Privacy Policy
A product of Uptown Solutions LLC
Effective date:23 April 2026 Last updated: 28 May 2026
This Privacy Policy describes how Uptown Solutions LLC (“SettleTrack,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our website at mysettletrack.com and the SettleTrack software-as-a-service platform (together, the “Service”).
SettleTrack is a profit-and-loss analytics platform for TikTok Shop sellers. We built it to help you understand the profitability of your business. We take the privacy and security of your data seriously. This document explains what we do with your information in plain language — no buried surprises.
1. Who we are
SettleTrack is operated by Uptown Solutions LLC, a Florida limited liability company (Document Number L26000149970) with its principal office at 17288 Boca Club Blvd, Unit 2001, Boca Raton, FL 33487. You can reach us at privacy@mysettletrack.com.
We do not have an establishment in the European Economic Area, United Kingdom, or Switzerland and do not target those markets. If you are located in one of those regions and nonetheless use our Service, we process your personal data on the lawful basis of performance of a contract with you and as necessary for our legitimate interests in providing the Service.
2. What information we collect
We collect four categories of information. We collect only what we need to run the Service.
2.1 Information you provide directly
- Account information: your email address, password (stored as a salted hash, never in plain text), and a display name for your workspace.
- Billing information: if you subscribe to a paid plan, our payment processor collects your payment card details. We never see or store your full card number — we only retain a last-four-digits reference and the processor’s transaction ID.
- Communications: if you email us, submit a support ticket, or chat with us, we keep a record of that correspondence.
- Manually entered business data: product names, costs of goods sold (COGS), packaging costs, ad spend entries, and any other business data you choose to enter directly into the Service.
2.2 Information we pull from TikTok on your behalf
When you connect a TikTok Shop to SettleTrack, you authorize us (through TikTok’s OAuth flow) to pull the following data from TikTok’s Partner APIs:
- Shop identifiers — shop ID, shop name, region
- Order data — order IDs, timestamps, status, line items, customer payment amounts, discounts, shipping fees, taxes. We do NOT pull buyer names, buyer addresses, or buyer contact information unless strictly required for a specific feature you enable.
- Product catalog — product IDs, SKUs, names, listed prices
- Finance data — platform fees, referral fees, fulfillment fees, refunds, payout records
- Affiliate data — creator usernames, commission rates, commission amounts per order
- Ad spend data — campaign IDs, daily spend, impressions, clicks, attributed orders, attributed revenue
We store OAuth access and refresh tokens, encrypted at the application layer using AES-256-GCM before they reach our database.
2.3 Information we collect automatically
- Technical data: your IP address, browser type, operating system, device identifiers, and timestamps of your requests.
- Usage data: pages you visit within the Service, features you use, and events such as logins and imports.
- Cookies and similar technologies: session cookies for authentication and functional cookies to remember your preferences. We do NOT use third-party advertising cookies or cross-site tracking pixels.
2.4 What we do NOT collect
- Buyer names, addresses, phone numbers, or email addresses from your TikTok Shop orders
- Your TikTok Shop password or seller center login credentials (we authenticate via OAuth, never directly)
- Biometric information, precise geolocation, or social security numbers
- Information about you from data brokers or third-party lists
3. How we use information
We use the information we collect only for the following purposes:
- To operate the Service — syncing your TikTok Shop data, calculating your profit and loss metrics, rendering dashboards and reports, and exporting data at your request.
- To secure the Service — detecting and preventing fraud, abuse, and unauthorized access.
- To communicate with you — service emails (password resets, billing receipts, critical security notices) and, if you opt in, product updates.
- To comply with our legal obligations — tax records, responses to lawful legal process, and audit trails.
- To improve the Service — analyzing aggregated, de-identified usage patterns to understand which features are used and where customers struggle.
We do NOT use your data to:
- Train AI or machine learning models for any purpose other than serving you
- Sell or rent your data to anyone
- Build advertising profiles about you or your customers
- Share data with any other TikTok Shop seller
4. Legal bases for processing
Depending on the jurisdiction, we rely on one or more of the following legal bases to process your information:
- Performance of a contract — to provide the Service you signed up for
- Legitimate interests — to secure the Service, improve it, and communicate with you about it
- Consent — for optional marketing emails (you can withdraw consent at any time)
- Legal obligation — to comply with tax, accounting, and other legal requirements
5. When we share information
We share personal information only in the following situations:
5.1 Service providers (processors)
We use a small number of trusted infrastructure providers who process data on our behalf, under written data processing agreements:
| Provider | Purpose | Data location |
|---|---|---|
| Supabase (AWS) | Database, authentication, file storage | AWS us-east-1, United States |
| Vercel | Application hosting and edge delivery | United States |
| Stripe (payment processor) | Payment processing | United States |
| Resend | Transactional email delivery | United States |
| TikTok Shop Partner APIs | Syncing shop data (data flows to us at your request; we do not share your data back with TikTok beyond what their platform requires) | United States |
5.2 Legal requirements
We will disclose information when compelled by valid legal process (subpoena, court order, search warrant). We will push back on overbroad requests, notify you when legally permitted, and narrow disclosures to what is strictly required.
5.3 Business transfers
If Uptown Solutions LLC is acquired, merged, or sells substantially all its assets, your information may transfer to the acquiring entity. We will notify you in advance and give you a meaningful opportunity to export or delete your data before the transfer.
