Tinylytics Logo
Sign in
Sign up
View .md

Privacy Policy

Last updated: February 2026

This document outlines the information gathering and data handling practices for Tinylytics and its associated services.

Information Collection

We use Sentry.io for error monitoring (only your customer ID is logged on application errors) and Cloudflare for platform security and CDN. Server logs are filtered of sensitive data, deleted after 7 days, and do not contain client IPs unless someone attempts to circumvent Cloudflare. Log access is limited to debugging and security; we do not link this data to individual identities.

Payment Processing

For payment processing, Tinylytics uses Paddle and Lemon Squeezy (a Stripe company). Please refer to their respective privacy policies for detailed information.

We do not store or maintain any credit card information on our servers.

Security Measures

We implement comprehensive security measures to protect against unauthorized access, alteration, or misuse of your information. All data transmission is secured using SSL encryption.

Platform security is enhanced through Cloudflare, providing protection against malicious activities.

Third-Party Data Handling

We maintain strict data privacy standards. We do not sell your data.

We share limited data only when needed for essential operations, including: - debugging and error monitoring, - image delivery, - optional AI insights (described below), and - optional API geolocation fallback lookups.

When you send ip_address in the hit ingestion API, Tinylytics first resolves country using a local lookup on our own infrastructure. If local resolution fails, Tinylytics may send that IP address to IPinfo to resolve a country code. The raw IP is not stored in Tinylytics hits.

When you opt in to AI insights, only aggregated analytics data is shared with our AI providers to generate insights. This data is not used for model training.

Analytics

We use our own analytics solution exclusively on our homepage, demonstrating our commitment to privacy-first analytics.

AI Insights

Optional AI Insights use third-party AI providers (including xAI and Google Gemini) to analyze your aggregated analytics data.

This feature is completely opt-in — it is disabled by default. When enabled, we send only aggregated data (traffic counts, daily patterns, top paths, referrers) to our AI providers. No personally identifiable information about your visitors is shared. We use paid API plans; your data is not used for model training. You can enable or disable this at any time from your account settings.

We do not use tracking cookies.

We use a single essential session cookie to maintain your login state. This cookie is removed when you log out.

Uptime Monitoring

Uptime monitoring is powered by updown.io. No personal data is sent to updown.io. We send only the site URL and unique site ID needed for monitoring.

Contact

If you have questions about this privacy policy, please contact us at [email protected].