Privacy Policy

When visiting or interacting with tinyDialog.com, app.tinyDialog.com, an embedded tinyDialog widget, or any other tinyDialog-operated pages, we collect different kinds of data.

We are commited to securing your data, and complying with local privacy regulations like GDPR.

If you have any questions or concerns, please message us at [email protected]

Your Rights

GDPR protects your user rights. Contact us via the e-mail above, to exercise them.

• You can access information on all data stored about you: Contact us and we will provide you with all information on data we have about you
• You have the right to be ‘forgotten’ by us: Let us know and we will delete all your personal data that we store.
• You have the right to correct any personal data stored about you: If there's any personal data about you that should be corrected by us, please let us know.
• You have the right to port your data to another service: We will give you a copy of your data in a plain text format so that you can provide it to another service.
• You have the right to file a complaint regarding our use of your data

Data

Personal Data

Your data is stored in a secure state-of-the-art way, respecting best-practices.

When Registering for an Account, we store data like your E-Mail, your entered Name, your connected oAuth Provider Data (when using oAuth like "Sign in With Google"), and other metadata.

When interacting with a tinyDialog survey, your entered response and metadata like your IP Address, Browser Data, and other metadata is stored.

TLS Encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential data. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and when the lock icon is displayed in your browser's address bar.

If TLS encryption is activated, the data you transfer to us cannot be read by unauthorized third parties in transit.

Infrastructure

We use services provided by our data processors (see list below) like Cloudflare Inc., Amazon Web Services Inc., Upstash Inc., and others, for running our service.

These subcontractors act as data processors on our behalf under the General Data Protection Regulation (GDPR). We have entered into a Data Processing Addendum (DPA) with Cloudflare to ensure compliance with GDPR requirements. This agreement ensures that personal data is processed only in accordance with our instructions, is secured using appropriate technical and organizational measures, and is not used for any purposes other than delivering the services.

Data Transfers

Our data processing providers may process personal data outside the European Economic Area (EEA). When such transfers occur, they are safeguarded by legal agreements and mechanisms, ensuring an adequate level of protection for personal data.

Purpose of Processing

The processing of personal data by our subcontractors is based on our legitimate interest in maintaining a secure and reliable online platform (Article 6(1)(f) GDPR). This includes hosting essential infrastructure, protecting against malicious activity and abuse, optimizing website performance, monitoring metrics, outages, and errors, and ensuring uninterrupted service delivery.

Further Information

For more information about how each provider handles personal data and complies with GDPR, please refer to their privacy policy and GDPR compliance resources.

Data Processing Subcontractors / Providers

• Cloudflare

  USA, Infrastructure Hosting, CDN (content delivery network), File Hosting, Deployment, Security & Abuse Prevention, Observability, Monitoring

• Upstash Inc.

  USA, Infrastructure Hosting, Caching, Abuse Prevention

• Amazon Web Services, Inc.

  USA, E-Mail Services

• Turso Inc.

  USA, Database Hosting

• Namecheap Inc

  USA, Domain Hosting, E-Mail Services

• GitHub Inc.

  USA, Source Code Hosting, Testing & Deployment Infrastructure, oAuth Provider

• Google

  USA, oAuth Provider