Privacy & Cookie Policy

Last updated: November 24, 2025

This Privacy & Cookie Policy explains how TinyConsent ("we", "us", "our") collects and uses personal data when you visit TinyConsent (the "Website") or otherwise interact with us.

If you have any questions, you can contact us using the details in the "How to contact us" section below.

1. Who we are

The data controller responsible for your personal data is:

TinyConsent
3809 W Waco Dr
STE 2
76710 Waco
USA

You can contact us at:
Email: support@tinyconsent.com

2. What this policy covers

This policy explains:

• What personal data we collect
• How and why we use your personal data
• The legal bases we rely on
• Who we share your data with
• Whether we transfer your data internationally
• How long we keep your data
• Your rights under data protection laws
• How to contact us and supervisory authorities

3. Personal data we collect

Depending on how you use the Website, we may process the following categories of personal data:

• Identity data – such as name, username, title.
• Contact data – such as email address, telephone number, postal address.
• Account and profile data – such as login credentials (stored as password hashes), profile information, preferences, and settings.
• Usage and technical data – such as IP address, device type, browser type and version, operating system, pages you visit, time and date of visits, click paths and similar information about how you use the Website.
• Online identifiers – such as cookie IDs, pixel IDs, and similar identifiers used for analytics and advertising (see the "Cookies and similar technologies" section).

4. How we collect your personal data

We collect personal data in the following ways:

• Directly from you – for example when you fill in forms, create an account, place an order, contact us, or communicate with us in any way.
• Automatically – when you use the Website, certain technical data is collected automatically via cookies, pixels, server logs, and similar technologies (see "Cookies and similar technologies").
• From social login providers – for example where you choose to sign in using third-party services.

5. How and why we use your personal data (purposes and legal bases)

We must have a valid legal basis to process your personal data. Below are the purposes for which we use personal data and the legal bases we rely on. In some cases we rely on more than one legal basis.

5.1 Operating the Website and ensuring security

We use personal data to operate, maintain, and secure the Website, including troubleshooting, system maintenance, and preventing fraud or abuse.

• Examples of data used: usage and technical data; identity data; account and profile data
• Legal basis: Legitimate interests

5.3 Providing accounts or services you sign up for

We process personal data to create and manage your account, authenticate you, and provide services you request.

• Examples of data used: identity data; contact data; account and profile data
• Legal basis: Performance of a contract

5.5 Sending marketing communications

If you opt in, we use your data to send newsletters and information about our products or services that may interest you.

• Examples of data used: identity data; contact data
• Legal basis: Consent

You can unsubscribe at any time by using the link in our emails or by contacting us.

5.7 Analytics and improving our services

We use analytics tools to understand how visitors use the Website, so we can improve performance, content, and user experience.

• Examples of data used: usage and technical data; online identifiers
• Legal basis: Consent

Where required by law, analytics cookies are only used with your consent.

We may also process your personal data where necessary to comply with legal obligations, to establish, exercise, or defend legal claims, or to protect the vital interests of you or another person.

6. Cookies and similar technologies

We use cookies and similar technologies on the Website.

• Strictly necessary cookies – these are essential to make the Website work (for example, to remember your session or keep you logged in). They cannot be switched off in our systems.
• Functional cookies – these allow the Website to remember choices you make (such as language or region) and provide enhanced features.
• Analytics cookies – these help us understand how visitors use the Website so we can improve performance and content.

Where required by law, we only set non-essential cookies (such as analytics or advertising cookies) after you have given your consent via our cookie banner. You can withdraw your consent at any time by revisiting the banner or using the Cookie settings link.

You can also configure your browser to block or delete cookies. However, if you block certain cookies, some features of the Website may not function properly.

7. Who we share your personal data with

We use trusted third-party service providers to help us run our business and the Website. These providers only process personal data on our instructions and are bound by contracts that comply with applicable data protection laws.

Supabase for Auth and Storage, Vercel for Hosting, Google for Analytics

In some cases, these third parties may act as independent controllers (for example, payment providers that must keep transaction records for legal reasons). In such cases, their own privacy policies will apply in addition to this one.

We may also share personal data where required by law, to protect our rights, or in connection with a business transaction (such as a merger or sale).

8. International data transfers

We serve customers in the UK, the EEA, other countries worldwide.

Some of our service providers are based in the United States, which means your personal data may be transferred to and processed in countries that may not provide the same level of data protection as the EEA or UK.

Where we transfer personal data outside the EEA/UK, we ensure that appropriate safeguards are in place, including:

• Adequacy decisions - our providers are in countries recognized by the EU or UK as providing adequate data protection (for example, under the EU–US Data Privacy Framework)

You can contact us for more information about the specific safeguards we use in relation to international transfers.

9. How long we keep your personal data

We keep personal data only for as long as necessary to fulfill the purposes described in this policy, including to meet legal, accounting, or reporting requirements.

When the relevant retention period expires, we will delete or anonymise your personal data, unless we need to keep it longer to comply with legal obligations or to establish, exercise, or defend legal claims.

10. How we protect your personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or damage. These measures include access controls, encryption where appropriate, secure hosting environments, and regular security reviews.

However, no method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

11. Your rights

If you are in the EEA, UK, or another region with similar data protection laws, you have the following rights (subject to conditions and exceptions in the law):

• Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy of it.
• Right to rectification – to have inaccurate or incomplete personal data corrected.
• Right to erasure – to have your personal data deleted in certain situations.
• Right to restrict processing – to restrict our processing of your personal data in certain situations.
• Right to object – to object to our processing of your personal data where we rely on legitimate interests or where we process your data for direct marketing.
• Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.
• Right to withdraw consent – where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

You can exercise your rights by contacting us using the details in the "How to contact us" section. We may need to verify your identity before responding. We aim to respond within one month, but this may be extended in complex cases.

12. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with a data protection authority, in particular in the EEA or UK country where you live or work, or where you believe a breach has occurred.

13. Children

This Website is not intended for children under 16, and we do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can delete it.

14. Automated decision-making and profiling

We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

15. Changes to this policy

We may update this Privacy & Cookie Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make significant changes, we may provide additional notice (such as displaying a banner or sending an email, where appropriate).

16. How to contact us

If you have any questions about this policy or how we use your personal data, or if you wish to exercise your rights, you can contact us at:

TinyConsent
Email: support@tinyconsent.com
Postal address: 3809 W Waco Dr, STE 2, 76710 Waco, USA