Privacy Policy

This Privacy Policy explains how [COMPANY NAME] ("Tinies", "we", "us") collects, uses, stores, and shares personal data when you use tinies.app and related services (the "Platform").

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation ("GDPR") and applicable Cyprus law. This policy should be read together with our Terms of Service.

Depending on how you use Tinies, we may process:

• Account information — name, email address, phone number (if provided), password (stored securely via our authentication provider; we do not store your plain password in our own database), role (owner, provider, rescue, adopter, etc.), and profile details.
• Pet profiles — information you add about pets (name, species, breed, age, photos, notes) for bookings or your account.
• Booking history — services booked, dates, messages related to bookings, reviews, and dispute or claim information where applicable.
• Payment information — we use Stripe to process payments. We do not store full card numbers on our servers; Stripe collects and processes card data according to its own privacy policy.
• Location — approximate or district-level location and addresses you provide for search, service areas, or logistics (for example adoption or meet-and-greet).
• Device and browser information — IP address, browser type, device type, and similar technical data used for security, analytics, and service improvement.
• Photos and documents — images you upload (for example pet photos, provider verification ID, rescue logos) and, where applicable, documents for verification or adoption.
• Adoption applications — information submitted in application forms, shared with the relevant Rescue Organisation as needed to process your application.

We use personal data to:

• Provide, operate, and secure the Platform;
• Create and manage accounts, and authenticate users;
• Facilitate Bookings between Owners and Providers, including payments and payouts;
• Send service-related notifications (for example booking updates, security alerts) by email or SMS where you have provided contact details;
• Facilitate adoption listings, applications, and coordination features;
• Operate Tinies Giving, round-up donations, and Guardian subscriptions as described on the Platform;
• Improve the Platform, analyse usage trends, and prevent fraud and abuse;
• Comply with legal obligations and enforce our Terms.

Under GDPR we rely on one or more of the following:

• Performance of a contract — processing necessary to provide the services you request (for example processing a Booking or adoption application).
• Legitimate interests — for example fraud prevention, network security, improving the Platform, and direct communications related to your account, where not overridden by your rights.
• Consent — where we ask for consent (for example certain marketing messages or non-essential cookies), you may withdraw consent at any time.
• Legal obligation — where we must retain or disclose data to comply with law, tax, or regulatory requirements.

We share personal data only as needed to run the Platform:

• Stripe — payment processing, payouts, and related fraud checks.
• Twilio — SMS messages (for example OTP or notifications) where enabled.
• Resend — transactional and service emails.
• Supabase — authentication, database, and file storage for the Platform. We configure services with EU data residency where available for customer data.
• Rescue Organisations — adoption application details you submit are shared with the organisation listing the animal so they can review your application.
• Providers and Owners — limited information is shared between parties to a Booking (for example name, contact details, and pet information) as needed to perform the service.

We do not sell your personal data.

Where we use processors that may process data outside the European Economic Area (for example Stripe or other US-based providers), we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other mechanisms permitted under GDPR. You may request more information about transfers by contacting us.

Supabase and core Platform data are configured for EU hosting where we use EU regions; specific subprocessors may still involve transfers as described in their documentation.

We keep account and profile data while your account is active. If you ask us to delete your account, we will delete or anonymise personal data unless we must retain certain information to comply with law or defend legal claims.

Booking, payment, and accounting records may be retained for up to seven (7) years where required for tax, audit, or regulatory purposes.

If you are in the EEA or UK, you may have the right to:

• Access — obtain confirmation of processing and a copy of your personal data;
• Rectification — correct inaccurate data;
• Erasure — request deletion in certain circumstances;
• Portability — receive data you provided in a structured, machine-readable format where technically feasible;
• Restriction — limit processing in certain cases;
• Object — object to processing based on legitimate interests, including profiling in some cases;
• Withdraw consent — where processing is based on consent, without affecting prior lawful processing.

You may also lodge a complaint with a supervisory authority in your country.

Email hello@tinies.app with your request. We may need to verify your identity before responding. We aim to respond within one month, subject to extension for complex requests as allowed by law.

We use cookies and similar technologies sparingly: for example session and authentication cookies (and related storage) so you can stay logged in securely, and analytics via Google Analytics 4 (GA4) to understand how the Platform is used. You can control cookies through your browser settings; blocking essential cookies may affect functionality.

Tinies is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have done so, please contact us and we will take steps to delete the information.

We may update this Privacy Policy from time to time. We will post the new version on this page and change the "Last updated" date. Where required, we will notify you by email or through the Platform.

Privacy questions: hello@tinies.app

Data Protection Officer: [TBD]