IP addresses and device information are stored for no longer than six months for security purposes. Analytics cookies are retained for up to two years unless the user clears them via browser settings.

7. User Rights Under GDPR

Users located in the European Economic Area have the right to access their personal data, rectify inaccurate information, request erasure, restrict processing, obtain a portable copy, object to processing based on legitimate interests, and withdraw consent at any time. To exercise any of these rights, the user must send a written request to privacy@anentlab.com. AnentLab will respond within thirty days without charge. In case of manifestly unfounded or excessive requests, a reasonable fee may be charged or action refused. Users may also lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

8. International Data Transfers

All data is primarily stored on servers located in Frankfurt, Germany, within the European Union. Certain processing, such as the use of DeepSeek AI, may involve transfers to countries that have not received an adequacy decision from the European Commission. In such cases, AnentLab relies on the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of protection. Copies of these clauses can be requested from the data protection officer at dpo@anentlab.com.

9. Security Measures

AnentLab implements technical and organizational measures including encryption of data at rest using AES‑256, encryption in transit via TLS 1.3, regular security audits, access controls, and employee confidentiality agreements. Despite these efforts, no system is completely secure. Users are responsible for maintaining the confidentiality of their own login credentials. Any suspected breach should be reported immediately to security@anentlab.com.

10. Cookies and Tracking

AnentLab uses essential cookies for authentication and session management, preference cookies to remember language and theme choices, and analytics cookies via Google Analytics 4 with anonymized IP addresses. No tracking cookies from third‑party advertisers are used. Users may disable non‑essential cookies through their browser settings, but doing so may impair certain features of the service.

11. Changes to This Policy

AnentLab reserves the right to update this Privacy Policy at any time. The date of the latest revision appears at the top of this page. Material changes will be notified to registered users by email or through an in‑app notice at least thirty days in advance. Continued use of the service after the effective date constitutes acceptance of the revised terms.

12. Contact Information

For any matter relating to this Privacy Policy or personal data processing, the user may contact AnentLab via email at privacy@anentlab.com, or by postal mail sent to AnentLab, Valencia, Spain. The designated data protection officer can be reached at dpo@anentlab.com. Complaints to the supervisory authority are accepted at the Spanish Data Protection Agency (AEPD).