How we protect our systems, data, and users.
The Peña Home LLC ("we", "us", "our"), operator of the AffiliIQ mobile application, is committed to maintaining the security, confidentiality, integrity, and availability of all data we handle — including user data retrieved from TikTok's APIs and data provided directly by users of the App.
This Information Security Policy describes the practices, controls, and standards we apply to protect our systems and the data entrusted to us. It applies to all personnel, contractors, and systems involved in the operation of AffiliIQ.
Our commitment: We treat security as a core responsibility, not an afterthought. User data is handled with the same care we would want applied to our own personal information.
This policy applies to:
We classify data into the following categories, each with corresponding handling requirements:
Highly Sensitive: TikTok OAuth tokens, API credentials, payment information, and authentication keys. These are encrypted at rest and in transit, stored server-side only, and never exposed to the client application or third parties.
Personal Data: TikTok usernames, profile information, affiliate performance data, financial data, and app settings. Stored encrypted, access-controlled, and handled in accordance with our Privacy Policy.
Operational Data: Anonymised usage analytics and application logs used for debugging and performance monitoring. Cannot be traced back to individual users.
We apply the principle of least privilege to all system access:
User authentication within the App is handled exclusively via TikTok's OAuth 2.0 system. We receive and store access tokens only — we never receive or store user passwords.
In transit: All data transmitted between the AffiliIQ app and our backend servers is encrypted using TLS 1.2 or higher. All API communications with TikTok are proxied through our backend — the client application never communicates directly with TikTok's APIs.
At rest: All user data stored in our databases is encrypted at rest using AES-256 encryption. OAuth tokens and API credentials are encrypted using industry-standard key management practices.
Key management: Encryption keys are managed through our cloud infrastructure provider's key management service. Keys are rotated regularly and access is restricted to authorised systems only.
AffiliIQ's backend infrastructure is hosted on reputable cloud providers with SOC 2 Type II certification. Our infrastructure practices include:
We carefully evaluate all third-party services before integration. Current third-party services used in the operation of AffiliIQ include:
All third-party vendors are contractually prohibited from using AffiliIQ user data for any purpose other than providing their specific service. We do not sell or share user data with third parties for advertising or commercial purposes.
In the event of a security incident or data breach, we follow a structured response process:
To report a security vulnerability or concern, please contact us at cs@affiliiq.com with the subject line "Security Report".
We retain user data only for as long as necessary to provide the App's services or as required by law. Upon account deletion:
All data disposal follows secure deletion practices to prevent recovery of deleted information.
This policy is reviewed and updated at least annually, or following any significant change to our systems, data handling practices, or applicable regulations.
We are committed to compliance with applicable data protection laws including the California Consumer Privacy Act (CCPA) and, where applicable, the General Data Protection Regulation (GDPR).
All personnel with access to user data are required to acknowledge and adhere to this policy. Violations may result in access revocation and appropriate action.
For questions about this Information Security Policy, to report a security concern, or to exercise your data rights, please contact us:
The Peña Home LLC
Operating AffiliIQ
United States
cs@affiliiq.com