Privacy Policy

1. Introduction

Your privacy is important to us. This Policy explains how we collect, use, and protect personal data when you use BlockandLocker (the “Site”) and, where applicable, related integrations (e.g., authentication/posting via platforms such as TikTok).

2. Data Controller

Block and Locker
Email: comm@blockandlocker.pt
Country: Portugal

3. What data we may collect

Depending on how you use the Site, we may collect:

3.1 Data provided by the user

  • Name, email address, and message content (e.g., contact forms).
  • Comments (if enabled): name, email address, and comment content.

3.2 Data collected automatically

  • Technical data: IP address (or a truncated version), device type, browser, operating system.
  • Usage data: pages visited, time spent, clicks, traffic source (analytics).
  • Cookies and similar identifiers (see Cookies section).

3.3 Integration data (e.g., TikTok) – where applicable

If a TikTok account (or another platform account) is connected to an integration associated with BlockandLocker, we may process:

  • account identifiers (e.g., user_id/handle) and profile data limited to what is necessary;
  • access/refresh tokens and their granted permissions (scopes);
  • operational metadata required to publish/manage content (e.g., publishing status, IDs of published content).

We process personal data in order to:

  • Respond to requests and enquiries (pre-contractual steps and/or legitimate interests).
  • Operate and improve the Site (legitimate interests, with appropriate safeguards).
  • Ensure security and prevent abuse/fraud (legitimate interests).
  • Integrations (e.g., TikTok): authenticate, maintain an authorized session, publish content, and manage actions requested by the user/administrator (performance of a service and/or consent at the time the account is connected).

5. Data sharing and processors

We may share data only when necessary with service providers that help us operate the Site, for example:

  • hosting/server and database providers;
  • analytics tools;
  • email services (if applicable);
  • security services (e.g., firewall/anti-bot);
  • third-party platforms when you use integrations (e.g., TikTok).

We require these providers to process data with appropriate security measures and, where applicable, under data processing agreements.

6. International transfers

Some providers may process data outside the EEA. When this happens, we apply appropriate safeguards (e.g., Standard Contractual Clauses or equivalent mechanisms).

7. Data retention

We keep data only for as long as necessary:

  • contacts: for the period needed to respond and maintain a reasonable support/history record;
  • logs/security: for limited and proportionate periods;
  • integration data (e.g., TikTok): while the connection is active and/or for the time necessary for operational auditing and legal compliance. After revocation, we delete or anonymize data within reasonable timeframes (unless a legal obligation requires otherwise).

8. Security

We apply technical and organizational measures to protect data (access controls, backups, monitoring, and appropriate safeguards). Tokens and credentials related to integrations are treated as sensitive information and must be stored securely on the server side with restricted access.

9. Cookies

The Site may use cookies:

  • Essential (Site functionality)
  • Preferences (e.g., language)
  • Analytics (usage metrics)
  • Third-party (embedded content, e.g., videos)

You can manage cookies through your browser settings and, where applicable, through the preferences available on the Site.

10. Data subject rights (GDPR)

You have the right to:

  • access, rectification, and erasure;
  • restriction of processing and objection;
  • data portability (where applicable);
  • withdraw consent (when processing is based on consent);
  • lodge a complaint with the supervisory authority (in Portugal, the CNPD).

To exercise your rights: comm@blockandlocker.pt

11. Revoking permissions and data deletion (Integrations: TikTok and others)

If you connected a TikTok account (or another platform) and want your data removed:

  1. Revoke access in the platform’s own settings (Apps/Authorizations) and/or disconnect the integration in our interface (if available).
  2. Send a request to comm@blockandlocker.pt with the subject “Data deletion – Integration”.

After verification, we will delete/anonymize what is applicable, retaining only what is necessary for legal or security obligations.

12. Children’s privacy

The Site is not intended for users under 16 years of age. If you believe a minor has provided us with personal data, please contact us so we can remove it.

13. Changes to this Policy

We may update this Policy. The current version will always be available on this page, with an updated date.

14. Contact

For privacy-related questions: comm@blockandlocker.pt