Verified Compliance

Platform API Compliance

Supportive is built to comply with the developer policies, data use requirements, and terms of service of every platform we integrate with.

TikTok Business API

Supportive accesses TikTok Business accounts exclusively through TikTok's official OAuth authorization flow. Users explicitly grant permission.

Users are redirected to TikTok's authorization page. Supportive never handles TikTok passwords or credentials directly.

We request only the minimum scopes required: read and send Direct Messages on behalf of the business account holder.

Users can revoke Supportive's TikTok access at any time from Settings or directly from TikTok's connected apps page.

Facebook Pages and Instagram Business accounts are connected through Meta's official OAuth login flow with explicit user consent.

Users authorize Supportive via Meta's secure login dialog. We receive a page access token with the permissions explicitly granted.

We request pages_messaging, instagram_basic, and instagram_manage_messages — only what is needed for inbox functionality.

Users can disconnect Meta integrations from Supportive Settings or from Facebook's Business Integrations page at any time.

No Data Resale

We never sell, license, or share user data or conversation data with third parties.

Encryption

All OAuth tokens encrypted at rest. All data encrypted in transit using TLS 1.3.

Audit Logs

All API access and data access events are logged for compliance and security review.

Responsible Use

Supportive is designed exclusively for legitimate business customer support use cases.