TinyAffiliate

Privacy Policy

Last updated: 9 November 2025

This Privacy Policy explains how TinyAffiliate (“we”, “us”, “our”) collects, uses, and shares personal data when you use our website and services.

Who is responsible (Controller)

Controller: TinyAffiliate, Lisbon, Portugal.
Contact for privacy requests: support@tinyaffiliate.com

Scope

This policy applies to the TinyAffiliate web application, dashboards, and public pages on tinyaffiliate.com and to short links served via tnflt.com.

Data we collect

  • Account & auth data: email address (for magic link), Google profile basics (name, email) if you choose Google sign-in.
  • Operational data: affiliate link definitions (shortId, product URL, commission %), click counters, sales totals and revenue per link.
  • Stripe events: we process payment notifications (e.g., checkout.session.completed) to update sales/revenue. We do not receive or store full card details.
  • Technical data: IP address, device/browser info, timestamps, cookies required for authentication and session security.
  • Support data: messages you send to us (e.g., email requests).

How we use data (purposes & legal bases)

  • Provide the service (create links, track clicks/sales, dashboards, CSV export) — performance of a contract.
  • Authentication & security (sign-in, session management, abuse prevention) — legitimate interests and performance of a contract.
  • Payments & billing (processing Stripe events, plan status) — performance of a contract and legal obligations.
  • Support & communication (responding to you) — legitimate interests.
  • Improvement (debugging, reliability, analytics) — legitimate interests.
  • Marketing communications (optional) — consent where required; you can opt out anytime.

Cookies & similar technologies

We use strictly necessary cookies for authentication/session (e.g., NextAuth cookies) and to enforce 30-day referral attribution for redirects. If we introduce additional analytics or marketing cookies, we will update this policy and (where required) ask for your consent.

Processors & third parties

We share data with trusted service providers who process it on our behalf strictly for the purposes above:

  • Hosting & deployment: Vercel.
  • Database: MongoDB Atlas (Mongoose).
  • Authentication: NextAuth (Google OAuth, email magic links).
  • Payments: Stripe (Checkout, Webhooks). We do not store card numbers.
  • Email delivery: Your configured SMTP/ESP (e.g., Resend or equivalent) for magic links and notices.
  • Error logs/ops: Only as needed for reliability and security.

We may disclose information if required by law, to protect rights/safety, or in a merger/acquisition (you will be notified where required).

International transfers

We may process data in countries outside your own. Where applicable, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and work with reputable providers to protect your data.

Data retention

  • Account & auth data: kept while your account is active; deleted upon request, subject to legal holds.
  • Operational/link data: kept while your account is active; you can delete links at any time.
  • Stripe events & billing records: retained per tax/accounting laws.
  • Logs & security data: retained for a limited period for safety and diagnostics.

Your rights (GDPR/EEA/UK)

You may have the right to access, rectify, erase, restrict or object to processing, portability, and to withdraw consent (where used). You can also lodge a complaint with your local supervisory authority.

To exercise your rights, email support@tinyaffiliate.com. We may need to verify your identity.

Security

We implement reasonable technical and organizational measures (encryption in transit, least-privilege access, environment-segregated secrets). No method is 100% secure; please use a strong, unique email account and keep your devices safe.

Children

TinyAffiliate is intended for use by adults and is not directed to children under 16. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy to reflect changes to our practices or for legal reasons. We will update the “Last updated” date and, where required, notify you within the service.

Contact

For any privacy question or request, contact us at support@tinyaffiliate.com.