Features API Shopify App Sign in Close

Privacy Policy

How LIVEHOST LIMITED collects, uses, shares, and protects personal data when you use LiveHost.

Last updated: 24 June 2026

1. About this policy

This policy applies to the LiveHost website, web application, mobile applications (the "LiveHost mobile app"), Shopify app, and any related services we provide (together, the "Platform").

We are the "controller" of the personal data described here, which means we decide how and why your data is processed. For European Economic Area and Swiss users, references to "UK GDPR" in this policy should be read as also covering the EU GDPR and applicable equivalent law.

2. Who we are

LiveHost is operated by LIVEHOST LIMITED, a company registered in England and Wales (company number 17238773), registered office 4-10 North Road, London, N7 9EY. In this policy, "we", "us" and "our" mean LIVEHOST LIMITED.

For privacy questions, data-subject requests, or complaints, contact us at legal@livehost.com.

3. What LiveHost does

LiveHost is a host marketplace and management tool for TikTok LIVE commerce. Brands and agencies use the Platform to:

  • discover and book pre-vetted livestream hosts;
  • schedule streams, studios, and crew;
  • send and receive messages about bookings;
  • ingest TikTok Shop tracker data to measure stream performance (GMV, hours, items sold, conversion rate, etc.);
  • reconcile host hours into monthly billing summaries.

Hosts use the Platform (including the mobile app) to view their schedule, exchange messages with their bookers, and see their performance data.

4. The personal data we collect

The data we collect depends on your role on the Platform.

All account holders:

  • identity and contact data: name, email address, phone number, profile photo;
  • account and security data: hashed password, sign-in timestamps, IP addresses, browser/device identifiers, failed sign-in attempts, two-factor state;
  • language and accessibility preferences;
  • any messages, notes, and files you send through the Platform.

Hosts (freelance, agency and client):

  • date of birth (we verify you are 18 or over before allowing host signup);
  • headshot, body shot, and other portfolio images;
  • biography, specialisms, sector tags, languages spoken;
  • physical profile (e.g. height, hair colour, ethnicity) where you choose to provide it — this helps brands shortlist hosts and is only shown to potential bookers;
  • trading name, VAT number, country and city, payment / invoicing details;
  • TikTok handle, follower counts, and (where you connect your TikTok account) profile metadata returned by TikTok;
  • marketing-communication preferences.

Brand, agency and client users:

  • your organisation's name, address, billing and tax information;
  • the TikTok Shop tracker data you (or your agency) upload, which can include host names, stream times, GMV, items sold, viewer metrics, product slot data, and other performance attributes;
  • integration credentials (e.g. Slack workspace, Shopify shop ID, Google Drive file IDs) you choose to connect to your account.

Automatically collected:

  • technical data about your device, browser, operating system, IP address, time zone, and locale;
  • usage data showing how you interact with the Platform (pages visited, actions taken, features used);
  • diagnostic and crash data;
  • audit log entries recording security-relevant actions (sign-in, permission changes, content changes), retained for accountability.

We do not knowingly seek or process special-category personal data (such as health, religion, or biometric data). Information you supply in a host physical profile, such as ethnicity, is provided by you on a voluntary basis to assist with casting. You can remove this data at any time from your host profile.

5. How we use your personal data and the legal basis

We process personal data on the following legal bases under UK GDPR:

Performance of a contract — to create and manage your account, deliver the Platform to you, process bookings and messages between hosts and brands, ingest and display TikTok Shop tracker data, calculate timesheets and invoices, and provide customer support.

Legitimate interests — to keep the Platform safe and reliable, prevent fraud and abuse, improve our features, maintain audit logs, communicate operationally with you, and develop our business. We balance these interests against your rights and freedoms.

Legal obligation — to comply with UK tax, accounting, employment, and other laws that apply to us.

Consent — for optional marketing emails and for cookies and analytics that are not strictly necessary. You can withdraw your consent at any time without affecting earlier processing.

6. TikTok integration and TikTok-derived data

LiveHost handles TikTok-derived data carefully, in line with TikTok's Developer Terms of Service and the TikTok platform agreements we have entered into.

  • If you connect a TikTok account, we request only the OAuth scopes needed for the Platform to function. We store the access and refresh tokens in encrypted form, refresh them as required, and use them only for the purposes you authorised.
  • TikTok Shop tracker data uploaded or connected to your brand or agency workspace is used to display performance metrics inside the Platform and to reconcile bookings into invoices. We do not sell or share this data with any third party, except the sub-processors listed below who help us run the service.
  • We retain TikTok-derived data for as long as your account is active and for a reasonable period afterwards (see section 10). You can ask us to disconnect a TikTok account or delete TikTok-derived data at any time.
  • If your TikTok authorisation is revoked, we will stop calling TikTok on your behalf and will delete or anonymise the associated tokens within a reasonable period.
  • We do not use TikTok-derived data to train general-purpose machine-learning models.

A brand connects TikTok through our OAuth flow across three TikTok products — TikTok Login Kit, TikTok Shop Partner, and TikTok API for Business — each authorised separately. We collect only the data needed to attribute live-shopping performance to the connected brand account:

  • TikTok Login Kit: Open ID, display name, username, avatar URL, verified status, follower / following / likes / video counts (read-only).
  • TikTok Shop Partner: Seller open ID, seller name, region, list of authorised shop ciphers, scopes granted (read-only access to orders, products, and finance).
  • TikTok API for Business: Authorised advertiser IDs and scopes granted (read-only access to campaign and reporting data).

We never post to TikTok, modify your TikTok data, or share TikTok-sourced data with third parties. You can disconnect any TikTok connection at any time from your account page, and can also revoke access directly from TikTok's app permissions settings.

