Privacy Policy

Last updated: 25 March 2026

1. Who we are

TikTak is a time-tracking and invoicing service operated by:

Ronin Software
Hoogstraat 36, 2000 Antwerpen, Belgium
BTW BE0777.257.634
Email: hello@tiktakme.com
Phone: +32 486 49 41 05

For the purposes of the General Data Protection Regulation (GDPR), Ronin Software is the data controller for the personal data we collect when you use TikTak. When you, as a TikTak user, enter data about your own customers or contacts into the service, you are the data controller for that data and Ronin Software acts as a data processor on your behalf.

2. Data we collect

We collect and process the following categories of personal data:

Account data — your name, email address, and authentication provider (Google, Microsoft, or email/password). If you sign in with a password, we store a cryptographic hash (bcrypt) — never the plain-text password.

Company data — your business name, address, VAT number, phone number, IBAN, logo, invoice preferences, currency, and language settings.

Customer & contact data — the names, addresses, VAT numbers, email addresses, phone numbers, and roles of the customers and contact persons you add to TikTak.

Time entries — dates, durations, descriptions, tags, and any file attachments you upload when logging time.

Invoices — invoice details including line items, amounts, VAT calculations, PDF documents, and email delivery history.

Usage data — server logs including IP addresses, browser type, and timestamps. We use Azure Application Insights for server-side monitoring when enabled. We do not use third-party analytics or advertising trackers on the application.

3. How we use your data

We use your personal data exclusively to:

• Provide and operate the TikTak service (time tracking, invoicing, customer management)
• Send invoices and notifications on your behalf via email
• Generate PDF and Excel exports of your data
• Sync invoices to third-party accounting tools when you explicitly connect an integration
• Process payments for your subscription via Stripe
• Send you essential service communications (password resets, account notifications)
• Maintain security, prevent fraud, and debug technical issues

We do not sell your personal data. We do not use your data for advertising. We do not profile you.

4. Legal basis (GDPR)

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the TikTak service you signed up for, including account management, time tracking, invoicing, email delivery, and exports.
• Legitimate interest (Art. 6(1)(f) GDPR) — server logging, security monitoring, and fraud prevention.
• Consent (Art. 6(1)(a) GDPR) — optional marketing communications, if any. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR) — retaining invoice records as required by Belgian tax law.

5. Third-party processors

We share your data only with the service providers necessary to operate TikTak:

Provider	Purpose	Location
Microsoft Azure (Cosmos DB, Blob Storage, App Service)	Hosting, database, file storage	EU West (Netherlands)
Resend	Transactional email delivery	United States
Stripe	Subscription billing and payments	United States
Google	OAuth sign-in (only if you choose Google login)	United States
Microsoft	OAuth sign-in (only if you choose Microsoft login)	United States

Accounting integrations — If you connect an accounting tool (Billit, QuickBooks, Xero, Sage, or Zoho Books), your invoice data is shared with that provider when you initiate a sync. These integrations are always user-initiated and can be disconnected at any time in Settings. Each provider is governed by their own privacy policy.

Email forwarding — If you configure email forwarding to an accounting tool (ClearFacts, Accountable, Yuki, Basecone, Pennylane, Dext, AutoEntry, GetMyInvoices, or a custom address), the invoice PDF is sent via BCC to the email address you configured.

6. Cookies & local storage

TikTak does not use tracking cookies, advertising cookies, or third-party analytics cookies.

We use your browser's localStorage to store your authentication tokens (JWT access token and refresh token) so you remain signed in between sessions. These are strictly necessary for the service to function and cannot be used to track you across other websites.

The TikTak mobile app uses platform-secure storage (Android Preferences / iOS Keychain) for the same purpose.

7. Data retention

• Active accounts — your data is retained for as long as your account is active.
• After account deletion — we retain your data for 30 days to allow recovery, after which it is permanently deleted from our systems.
• Invoice records — Belgian tax law requires businesses to retain invoice records for 7 years. If you are subject to this requirement, you are responsible for maintaining your own records. TikTak provides export functionality (PDF, Excel, UBL XML) to help you do so.
• Server logs — retained for up to 90 days for debugging and security purposes, then automatically deleted.

8. Your rights

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct any inaccurate data. You can edit most data directly in your TikTak settings.
• Erasure — request deletion of your account and associated data.
• Data portability — export your data in machine-readable formats (PDF, Excel, UBL XML, JSON).
• Restriction — request that we limit processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@tiktakme.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit): www.gegevensbeschermingsautoriteit.be.

9. International data transfers

Your data is primarily stored in the EU West (Netherlands) region on Microsoft Azure. Some of our processors (Resend, Stripe) are based in the United States. Transfers to US-based processors are safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as applicable.

10. Security

We take reasonable technical and organisational measures to protect your data, including:

• All data transmitted over HTTPS (TLS 1.2+)
• Passwords hashed with bcrypt
• OAuth integration tokens encrypted at rest with AES-256
• Secrets stored in Azure Key Vault
• JWT-based authentication with automatic token rotation
• Role-based access control and tenant isolation

No system is 100% secure. If you discover a security vulnerability, please report it to hello@tiktakme.com and we will investigate promptly.

11. Children

TikTak is a business tool not intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at:

Ronin Software
Hoogstraat 36, 2000 Antwerpen, Belgium
Email: hello@tiktakme.com
Phone: +32 486 49 41 05