tinysend
sign in

Privacy Policy

What we collect

When you use tinysend, we collect basic information to make the service work:

  • Account info: email, name, payment details (via Stripe).
  • Newsletter data: emails you send, subscriber lists, email addresses.
  • Usage data: pages you visit, actions you take.
  • Email events: deliveries, opens, clicks, bounces, complaints (via Postmark).
  • Device info: browser type, device type, general location (country/city).

We don’t store IP addresses for email open or click tracking — location there comes from request headers, not a saved IP. We do retain IP addresses briefly for login sessions and abuse/fraud prevention.

Why we collect it

  • Provide the service (send emails, manage subscribers, track deliverability).
  • Improve the product (understand what works, fix bugs).
  • Prevent spam and abuse.
  • Comply with CAN-SPAM and other email regulations.
  • Communicate with you (support, updates, compliance notifications).

Legal basis: legitimate interest (improving product, fraud prevention) and contractual necessity (providing the service you signed up for).

Where data is stored

We use Cloudflare infrastructure for hosting and data storage. Data may be processed in the US or EU.

For EU users: transfers to the US are covered by Cloudflare’s EU-US Data Privacy Framework certification.

Payment data is handled by Stripe and never stored on our servers.

Email sending is handled by Postmark. They process delivery events and webhook notifications.

Subscriber data

You control subscriber data. You’re responsible for:

  • Obtaining proper consent before adding subscribers.
  • Providing clear unsubscribe options (we do this automatically).
  • Handling subscriber data requests (access, deletion).

We provide tools to manage subscribers but you’re the data controller for your lists.

Data retention

  • Account data: kept while your account is active.
  • Email archives: kept indefinitely or until you delete them.
  • Email delivery events: 2 years.
  • Payment records: kept as required by law (typically 7 years for tax purposes).

Your rights (GDPR)

If you’re in the EU, you have these rights:

  • Access: request a copy of your data.
  • Deletion: delete your account and associated data.
  • Correction: fix incorrect information.
  • Objection: object to certain data processing.
  • Portability: export your data.

To exercise these rights or ask questions: hi@tinysend.com.

Account deletion removes your personal info within 30 days. Subscriber data is deleted immediately.

Bot protection

We use Cloudflare Turnstile to protect forms (subscribe, signup) from bots and abuse. Turnstile runs invisibly — no CAPTCHA puzzles. It may collect limited technical data (browser signals, interaction patterns) to distinguish humans from bots. No personal data is sold or used for advertising. See Cloudflare’s Turnstile Privacy Policy for details.

Cookies

We use minimal cookies:

  • Authentication: keep you logged in (essential, no consent needed).
  • No tracking cookies, no third-party advertising cookies.

Changes

We may update this policy. Major changes will be announced via email to active users.

Contact

Questions about privacy: hi@tinysend.com.

Operated by: System Operator LLC, Delaware, USA.