7. Cookies, analytics and tracking technologies

We use a small number of cookies and similar technologies on the Platform.

  • Strictly necessary cookies keep you signed in, protect against CSRF, and remember your preferences. These do not require consent.
  • Analytics — we use Google Analytics 4 to understand how the Platform is used so we can improve it. Where required by law (including for UK and EEA users) we will obtain your consent before placing or reading analytics cookies, and you can change your choice at any time.
  • The mobile app uses Apple/Google secure storage to keep a persistent installation identifier that allows us to attribute usage events to a stable, pseudonymous device — we do not use the device's advertising identifier (IDFA) for tracking.
  • We do not run third-party advertising on the Platform and we do not sell or rent your personal data.

8. Who we share your data with

We share personal data with the following categories of recipient. Each is bound by a written agreement and may only process your data on our instructions.

Recipient Purpose
MongoDB Atlas (Amazon Web Services)Primary database hosting for all Platform data.
Amazon Web Services (S3, CloudFront, SES, Secrets Manager)File storage, content delivery, transactional email, and encrypted credential storage.
ResendTransactional email delivery (account confirmations, password resets, message notifications).
Google (Analytics, OAuth, optional Drive / Calendar)Usage analytics, sign-in, and (only if you connect them) optional Drive / Calendar integrations.
TikTokOAuth sign-in and authorised data exchange where you have connected a TikTok account or use the TikTok integrations.
ShopifyIf you install the LiveHost Shopify app to display stream notifications in your storefront.
SlackIf your agency or brand connects a Slack workspace for stream notifications and Scout AI replies.
AnthropicPowers Scout, our in-product AI assistant. Where you (or your team) interact with Scout from Slack or in-product, the relevant conversation content is sent to Anthropic for inference and is not used to train Anthropic's models.
Fly.ioApplication hosting and logging infrastructure.
Our professional advisersLawyers, auditors, accountants, and insurers, when needed and under duties of confidentiality.
Authorities and acquirersWhere required by law (e.g. court order, tax authority) or in connection with a corporate transaction (e.g. merger, financing).

Other users on the Platform will see data appropriate to their relationship with you — e.g. a brand will see the host profiles it can book, and hosts will see their bookers' names and the booking detail. We share only what each role needs.

9. International data transfers

Some of our service providers (including Anthropic and parts of Google's, Amazon's, and TikTok's infrastructure) are located outside the United Kingdom and the European Economic Area. When personal data leaves the UK or EEA, we rely on appropriate safeguards required by UK GDPR, including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and the UK Addendum to those clauses, supplemented where appropriate by additional measures such as encryption in transit and at rest.

10. How long we keep your data

We keep personal data only for as long as we need it for the purpose we collected it.

  • Account data: for the lifetime of your account and up to 12 months after deletion, then deleted or anonymised, unless we need to keep it longer to meet a legal obligation.
  • Booking, GMV, and invoicing records: kept for up to 7 years after the booking to meet UK tax and accounting record-keeping requirements.
  • TikTok tokens: deleted within a reasonable period (usually within 30 days) of you disconnecting your TikTok account or your account being closed.
  • Audit logs and security logs: kept for up to 12 months for security and accountability.
  • Marketing-communication consents and unsubscribe records: kept indefinitely to evidence your preferences.

11. Your rights under UK GDPR

You have the right to:

  • access the personal data we hold about you and receive a copy of it;
  • have inaccurate or incomplete data corrected;
  • have your data erased ("right to be forgotten") — see section 13 on account deletion;
  • restrict our processing of your data in certain circumstances;
  • receive a portable copy of your data in a structured, commonly used, machine-readable format;
  • object to processing carried out on the basis of legitimate interests, including for direct marketing;
  • withdraw consent where we relied on consent.

To exercise any of these rights, contact legal@livehost.com. We will respond within one month. We may ask you for information to confirm your identity before we act on a request.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint. We would, however, appreciate the chance to address your concerns first.

12. Children's privacy

The Platform is intended for users aged 18 and over. Host accounts are subject to a date-of-birth check at signup and we will not knowingly create an account for a person under 18. If we become aware that we hold personal data about someone under 18 without proper authorisation, we will delete it promptly.

13. The LiveHost mobile app

The mobile app collects only what is needed for the host experience.

  • We use the device's secure keychain / keystore to keep your sign-in token and a stable pseudonymous installation identifier.
  • If we use a feature that needs an OS-level permission (such as push notifications, camera, photo library, or contacts) we will ask for permission at the point of use. You can revoke permissions at any time in your device settings.
  • We collect diagnostic and crash data to keep the app reliable.
  • We do not use the device's advertising identifier (IDFA on iOS, AAID on Android) and we do not place third-party advertising in the app.

14. Account deletion

You can close your account from inside the Platform or by emailing legal@livehost.com. When you delete your account:

  • your profile is hidden from other users immediately;
  • your sign-in credentials and TikTok tokens are invalidated;
  • your personal data is deleted or anonymised within 30 days, except where we need to retain specific records to comply with a legal obligation (e.g. accounting and tax records — see section 10) or to defend a legal claim.

15. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest for sensitive secrets (including TikTok tokens), access controls, role-based permissions, audit logging, vulnerability monitoring, and regular backups. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

16. Data breaches

If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and will notify you without undue delay where the breach is likely to result in a high risk to you.

17. Changes to this policy

We may update this policy from time to time. If we make a material change, we will notify you by email, by an in-product notice, or by updating the "Last updated" date at the top of this page and giving you the opportunity to review the changes before they take effect.

18. Contact us

Email legal@livehost.com or write to LIVEHOST LIMITED, 4-10 North Road, London, N7 9EY.

← Back to home