Authorization & Security

When you connect your TikTok account, Vibescaling uses TikTok's official OAuth 2.0 protocol — the same secure authorization flow used by all TikTok-approved applications.

How Authorization Works

1. You click "Connect Account" in Settings → TikTok
2. You're redirected to TikTok's website (not Vibescaling)
3. TikTok shows you exactly what permissions are being requested
4. You approve on TikTok's page
5. TikTok sends Vibescaling a temporary authorization code
6. Vibescaling exchanges this code for access credentials
7. Your account is now connected

At no point does Vibescaling see or store your TikTok password. We only receive access tokens issued by TikTok.

Token Security

Token Lifecycle

• Access tokens expire after approximately 24 hours
• Refresh tokens last approximately 1 year
• Expired access tokens are refreshed automatically — you don't need to reconnect
• If a refresh token expires, you'll need to reconnect your account from Settings

What Vibescaling Can and Cannot Do

Can Do (with your permission)

• Read your basic profile info (name, avatar)
• Read your follower/following counts
• List videos on your profile
• Upload and publish content when you click Publish Now or when a scheduled post fires

Cannot Do

• Access your TikTok password
• Post content without your explicit action (manual publish or scheduled publish you set up)
• Read your DMs or private data
• Modify or delete your existing content
• Access anything beyond the approved permissions

Revoking Access

You can revoke Vibescaling's access at any time:

From Vibescaling: Settings → TikTok → Disconnect

From TikTok: Settings → Security → Manage app permissions → Remove Vibescaling

Revoking access immediately invalidates all stored tokens. Vibescaling can no longer access your TikTok account until you reconnect.

Data Handling

For full details on how your TikTok data is handled, see our Privacy Policy.