Personal Data Protection Policy

Salty Ecom, Inc.

Effective Date: 11/12/2025
Last Review Date: 12/03/2025
Owner: Brendan Wenzel, Owner / Director

Purpose

This Personal Data Protection Policy establishes internal guidelines for how Salty Ecom, Inc. collects, processes, stores, shares, and deletes personal data. The objective is to ensure personal data is handled responsibly, securely, and in compliance with applicable privacy laws, contractual obligations, and TikTok Shop requirements.

Scope

This policy applies to all employees, contractors, systems, applications, and processes that handle personal data, including data obtained through TikTok Shop APIs and seller-authorized integrations.

Personal Data Handling Principles

Salty Ecom, Inc. follows these core privacy principles:

• Lawfulness & Transparency: Personal data is processed only for legitimate business purposes and in accordance with applicable laws.
• Purpose Limitation: Personal data is collected and used only for specified and legitimate purposes.
• Data Minimization: Only the minimum amount of personal data required to provide services is collected and processed.
• Security & Integrity: Appropriate technical and organizational safeguards are applied to protect personal data.
• Storage Limitation: Personal data is retained only as long as necessary.

Collection of Personal Data

• Personal data is collected only through authorized sources (e.g., TikTok Shop APIs).
• Data collection is limited to what is required to provide seller-requested services.
• No personal data is collected for unrelated purposes such as advertising or profiling.

Storage & Protection of Personal Data

• Personal data is stored only in approved systems and environments.
• Sensitive personal data is encrypted at rest and in transit.
• Access to personal data is restricted based on least privilege and role-based access controls.
• Logs and backups containing personal data are protected using equivalent safeguards.

Use & Processing of Personal Data

• Personal data is processed only for operational, reporting, and automation purposes authorized by sellers.
• Automated processing follows documented workflows and security controls.
• Personal data is not sold or shared for independent commercial use.

Data Sharing & Transfers

• Personal data is shared only with authorized parties when required to provide services.
• Transfers are protected using encryption and secure communication channels.
• Cross-border data transfers comply with applicable legal and contractual requirements.

Data Retention & Deletion

• Personal data is retained only for the duration necessary to fulfill its original purpose.
• When a seller revokes authorization or terminates services, personal data is deleted or securely anonymized.
• Secure deletion methods are used to prevent data recovery.

Data Subject Rights

• Salty Ecom, Inc. supports data subject rights requests, including access, correction, and deletion, as required by applicable privacy laws.
• Requests are handled within reasonable timeframes and documented.

Roles & Responsibilities

• Company leadership oversees compliance with this policy.
• A designated privacy contact or Data Protection Officer (DPO) serves as the point of contact for privacy-related inquiries.
• All personnel are responsible for following proper data handling practices.

Training & Awareness

• Personnel are expected to follow privacy-aware handling of personal data.
• Privacy responsibilities are part of operational expectations.

Policy Review & Maintenance

This policy is reviewed periodically and updated as necessary to reflect changes in laws, regulations, business practices, and data processing activities.

Policy Approval

Approved by: Brendan Wenzel
Title: Owner / Director
Date: 12/03/2025