Privacy Policy

Effective Date: 2026-05-26 · Service: AI Cockpit (the "Service")

This Privacy Policy describes how Nova Edge LLC ("we", "us", "our"), the operator of AI Cockpit, collects, uses, and discloses personal data when you use our Service. By using the Service, you agree to the terms of this Policy.

Service context: AI Cockpit connects to your TikTok Shop account on your authorization and lets an AI assistant view and modify your products, prices, and inventory on your behalf. Understanding what data we process is important; please read this Policy carefully.

1. Who We Are

Nova Edge LLC, a California limited liability company. Contact: admin@aicockpit.io.

2. Information We Collect

2.1 Information you provide directly

Account data: email address, password (stored as a bcrypt hash, never in plaintext), display name (optional), and the invite code you used to register.
API keys (optional): if you choose to use your own Anthropic / Gemini / Seedance API keys, we store them encrypted at rest using AES-256-GCM with a master key that lives only on the production server.
Support communications: any messages you send us about the Service.

2.2 Information collected automatically

Authentication cookies: a session ID (HttpOnly, Secure where TLS is on), a CSRF token cookie, and a language preference. See Section 6.
Usage metadata: we record the number of chat turns, token counts, and computed costs for billing and abuse prevention. We do not store the body text of your prompts or assistant responses — only counts and metadata.
Technical logs: IP address, user agent, request path, response status, and timestamps. Used for security auditing and operational troubleshooting. Retained for up to 90 days.

2.3 Information from TikTok

When you authorize AI Cockpit against your TikTok Shop, TikTok provides us with an OAuth access token and refresh token, along with basic shop metadata (shop name, region, currency, shop cipher). These tokens are stored encrypted at rest and used only to call TikTok Shop API endpoints on your authenticated instruction.

3. How We Use Your Information

To authenticate you and authorize access to your TikTok Shop;
To execute the actions your AI assistant takes on your instruction (e.g. update price, edit listing, generate video);
To enforce per-user cost caps and other abuse-prevention measures;
To diagnose and resolve operational issues;
To bill you for paid plans (once available);
To communicate important Service notices (account changes, security alerts, policy updates).

4. Sharing with Third Parties

We share personal data only with the third-party processors listed below, and only to the extent necessary to provide the Service.

Processor	Purpose	Data shared
TikTok Shop (ByteDance)	Execute shop actions on your instruction	OAuth tokens, instruction payloads
Anthropic, PBC	LLM inference (Claude)	Prompts you send, tool descriptions, conversation history
DigitalOcean	Hosting (US-based)	All server-side data at rest
Cloudinary, Seedance (kie.ai)	Video processing / generation	Reference videos, product images, generated outputs
Google Gemini (optional)	Video analysis (if used)	Reference video URLs / metadata
Stripe or equivalent (future)	Payment processing	Billing email, card token, charge metadata

We do not sell your personal data to anyone. We do not use your TikTok Shop data, prompts, or product information to train any model.

5. Data Retention

Account data: until you request deletion (see Section 9) or your account is closed.
Authentication sessions: up to 30 days from last use.
Usage metadata: 90 days.
Technical logs: up to 90 days.
OAuth tokens: until you revoke authorization (you can do this from your TikTok account or by contacting us).
Backups: rolling 14-day window of encrypted database dumps.

6. Cookies

Cookie	Purpose	Lifetime
aicockpit_session	Authenticated session (HttpOnly)	30 days
aicockpit_csrf	CSRF protection token	1 year
aicockpit-lang (localStorage)	Remember UI language preference	Until cleared

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you;
Correct inaccurate or incomplete data;
Request deletion of your account and associated data (see Data Deletion);
Object to or restrict certain processing;
Export your data in a portable format;
Withdraw consent at any time without affecting prior lawful processing.

To exercise any of these rights, email admin@aicockpit.io. We respond within 30 days.

8. California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, to delete it, to correct it, and to opt out of sale or sharing. We do not sell your personal information. We also do not engage in cross-context behavioral advertising. To exercise California rights, email admin@aicockpit.io with subject "CCPA Request". We do not discriminate against you for exercising these rights.

9. European Residents (GDPR)

If you are in the European Economic Area or the United Kingdom, our lawful bases for processing are: (a) performance of contract for account, billing, and Service delivery; (b) legitimate interests for security and abuse prevention; (c) your consent for optional features. You may lodge a complaint with your local supervisory authority. Our representative for EU/UK matters can be reached at admin@aicockpit.io.

10. International Data Transfers

The Service is operated from the United States. By using the Service from outside the U.S., you understand that your personal data will be transferred to and processed in the U.S. We rely on the EU Standard Contractual Clauses or equivalent safeguards where applicable.

11. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If we learn we have done so, we will delete it.

12. Security

We protect your data with: encrypted storage at rest (AES-256-GCM for API keys and OAuth tokens), TLS for data in transit, bcrypt for password hashing, per-service Linux user isolation, CSRF protection, per-user rate and cost caps, and routine encrypted database backups. No security measure is perfect; we will notify affected users of any breach as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy. The effective date at the top reflects the latest revision. For material changes, we will provide notice through the Service or by email at least 30 days before changes take effect.

14. Contact

Privacy inquiries: admin@aicockpit.io
Postal: 627 East Calaveras 1020#, Milpitas, CA, USA