Privacy Policy

1. Introduction

Welcome to TinyAsk ("we," "our," or "us"). TinyAsk is a product by Aidia ApS. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our survey platform and services.

2. Information We Collect

2.1 Information You Provide

When you create an account or use our services, we may collect:

• Name and email address
• Account credentials and authentication information
• Survey content and responses
• Payment and billing information (processed securely through third-party providers)
• Any other information you choose to provide

2.2 Automatically Collected Information

We automatically collect certain information when you use our services:

• Device information and IP address
• Browser type and version
• Usage data and analytics
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and manage your account
• Send you technical notices and support messages
• Respond to your comments and questions
• Monitor and analyze usage patterns
• Detect, prevent, and address technical issues
• Comply with legal obligations

4. Data Storage and Security

TinyAsk is built in the European Union and complies with GDPR regulations. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is stored securely using industry-standard encryption and security practices.

5. Sub-Processors

We use the following sub-processors to provide and improve our services. All sub-processors are bound by strict data processing agreements and comply with GDPR requirements:

• Hetzner (Hetzner Finland Oy): Cloud hosting and infrastructure services. Data is stored in Hetzner's Finland data center, which is ISO/IEC 27001 certified and fully GDPR compliant. Hetzner provides physical security, data encryption, and access controls for our servers.
• Brevo (formerly Sendinblue): Email delivery services for transactional and marketing emails. Brevo is GDPR compliant and processes email data in accordance with European data protection standards.
• Cloudflare: Content delivery network (CDN), DDoS protection, and security services. Cloudflare processes traffic data to provide these services and is GDPR compliant.

We maintain a list of all sub-processors and will notify you of any material changes. All sub-processors are required to implement appropriate technical and organizational measures to protect your data.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or respond to lawful requests
• To protect our rights, privacy, safety, or property
• With service providers who assist us in operating our platform (under strict confidentiality agreements)
• In connection with a business transfer or merger

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided in the Contact section below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our platform and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: