Privacy Policy

Last updated: May 2024

Introduction

Tinyito is run by Edgy Thoughts Limited in the United Kingdom. This notice sets out what data we collect when you use tinyito.com and how we create and deliver your personalised alphabet cards in a secure way.

We collect only the details required to provide the service and will never use them for marketing unless you give explicit consent. By continuing to use the site you accept the practices described below.

Information We Collect

We gather the following details so we can process your order:

  • Your name
  • Email address
  • Shipping address (for printed cards)
  • Generated images (e.g. alphabet cards, and avatars)

How We Use Your Information

We use your information exclusively to:

  • Produce and, if requested, deliver your alphabet cards (digital or printed)
  • Communicate with you about your order
  • Provide customer support

We will never use your data for promotional messages unless you have opted-in.

Data Storage and Security

  • Reference photos stay on your device; they are sent only briefly to OpenAI for image generation and are then deleted.
  • The avatars or alphabet-card images we create for you are kept safely in Supabase storage.
  • Your name, email and (where needed) shipping details are stored in an encrypted Supabase database.
  • We implement security measures to protect your data from unauthorised access, alteration, disclosure, or destruction.
  • We store a login token in your browser’s localStorage to maintain your session while using the website. This token is not shared with any third parties and is only used to authenticate your access securely.

Third-Party Sharing

We share data with outside providers solely so the service can work:

  • OpenAI: Your photos are securely sent to OpenAI to generate your personalised alphabet cards. We have explicitly turned off settings that would allow OpenAI to use your images for improving their AI models. Once your cards are completed, we delete the images from OpenAI’s systems. For more information, see the OpenAI Privacy Policy.
  • Print-on-demand partner: If you order printed cards, we share the artwork and shipping details with a trusted print-on-demand provider to produce and ship your order.
  • Stripe: We use Stripe to process payments securely. Your payment information is handled directly by Stripe and not stored on our servers. Stripe may collect and process your payment details, including your name, email, billing address, and payment method. Review the Stripe Privacy Policy for details.

We never sell your information or share it for advertising purposes.

Cookies

We don’t set cookies or employ comparable tracking tools.

International Data Transfers

Because we have customers around the world, some information may cross borders. Whenever that happens we rely on safeguards that meet UK / EU GDPR requirements.

Your Rights Under GDPR

If you are in the UK or EU, you can:

  • Ask for a copy of the data we hold about you
  • Request corrections to inaccurate or incomplete information
  • Ask us to delete your data
  • Limit or object to how we process your data
  • Receive your data in a portable format
  • Withdraw consent at any time (where consent is the legal basis)
  • Lodge a complaint with a supervisory authority

To exercise any of your rights, please contact us at nilseriksson89.ne@gmail.com.

Children’s Privacy

The service is aimed at adults. We do not knowingly collect information directly from anyone under 16. If you think a child has supplied personal data, please let us know so we can remove it.

Changes to this Policy

We may update this policy from time to time. When we do, we will post the revised version here and change the “last updated” date above. Please check back occasionally.

Contact Us

If you have questions about this notice or how we handle your data, contact us at:

Edgy Thoughts Limited
85 Great Portland Street
First Floor
London W1W 7LT
United Kingdom
Email: nilseriksson89.ne@gmail.com