Privacy Policy

1. Introduction

This Privacy Policy applies to the Mikah application and website (collectively, "the Service"). Mikah ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Mikah app.

2. About Us

The Mikah app is operated by Skel Tech, a company registered in England and Wales.

Company Registration Number: 15018854
Registered Address: 18 Collier Way, Upholland, Skelmersdale, Lancashire, United Kingdom, WN8 0BY
Data Controller: Skel Tech is the data controller responsible for your personal data

3. Information We Collect

3.1 Account Information

Email address
Name (optional)
Password (encrypted)
Account type (Brand, Agency, or Creator)

3.2 TikTok Data

When you connect your TikTok account or TikTok Shop, we collect:

TikTok profile information (username, display name, profile picture)
TikTok Shop performance metrics (GMV, views, orders, units sold)
Video performance data for competition tracking
OAuth tokens for API access (stored securely)

3.3 Usage Information

Log data (IP address, browser type, access times)
Competition participation and performance data
Feature usage and interaction patterns

4. How We Use Your Information

We use the collected information for the following purposes, along with the legal basis under GDPR:

Purpose	Legal Basis
Provide and maintain the Service	Contractual necessity
Track competition performance and generate leaderboards	Contractual necessity
Communicate with you about your account and competitions	Contractual necessity
Improve and optimize the Service	Legitimate interest
Detect and prevent fraud or abuse	Legitimate interest
Comply with legal obligations	Legal obligation
Send marketing communications	Consent

5. Information Sharing

We may share your information in the following circumstances:

5.1 With Your Consent

We share your competition performance data with brands running competitions you've joined. Your username and performance metrics are visible on public leaderboards.

5.2 Service Providers

We may share data with third-party service providers who assist in operating the Service (e.g., hosting, analytics, payment processing).

5.3 Third-Party Services

We use the following third-party services to operate Mikah:

TikTok (via TikTok Shop API) — Syncs your TikTok profile and performance data
Stripe (United States) — Processes subscription payments securely
Resend (United States) — Delivers transactional emails
Cloudinary (United States) — Stores and delivers images

Each of these providers has their own privacy policy and data protection measures. We only share the minimum data necessary for them to provide their services.

5.4 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encrypted password storage using bcrypt
Secure HTTPS connections
Regular security audits and updates
Access controls and authentication

7. Data Retention

We retain different types of data for different periods:

Account data (email, name, profile) — While your account is active, plus 90 days after deletion request
Competition and performance data — While your account is active, plus 90 days after deletion request
Transaction and billing data — 7 years (to comply with UK tax and accounting obligations)
Log data (IP addresses, access times) — 90 days
OAuth tokens — Until revoked by you or your account is deleted

You may request deletion of your account and associated data at any time. After the retention period, data is permanently deleted from our systems.

8. Your Rights

Under GDPR, you have the following rights:

Right of access — Request a copy of your personal data
Right to rectification — Correct inaccurate or incomplete data
Right to erasure — Request deletion of your data ("right to be forgotten")
Right to restrict processing — Limit how we use your data
Right to data portability — Receive your data in a structured, machine-readable format
Right to object — Object to processing based on legitimate interest
Right to withdraw consent — Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

11. International Data Transfers

Your information may be transferred to and processed in the following countries:

United Kingdom — Primary data storage and processing
European Union — Some infrastructure and services
United States — Third-party service providers (Stripe, Resend, Cloudinary)

For transfers outside the UK and EU, we rely on appropriate safeguards including:

Standard Contractual Clauses (SCCs) — EU-approved contractual protections
Adequacy decisions — Where the destination country has been deemed to provide adequate data protection

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through the Service. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us at [email protected]