Privacy Policy
Last updated: March 9, 2026
1. Introduction
FAF Mini (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Chrome extension (“FAF Mini - TikTok Ads Performance Dashboard”) and related services.
2. Data Collection
We collect the following types of user data:
2.1 Data Collected Automatically
| Data Type | Description | Purpose |
|---|---|---|
| Email Address | Your email used for login | Account creation, authentication, subscription management, and customer support |
| Subscription Status | Active, trial, canceled, etc. | To determine feature access and billing |
| Authentication Tokens | Access and refresh tokens | To maintain your login session |
| ROI Threshold Settings | User-configured ROI values | To personalize ad performance analysis |
2.2 Data NOT Collected or Transmitted
The following data is processed locally in your browser only and is never transmitted to our servers:
- TikTok Ads Manager advertising data (spend, impressions, CTR, ROI, conversions, etc.)
- Campaign names, ad names, and creative content
- TikTok Shop Seller Center data
- Browsing history or web activity outside of TikTok advertising platforms
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| User Authentication | Email, authentication tokens |
| Subscription Management | Email, subscription status, payment info (via PayPal) |
| Customer Support | Email address |
| AI Report Generation (optional) | Aggregated ad metrics (sent only when user requests a report) |
| Service Improvement | Anonymized usage statistics |
4. Data Storage
4.1 Local Storage (Chrome Extension)
The extension uses Chrome's chrome.storage.local API to store:
- User email (for authentication state)
- Subscription status and expiration date
- Authentication tokens (access token, refresh token)
- ROI threshold settings (critical/warning values)
- UI preferences (language, panel state)
This data is stored only on your device and is not synced across devices.
4.2 Server Storage
On our servers (hosted on Supabase), we store:
- User accounts: email, hashed password, subscription info
- Payment records: PayPal subscription ID, billing history
- AI report usage: credit balance, report generation history
4.3 Data Retention Period
- Account data: Retained while your account is active, deleted within 30 days of account deletion request
- Payment records: Retained for 7 years for legal/tax compliance
- AI report history: Retained for 90 days, then automatically deleted
- Local extension data: Deleted when you uninstall the extension or clear browser data
5. Data Sharing
We share user data with the following third parties:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Supabase (supabase.com) | Email, authentication data | User authentication and account management |
| PayPal (paypal.com) | Email, payment information | Subscription billing and payment processing |
| Google AI (Gemini) | Aggregated ad metrics (when generating AI reports) | AI-powered report generation |
| Vercel (vercel.com) | Request logs (IP addresses) | Website and API hosting |
We do NOT:
- Sell your personal data to third parties
- Share your TikTok advertising data with advertisers or ad networks
- Use your data for targeted advertising
- Share data with any parties not listed above
6. Data Security
We implement the following security measures:
- Encryption: All data transmission uses HTTPS/TLS encryption
- Authentication: Secure token-based authentication with automatic refresh
- Access Control: Database access restricted to service accounts only
- Local Processing: TikTok advertising data is processed entirely in your browser
7. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Export: Request your data in a portable format
- Withdraw Consent: Revoke consent at any time by uninstalling the extension
To exercise these rights, contact us at: fafa-mini@fafa-mini.com
8. Cookies and Tracking
Our website uses essential cookies for:
- Authentication and session management
- Remembering your language preference
We do NOT use:
- Third-party tracking cookies
- Analytics cookies that collect personal information
- Advertising or retargeting cookies
9. Chrome Extension Permissions
Our extension requests the following permissions:
| Permission | Purpose |
|---|---|
storage | Save your settings, authentication state, and preferences locally |
host_permissions (TikTok domains) | Inject the performance dashboard into TikTok Ads Manager and Seller Center pages |
host_permissions (faf-a-mini.vercel.app) | Communicate with our authentication and subscription API |
10. Children's Privacy
Our Service is intended for business users and is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it immediately.
11. International Data Transfers
Your data may be processed in the United States where our service providers (Supabase, Vercel) are located. We ensure appropriate safeguards are in place for international data transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the “Last updated” date at the top
- Sending an email notification for significant changes
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: fafa-mini@fafa-mini.com
- Website: https://fafa-mini.com