OAuth & Platform-API Disclosures

Effective date: 2026-04-30
Version: 1.0.0

This page is the consolidated platform-API disclosure for Contentko, satisfying the verification requirements of Google, TikTok, and Meta. It is referenced from our Privacy Policy.

---

1. Google API Services User Data Policy — Limited Use

Contentko's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

`openid`, `userinfo.email`, `userinfo.profile`	Identify the connected account
Scope	Purpose
`https://www.googleapis.com/auth/drive.file`	Read and write the specific files you choose for AI source material and asset upload
`https://www.googleapis.com/auth/calendar.events`	Schedule posts to your Google Calendar (when you enable scheduling)
`https://www.googleapis.com/auth/youtube.upload` (optional)	Upload videos you create with Contentko to your YouTube channel

We do not request drive (full), gmail.*, contacts, photos, or any other scope beyond what is listed.

Use & non-use

We only use Google data to: identify your account, read files you specifically pick for content sourcing, write content you generate to a folder you select, and schedule events you create. We do not sell, share with advertisers, scan your full Drive, read other users' Calendars, or use Google data to train any AI model. Human review only with your explicit consent or for trust & safety / legal investigation.

Lifecycle

Tokens deleted within 24h of disconnection. Revoke at https://myaccount.google.com/permissions.

CASA

Contentko has not yet completed CASA Tier 2 audit; we are scheduled to do so prior to taking the verification beyond the per-app testing limit, in compliance with Google's CASA requirements for restricted-scope apps where applicable.

---

2. TikTok Developer Terms compliance

Contentko's use of the TikTok Developer Platform adheres to the TikTok Developer Terms of Service and the TikTok Developer Platform Policies.

Endpoints we use

Login Kit — sign-in only, no scope beyond identity
Direct Post API — to publish a video you have explicitly clicked "Publish" on, with you reviewing the visibility, hashtags, caption, and thumbnail before submission
Display API (optional, off by default) — read-only access to videos you have explicitly granted

Use & non-use

We only use TikTok data on your explicit per-action instruction. We do not:

post on your behalf without your explicit confirmation;
read videos or data from accounts other than your own;
combine TikTok data with data from third-party data brokers;
use TikTok data to train AI models;
transfer TikTok data to any party other than the sub-processors listed in our Privacy Policy.

Mandatory disclosures we display

Where TikTok requires us to display a label on AI-generated content, we surface the same metadata when you publish from Contentko. You remain responsible for any final disclosure your content requires under TikTok's labeling rules and applicable law.

Lifecycle

Tokens deleted within 24h of disconnection. Revoke at https://www.tiktok.com/setting/connected-platforms.

---

3. Meta Platform Terms compliance

Contentko's use of Meta Platform APIs adheres to the Meta Platform Terms and applicable feature-specific policies.

Endpoints we use

Facebook Login — sign-in
Instagram Graph API — publish to a Business / Creator IG account you connected, on your explicit per-post instruction
Pages API — schedule and publish to a Facebook Page you administer

Use & non-use

Same posture as TikTok above. We do not retain Meta data beyond what is needed to deliver the action you requested. We do not use Meta data to train AI. We do not combine Meta data with third-party data broker data.

Lifecycle

Tokens deleted within 24h of disconnection. Revoke at https://www.facebook.com/settings/?tab=business_tools.

---

4. Audit & support

To request export or deletion of any platform-API-derived data we hold about you, email [email protected] with subject DSR Request — OAuth. Response within 30 days (GDPR) / 45 days (CCPA).

To report a suspected platform-policy violation by a Contentko user, email [email protected] with subject Platform Policy Report.

Legal Entity

Contentko is a service operated by:

BCAX LLC
30 N Gould St Ste R
Sheridan, WY 82801
United States of America

Employer Identification Number (EIN): 42-2153191
State of formation: Wyoming, USA

This entity is the data controller and contracting party for all users of contentko.com.

Governing Law & Jurisdiction

These terms are governed by the laws of the State of Wyoming, United States, without regard to its conflict-of-laws principles. The exclusive forum for any dispute shall be the state and federal courts located in Sheridan County, Wyoming, except where applicable consumer-protection law of your country of residence grants you a non-waivable right to a local forum.

Contact

Legal & data-protection inquiries: [email protected]

For data-subject-rights requests (access, deletion, portability, objection), use the same email with subject line DSR Request. We respond within 30 days as required under GDPR Article 12 and within 45 days under California CCPA §1798.130.