Privacy Policy

Last updated: May 17, 2026

What we do, in plain English. S4L gives creators tools to schedule and publish their own content to accounts they personally own and control. Meditation Fellow Studio is the scheduling and publishing tool the account holder of @meditation.fellow uses to post their own meditation content to their own TikTok account. We collect only what is needed to do that, we do not sell data, and we do not use your content to train anyone else’s models.

Who we are

S4L is operated by Matthew Diakonov. Contact: i@m13v.com. This policy covers the S4L website (s4l.ai), the S4L dashboard (app.s4l.ai), and the Meditation Fellow Studio TikTok integration.

What we collect

  • Account email: the email you use to sign up or to connect a platform account.
  • Platform access tokens: the access and refresh tokens issued by a platform (such as TikTok) when you, the account holder, authorize the integration. We store these only to publish the content you submit and to read public engagement metrics on posts you made through the integration.
  • The content you submit: videos, captions, and replies you ask the tool to publish, plus a record of when and where each piece was published.
  • Public engagement counters: counts of views, likes, replies, and clicks on posts you made through the integration, retrieved from the platform’s official API.
  • Product analytics: PostHog session events on our marketing site and dashboard. We do not sell this data and we do not enrich it with third-party identifiers.

TikTok specifically

When you connect a TikTok account to Meditation Fellow Studio:

  • We request the scopes user.info.basic, video.upload, and video.publish, and only those.
  • We retrieve and store your TikTok open_id, display name, and avatar URL so the dashboard can show which account is connected.
  • We use the access token only to upload and publish videos you, the account holder, submit through the tool, and to refresh the token via the standard refresh-token flow.
  • We do not view, download, scrape, or analyze the content of any other TikTok account. We do not use TikTok data for advertising profiles, identity graphs, or training third-party models, and we do not sell it to third parties.
  • You can revoke the connection at any time from your TikTok settings; this immediately invalidates our token. You can also ask us to delete the stored token from our database by emailing i@m13v.com.

How we use what we collect

  • To deliver the service you asked for (publishing your content, scheduling, and showing you the engagement counters on your own posts).
  • To keep the service secure and to debug it when something goes wrong.
  • To send transactional and account-related email. We do not send marketing email without consent.

Sub-processors

  • TikTok: receives the content you publish, via its official Content Posting API.
  • Neon: managed Postgres, stores accounts and tokens.
  • Google Cloud Storage: temporary staging for video files while they are being uploaded to the destination platform. Files are removed after publish completes.
  • Anthropic, OpenAI, Google Gemini: model providers used to draft caption text when you ask the tool to draft. We send only the prompt you choose to draft, and we do not send access tokens, refresh tokens, or any other secrets to these providers.
  • PostHog: product analytics for the marketing site and dashboard.
  • Resend: transactional email delivery.
  • Vercel and Google Cloud Run: hosting.

Retention

Access and refresh tokens are kept while the connection is active and deleted when you disconnect or after 90 days of inactivity. Records of what was published and the public engagement counters on those posts are kept indefinitely so historical performance is available, unless you ask us to delete them.

Your rights

You can request access, correction, export, or deletion of your data by emailing i@m13v.com. We respond within 30 days. If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

Security

Access and refresh tokens are encrypted at rest. Access to production systems is restricted to authorized operators. We will notify affected users of a security incident that materially affects their data without undue delay.

Children

The service is not directed at children under 13 (or the local age of digital consent). We do not knowingly collect data from children. If you believe a child has provided us data, email us and we will delete it.

Changes

Material changes will be posted on this page with a new “last updated” date and, for paying customers, by email.

Contact

i@m13v.com