Legal

GDPR

Our commitment to data protection for EEA and UK users.

  1. Home
  2. Legal
  3. GDPR

TinyZy is committed to protecting the personal data of users in the European Economic Area (EEA), United Kingdom, and Switzerland in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

1. Data controller

TinyZy acts as the data controller for the personal data you provide when using our service. For questions about data processing, contact our data protection contact at privacy@tinyzy.com.

2. Legal bases for processing

We process your personal data on the following legal bases:

  • Contract performance — Processing your account data and link activity to provide the service you signed up for.
  • Legitimate interests — Security monitoring, fraud prevention, and service improvement.
  • Legal obligation — Compliance with applicable laws and regulatory requirements.
  • Consent — For optional marketing communications (you can withdraw at any time).

3. Your rights under GDPR

If you are located in the EEA or UK, you have the following rights:

  • Right of access — Request a copy of your personal data.
  • Right to rectification — Request correction of inaccurate data.
  • Right to erasure — Request deletion of your personal data ("right to be forgotten").
  • Right to data portability — Receive your data in a machine-readable format.
  • Right to restrict processing — Ask us to pause processing under certain circumstances.
  • Right to object — Object to processing based on legitimate interests or direct marketing.
  • Right not to be subject to automated decisions — We do not make solely automated decisions with legal effects.

4. How to exercise your rights

You can manage most of your data from your account settings. For data export or deletion requests, email privacy@tinyzy.com. We will respond within 30 days.

5. International transfers

Our services are hosted in the European Union. Where data is transferred outside the EEA we use Standard Contractual Clauses or rely on adequacy decisions approved by the European Commission.

6. Supervisory authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have processed your personal data unlawfully.

7. Data retention

We retain personal data for as long as your account is active or as needed to provide services. After account deletion, we anonymise or delete personal data within 90 days, except where retention is required by law.