5.4 With your explicit consent
Any sharing beyond the above requires your explicit, opt-in consent. We do NOT share data with advertisers, data brokers, analytics companies for their own use, or any other third parties for their own commercial purposes.
6. Where we store and process data
All of your data is stored and processed in the United States, specifically in the AWS us-east-1 region (Northern Virginia). Encrypted backups are retained in the same region. We do not transfer your data outside the United States.
7. How long we keep data
| Data type | Retention |
|---|---|
| Account and profile data | For the life of your account, plus 30 days after deletion request |
| TikTok Shop data synced on your behalf | For the life of your subscription, plus 30 days after disconnection or deletion |
| Billing records | 7 years (US tax and accounting requirement) |
| Support correspondence | 2 years from last contact |
| Security and audit logs | 1 year |
| Aggregated, de-identified analytics | Indefinitely |
When you delete your account, we soft-delete your data within 24 hours and purge it from all live systems and backups within 90 days, except where we are required to retain it for the periods above.
8. Your privacy rights
You have the following rights regarding your personal data. These are available to all users, with additional rights for residents of certain states and regions.
8.1 Rights available to everyone
- Access — request a copy of the personal data we hold about you
- Correction — fix inaccurate information
- Deletion — delete your account and data
- Portability — export your data in a machine-readable format (CSV or JSON)
- Objection — object to certain types of processing
- Withdraw consent — for anything you previously opted into
8.2 Additional rights for California residents (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect, use, and share
- Delete personal information (with some exceptions)
- Correct inaccurate personal information
- Opt out of the “sale” or “sharing” of personal information — note: we do not sell or share personal information as defined by CCPA
- Limit use of “sensitive personal information” — note: we do not use sensitive personal information beyond what is strictly necessary to provide the Service
- Non-discrimination for exercising any of these rights
8.3 Additional rights for Florida residents (Florida Digital Bill of Rights)
The Florida Digital Bill of Rights (FDBR) primarily applies to businesses with over $1 billion in global gross revenue that meet specific additional criteria. SettleTrack does not currently meet these thresholds. Even so, as a Florida-based company, we extend substantively similar rights to all Florida consumers:
- Access, correction, deletion, and portability of personal data
- Opt-out of targeted advertising, sale of personal data, and profiling with significant effects
- Appeal any refused request
8.4 Additional rights for other US state residents
If you are a resident of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or another state with a comprehensive privacy law, you have substantively similar rights to California residents. Contact us at privacy@mysettletrack.com to exercise them.
8.5 How to exercise your rights
Email us at privacy@mysettletrack.com from the email address associated with your account. We will verify your identity and respond within 30 days (45 for complex requests, with notice). You will not be charged for exercising your rights, and we will not retaliate against you for doing so.
9. How we protect your data
We implement security controls proportionate to the sensitivity of the data we handle. These include:
- Encryption in transit — TLS 1.3 everywhere. HTTP connections are redirected to HTTPS.
- Encryption at rest — AES-256 for database storage, plus an additional AES-256-GCM application-layer encryption for OAuth tokens.
- Access control — row-level security in our database ensures that workspaces can only access their own data. Employee access is least-privilege and audit-logged.
- Authentication — multi-factor authentication (MFA) enabled on all administrative accounts.
- Vulnerability management — automated dependency scanning, regular updates, and a documented patching cadence.
- Network segregation — database and application runtime are isolated by our infrastructure providers.
- Monitoring — unusual access patterns and errors are logged and reviewed.
We also maintain internal policies covering information security, incident response, data classification, access control, and vulnerability management. Copies can be provided to enterprise customers upon request under NDA.
No system is 100% secure. We cannot guarantee absolute security, but we commit to the practices above and to improving them over time.
10. Data breach notification
If we experience a data breach that affects your personal information, we will:
- Notify TikTok and affected sellers as soon as practicable, and no later than 72 hours after confirming the breach
- Provide details about what happened, what data was involved, what we are doing to contain and remediate, and what you can do
- Notify regulatory authorities where required by law
11. Children
The Service is intended for users aged 18 and older. We do not knowingly collect information from children under 13 (per the US Children’s Online Privacy Protection Act), nor from anyone under 18. If you believe a child has provided information to us, contact us immediately and we will delete it.
12. Third-party links
The Service may contain links to third-party websites and services, including TikTok’s own properties. We are not responsible for the privacy practices of those third parties. Review their privacy policies before sharing information with them.
13. Do Not Track
Some browsers offer a “Do Not Track” setting. There is no industry-wide standard for interpreting DNT signals, so we do not currently respond to them. We do, however, limit our own tracking to what is described in Section 2.3.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will:
- Update the “Last updated” date at the top
- Notify active users by email at least 30 days before the change takes effect
- Post a notice on the Service
If you do not agree with the change, you can delete your account before the change takes effect.
15. Contact us
General privacy questions: privacy@mysettletrack.com
Data Protection Contact (DPO-equivalent):
- Name: Rabia Shahid
- Email: privacy@mysettletrack.com
- Address: Uptown Solutions LLC, 17288 Boca Club Blvd, Unit 2001, Boca Raton, FL 33487
Appeals:If we refuse a privacy request, you can appeal to the same address with “Privacy Appeal” in the subject line.