Tiny Tools Logo

Privacy Policy

Last updated: March 19, 2024

1. Introduction

Welcome to Tiny Tools ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Tiny Tools, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information you provide to us:

  • Email address (required for authentication)
  • Name (as provided through authentication)
  • Profile picture (optional, through authentication providers)
  • User preferences and settings
  • Tool usage data and saved content

2.2 Information automatically collected:

  • IP address and location data
  • Browser type and version
  • Device type and operating system
  • Usage patterns and interactions
  • Performance and error data
  • Cookies and similar tracking technologies
  • Time zone and language preferences
  • Unique device identifiers

2.3 Third-party Services:

We use the following third-party services:

  • Google Authentication (for user authentication)
  • Facebook Authentication (for user authentication)
  • Firebase (Google Cloud Platform, for data storage and analytics)
  • Google Analytics (for usage analysis)
  • Cloudflare (for security and performance)

3. How We Use Your Information

We process your information for:

  • Essential service operation and maintenance
  • User authentication and account management
  • Preference and settings management
  • Service improvement and optimization
  • Security threat detection and prevention
  • Legal compliance and audit requirements
  • Technical issue resolution
  • Service usage analysis
  • Communication about service updates
  • Fraud prevention

4. Data Storage and Security

4.1 Storage Location

Your data is primarily stored on Firebase servers located in the European Union and United States.

4.2 Security Measures

We implement:

  • End-to-end encryption for sensitive data
  • Regular security audits
  • Access control and authentication
  • Data backup and recovery procedures
  • Incident response protocols
  • Employee security training
  • Vulnerability monitoring

5. Your Rights Under GDPR and CCPA

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion (right to be forgotten)
  • Object to data processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with supervisory authorities
  • Opt-out of data sales (we don't sell data)
  • Non-discrimination for exercising rights

6. Data Retention

We retain your data for:

  • Active accounts: Duration of account existence
  • Deleted accounts: Up to 30 days after deletion
  • Analytics data: Up to 26 months
  • Security logs: Up to 12 months
  • Backup data: Up to 90 days

7. International Data Transfers

We may transfer data internationally under:

  • EU Standard Contractual Clauses
  • Privacy Shield Framework
  • Adequacy decisions
  • Binding Corporate Rules

8. Children's Privacy

Our service is not intended for children under 13 (16 in the EU). We do not knowingly collect or process data from children.

9. Changes to This Policy

We will notify you of material changes via:

  • Email notification
  • Service announcement
  • Website notice 30 days before changes take effect.

10. Contact Information

Data Protection Officer:

  • Email: [email protected]
  • Address: [Your Business Address]
  • Response time: Within 72 hours

11. Legal Basis for Processing

We process data under:

  • Contractual necessity
  • Legal obligations
  • Legitimate interests
  • User consent