At Trollishly, protecting your personal and financial information is our highest priority. This Data Security page explains the technical and organizational measures we implement to safeguard your data when you use our TikTok, Instagram, and YouTube growth services.
We adhere to industry-leading security standards including PCI-DSS certification and GDPR compliance to ensure your information remains secure throughout your journey with us.
Our Security Commitment
Trollishly employs bank-level encryption, certified payment processors, and strict data handling protocols to protect your information. We never ask for your social media passwords and we never store your payment card details on our servers.
Core Security Measures
SSL/TLS Encryption
All data transmitted between your device and our servers is encrypted using 256-bit SSL/TLS encryption, the same standard used by banks and financial institutions.
PCI-DSS Certified
Our payment processing infrastructure is PCI-DSS Level 1 compliant, the highest level of payment security certification in the industry.
GDPR Compliant
We follow GDPR (General Data Protection Regulation) standards for data collection, processing, storage, and user rights across all our services.
No Password Required
We never ask for your TikTok, Instagram, or YouTube passwords. Our services work with public profile URLs only, eliminating credential theft risk.
Secure Payment Processing
All payments are processed through Stripe and other tier-1 payment gateways. Your card details never touch our servers.
Data Minimization
We collect only the minimum data necessary to fulfill your orders and provide support, following privacy-by-design principles.
Payment Security
When you make a purchase on Trollishly, your payment information is handled with the highest security standards:
How We Process Payments Securely:
- Tokenization: Your card details are immediately tokenized (converted to a secure code) by our payment processors
- No Storage: We never store your complete card number, CVV, or PIN on our servers
- Encrypted Transmission: All payment data is transmitted over secure, encrypted connections (HTTPS with TLS 1.3)
- Fraud Detection: Real-time fraud screening and 3D Secure authentication for high-risk transactions
- Certified Processors: We only work with PCI-DSS Level 1 certified payment gateways:
- Stripe (primary payment processor)
- Visa, Mastercard, Apple Pay, Google Pay networks
What You See
When you pay, your card details are entered directly into our payment processor's secure form (not our website). This is indicated by a padlock icon and "Secure" badge in your browser. We only receive a confirmation token—never your actual card number.
Data Protection Practices
What Data We Collect:
| Data Type | Purpose | Retention Period |
|---|---|---|
| Email Address | Order confirmation, support communication, account recovery | Until account deletion request |
| Social Media Profile URL | Service delivery to correct account/content | 90 days after order completion |
| Order Details | Service fulfillment, refund/refill processing, customer support | 7 years (tax/legal requirements) |
| Payment Token | Transaction verification, dispute resolution | 13 months (payment processor retention) |
| Device/Browser Info | Fraud prevention, security monitoring, site optimization | 12 months |
How We Protect Your Data:
- Encryption at Rest: All stored data is encrypted using AES-256 encryption
- Encryption in Transit: All network communication uses TLS 1.3 or higher
- Access Controls: Strict role-based access controls (RBAC) limit employee access to customer data
- Audit Logs: All data access is logged and monitored for suspicious activity
- Secure Infrastructure: Servers hosted in SOC 2 Type II certified data centers
- Regular Backups: Encrypted backups stored in geographically separate locations
- Automatic Data Deletion: Temporary data (logs, cache) is automatically deleted after retention period
No Password Policy
One of our most important security features is our No Password Required policy:
Why We Never Ask for Passwords
Social media passwords are the keys to your digital identity. Trollishly services work exclusively with public profile URLs and video links—information that's already publicly accessible on TikTok, Instagram, and YouTube. We have no technical need for your passwords, and we never ask for them.
How Our Services Work Without Passwords:
- You provide your public profile URL or video link (e.g., tiktok.com/@username)
- We verify the link is valid and accessible
- Our system delivers likes, followers, or views using platform-compliant methods
- You see results appear on your public profile—no login required
Warning Signs of Scams:
If any service asks for the following, it's a red flag:
- ❌ Your TikTok, Instagram, or YouTube password
- ❌ Access to your email account
- ❌ Two-factor authentication codes
- ❌ "Temporary access" to your account
- ❌ Installation of third-party apps with account access
Legitimate services like Trollishly only need your public profile URL. If you're ever asked for passwords or account access, please contact our support team immediately to report it.
GDPR Compliance & Your Rights
For users in the European Union and other GDPR-compliant regions, we uphold the following data protection rights:
Your Data Rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for data processing at any time
How to Exercise Your Rights:
To exercise any of these rights, email us at [email protected] with "GDPR Request" in the subject line. Include:
- Your registered email address
- Specific right you wish to exercise
- Any relevant order IDs or account information
We will respond within 30 days (as required by GDPR) with confirmation or request for additional verification if needed.
Security Incident Response
Despite our best efforts, no online service can guarantee 100% security. In the unlikely event of a data breach:
Our Response Protocol:
- Detection & Containment: Immediate isolation of affected systems (within minutes)
- Investigation: Forensic analysis to determine scope and impact (within hours)
- User Notification: Email notification to affected users within 72 hours (GDPR requirement)
- Regulatory Reporting: Notification to relevant data protection authorities as required by law
- Remediation: Implementation of additional security measures to prevent recurrence
- Transparency: Public disclosure on our website (if breach affects significant number of users)
What We'll Tell You:
- What data was compromised
- When the breach occurred and was discovered
- What we're doing to fix it
- What steps you should take to protect yourself
- Where to get more information and support
Third-Party Security
We work with carefully vetted third-party services to provide our offerings. Each partner must meet our security standards:
Our Partners:
- Payment Processing: Stripe (PCI-DSS Level 1, SOC 2 Type II certified)
- Infrastructure Hosting: Cloud providers with ISO 27001, SOC 2 Type II certifications
- Email Services: Transactional email providers with GDPR compliance
- Customer Support Tools: Secure messaging platforms with end-to-end encryption
Our Vetting Process:
Before integrating any third-party service, we:
- Review their security certifications and compliance documentation
- Evaluate their data handling and privacy practices
- Sign Data Processing Agreements (DPAs) where applicable
- Conduct periodic security reviews and audits
- Monitor for security incidents or policy changes
For a list of third-party processors and their privacy policies, see our Privacy Policy.
Security Best Practices for Users
While we implement strong security measures, you also play a crucial role in protecting your account:
Recommendations:
- Use Strong Passwords: For your email account (used for order confirmations)
- Enable Two-Factor Authentication: On your social media accounts and email
- Verify Our Website: Always check you're on the legitimate trollishly.com domain
- Never Share Passwords: With anyone claiming to be from Trollishly
- Use Secure Networks: Avoid public Wi-Fi for transactions (or use a VPN)
- Keep Software Updated: Use the latest browser version with security patches
- Monitor Your Accounts: Check social media and bank statements regularly for suspicious activity
- Report Suspicious Activity: Contact us immediately if you notice anything unusual
Phishing Warning
Trollishly will never send unsolicited emails asking you to "verify your account" or "confirm your payment details." If you receive such an email, do not click any links. Forward it to [email protected] and delete the original.
Related Policies
Our Data Security practices are part of our broader privacy and security framework:
Contact Our Security Team
If you have questions about our data security practices or need to report a security concern:
- General Security Questions: [email protected]
- WhatsApp: +1 442 226 4045
- Telegram: @trollishly
For urgent security incidents or vulnerability reports, please include "SECURITY" in your subject line for priority handling. We appreciate responsible disclosure and will respond promptly to all legitimate security concerns.