Project Declassified
Privacy Policy
Last updated: February 17, 2026
This Privacy Policy describes how Project Declassified ("we", "us", or "our") collects, uses, and protects your personal information when you use our website, applications, and related services (the "Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable national data protection laws.
1. Data Controller
The data controller responsible for the processing of your personal data is:
Project Declassified
Email: project_declassified@outlook.com
2. Data We Collect
We collect and process the following categories of personal data:
2.1 Data from Third-Party Platform Authentication
When you connect a social media account (e.g., TikTok, YouTube, Instagram) to our Service via OAuth, we may receive:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account username / display name | Account identification | Consent (Art. 6(1)(a) GDPR) |
| Account ID (platform-specific) | API authentication | Consent (Art. 6(1)(a) GDPR) |
| Profile picture URL | Account identification | Consent (Art. 6(1)(a) GDPR) |
| OAuth access/refresh tokens | Authorized API access | Contract (Art. 6(1)(b) GDPR) |
You can control what data is shared during the OAuth authorization flow of each platform.
2.2 Technical Data (Website Visits)
When you visit our website, our hosting provider may automatically collect:
- IP address (anonymized where possible)
- Browser type and version
- Pages visited and time of access
This data is processed on the basis of our legitimate interest in ensuring the security and functionality of our website (Art. 6(1)(f) GDPR).
2.3 Data We Do NOT Collect
- We do not use cookies for tracking or advertising purposes
- We do not use third-party analytics services (e.g., Google Analytics)
- We do not collect personal data from viewers of our published content — that data is controlled by the respective social media platforms
- We do not sell personal data to third parties
3. How We Use Your Data
We use the personal data we collect exclusively for the following purposes:
- Content publishing: To publish educational content to your connected social media accounts on your behalf
- Account management: To manage the connection between our Service and your third-party platform accounts
- Analytics: To retrieve publicly available engagement metrics (views, likes) for published content to improve content quality
- Service improvement: To maintain, troubleshoot, and improve the Service
4. Data Sharing
We do not sell, rent, or trade your personal data. We may share data with:
- Third-party social media platforms: When you authorize us to publish content or access analytics on your behalf via their official APIs (TikTok, YouTube, Instagram, etc.)
- Hosting providers: Our website is hosted on infrastructure that processes technical data as described in Section 2.2
- Legal obligations: If required by law, court order, or government authority
5. Data Retention
We retain your data only as long as necessary for the purposes described in this policy:
- OAuth tokens: Retained while your account is connected. Deleted upon revocation of access or account deletion.
- Technical logs: Retained for up to 30 days for security purposes, then automatically deleted.
- Published content metadata: Retained as long as the content exists on the respective platform.
6. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR) — You can request a copy of all personal data we hold about you
- Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate data
- Right to erasure (Art. 17 GDPR) — You can request deletion of your data ("right to be forgotten")
- Right to restriction of processing (Art. 18 GDPR) — You can request that we limit the processing of your data
- Right to data portability (Art. 20 GDPR) — You can request your data in a machine-readable format
- Right to object (Art. 21 GDPR) — You can object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3) GDPR) — You can withdraw consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at project_declassified@outlook.com. We will respond within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted storage of OAuth tokens and credentials
- Secure HTTPS connections for all data transfers
- Access controls limiting data access to authorized personnel only
- Regular security reviews of our systems and processes
8. International Data Transfers
When you connect third-party platform accounts, your data may be transferred to and processed in countries outside the European Economic Area (EEA) by the respective platform operators (e.g., TikTok, Google/YouTube). These transfers are covered by the platforms' own data processing agreements and legal frameworks (e.g., Standard Contractual Clauses, adequacy decisions).
9. Children's Privacy
The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such data promptly.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes the GDPR. In Germany, the competent authority is the data protection authority (Landesdatenschutzbeauftragte) of the federal state in which you reside.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.
12. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at: