Tiny-Shopstiny-shops

Privacy Policy

Last Updated: June 9, 2026

This Privacy Policy explains how Tiny Shops ("Tiny Shops", "we", "us") collects, uses, and protects personal data when you, as a merchant, use the Tiny Shops platform (the "Service"). We act as the data controller for the merchant account data described here.

When you run a store, you collect data about your own customers (for example, order and contact details). For that data you are the controller and we act as your processor, handling it on your instructions solely to provide the Service. You are responsible for having a lawful basis and your own privacy notice for your customers.

1. Data we collect about merchants

  • Telegram identity. When you sign in with Telegram we receive your Telegram user ID and the profile fields Telegram shares (such as first name, last name, and username).
  • Store and bot configuration. Your store name, tenant identifier, and the Telegram bot token you connect. Bot tokens are encrypted at rest and are never shown again after you save them.
  • Legal-consent record. When you create a store we store the fact and time you accepted these Terms and this Policy, the version you accepted, and the IP address you accepted from, as a record of consent.
  • Billing data. Subscription, plan, and usage information. Card and payment details are processed by our payment partner Polar โ€” we do not store full card numbers.
  • Usage and device data. Log data, IP address, approximate location, browser/device information, and product-analytics events about how you use the dashboard.
  • Communications. Messages you send us for support or other requests.

2. How and why we use data (legal bases)

  • To provide, operate, secure, and support the Service โ€” to perform our contract with you.
  • To process subscriptions, billing, and usage charges โ€” to perform our contract and comply with tax/accounting law.
  • To keep a record of your acceptance of these Terms and this Policy โ€” to comply with our legal obligations and for our legitimate interest in proving consent.
  • To prevent fraud and abuse and to keep the Service secure โ€” our legitimate interests and legal obligations.
  • To understand and improve the Service through analytics โ€” our legitimate interests, or your consent where required for non-essential cookies.
  • To send service and, where permitted, product messages โ€” our legitimate interests or your consent; you can opt out of marketing.

3. Service providers (sub-processors)

We share personal data with providers who process it on our behalf, under contract, only to deliver the Service:

  • Telegram โ€” authentication and bot messaging.
  • Polar โ€” subscription billing and payment processing (merchant of record).
  • Fly.io โ€” application and database hosting.
  • PostHog and Vercel Analytics โ€” product and traffic analytics.

We may also disclose data to comply with law, enforce our Terms, or protect rights and safety, and in connection with a merger or acquisition (with notice where required). We do not sell your personal data.

4. International transfers

We accept merchants worldwide, and our providers may process data in countries other than yours, including the United States. Where personal data is transferred across borders, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) where required by law.

5. Retention

We keep merchant account data while your account is active and for as long as needed to provide the Service. After you close your account we delete or anonymise personal data within a reasonable period, except where we must keep it longer to meet legal, tax, accounting, or dispute-resolution obligations (for example, billing records and the consent record).

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact legal@tiny-shops.com. You also have the right to lodge a complaint with your local data-protection authority. We will respond as required by applicable law.

7. Cookies and analytics

We use cookies and similar technologies that are necessary to run the dashboard (for example, to keep you signed in) and, where permitted, to measure and improve the Service. You can control non-essential cookies through your browser settings or any cookie controls we provide.

8. Security

We take reasonable technical and organisational measures to protect personal data, including encrypting sensitive secrets such as bot tokens at rest. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Children

The Service is for business use by adults and is not directed to children. We do not knowingly collect personal data from children.

10. Changes to this Policy

We may update this Policy from time to time. We will post the new version here, update the "Last Updated" date, and, for material changes, take reasonable steps to notify you.

11. Contact

For privacy questions or requests, contact legal@tiny-shops.com or use our contact page.