Qrdy Frames — Privacy Policy
Last updated: 21 May 2026
1. About Qrdy Frames
Qrdy Frames is a web application operated at https://reels.qrdyai.com that lets a Qrdy creator render a short showcase reel from their own Canva frame designs and publish it to their connected TikTok account with one click. Qrdy Frames is part of the Qrdy product suite (qrdynamic.xyz, qrdyai.com). The broader Qrdy privacy practices and corporate-level disclosures are described in the Qrdy Privacy Policy; this document covers data handled specifically by the Qrdy Frames application.
2. Data Qrdy Frames collects
When a creator uses Qrdy Frames, the application processes the following data:
- TikTok account information — when a creator connects their TikTok account via OAuth, Qrdy Frames requests the scopes
user.info.basic,video.upload, andvideo.publish. Qrdy Frames retrieves the creator’s public TikTok display name andopen_ididentifier, and stores a short-livedaccess_tokenandrefresh_tokenso that the application can upload videos on the creator’s behalf when they explicitly trigger a publish. - Frame selections and captions — the IDs of the frames a creator selects for a reel and the caption text they enter before clicking “Post to TikTok”.
- Frame designs — Qrdy Frames reads frames the creator has previously created and saved in the Qrdy content library (MongoDB Atlas). Frames are read only to render the showcase video.
- Generated videos — short mp4 files (1080×1920, ~12 seconds, 5–15 MB) rendered from the creator’s selected frames. Videos are stored temporarily on a Railway persistent volume and uploaded to the creator’s TikTok account.
- Share codes — a 6-character public code mapped to the reel so the creator (and anyone they share the code with) can revisit the post via
/v/{code}. - Operational metadata — timestamps, job identifiers, per-account daily publish counters (to enforce a small rate limit), and TikTok publish status. No third-party user data is collected.
3. How Qrdy Frames uses data
Qrdy Frames uses the data above exclusively to: (a) render the creator’s selected frames into a showcase video, (b) upload that video to the creator’s connected TikTok account via TikTok’s official Content Posting API when the creator clicks “Post to TikTok”, (c) display a confirmation and share link after a successful upload, and (d) log the operation for debugging and rate-limit enforcement. Data is never sold, shared with third parties for advertising, or used to build user profiles.
4. Storage and retention
- TikTok OAuth tokens are stored encrypted on the Qrdy Frames server, scoped to the creator’s HttpOnly session cookie. Tokens are retained until the creator disconnects their TikTok account from Qrdy Frames or revokes the application’s permission inside TikTok.
- Generated videos are retained on the Qrdy Frames server volume for up to 7 days, then automatically deleted by a scheduled cleanup job.
- Share codes and their metadata (frame IDs, caption, TikTok publish ID) are stored in Redis with a 90-day TTL.
- Frame designs remain in the creator’s Qrdy content library and are read by Qrdy Frames with a read-only credential.
5. Third-party services
Qrdy Frames interacts with the following third-party services. Each has its own privacy policy:
- TikTok — tiktok.com/legal/privacy-policy
- Instagram / Meta — facebook.com/privacy/policy
- YouTube / Google — policies.google.com/privacy
- Railway (hosting) — railway.app/legal/privacy
- MongoDB Atlas (frame storage) — mongodb.com/legal/privacy-policy
6. Revoking access and deleting data
A creator may disconnect their TikTok account from Qrdy Frames at any time using the “Disconnect” button on reels.qrdyai.com. Doing so deletes the access and refresh tokens stored for that session. A creator may additionally revoke Qrdy Frames’ access from TikTok > Manage app permissions. Equivalent settings exist for Instagram (Meta Account Center) and YouTube (Google Account permissions). To request deletion of any other data held by Qrdy Frames, email support@qrdynamic.xyz.
7. Security
OAuth tokens are stored only on the Qrdy Frames server, scoped to an HttpOnly session cookie. The application is served exclusively over HTTPS. Communication with TikTok’s API uses TikTok’s official endpoints (open.tiktokapis.com) and the Content Posting API as documented by TikTok for Developers.
8. Children
Qrdy Frames is not directed to children under 13. Qrdy Frames does not knowingly collect personal information from children, consistent with the broader Qrdy Privacy Policy.
9. Changes
This policy may be updated. The current version of the Qrdy Frames Privacy Policy is always available at https://reels.qrdyai.com/privacy.
10. Contact
For questions about this policy or about Qrdy Frames, email support@qrdynamic.xyz or visit qrdyai.com.