Privacy Policy

1. Who We Are

tinyGRID ("we," "us," or "our") provides an online floor planning and layout application. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use tinyGRID.

If you do not agree with this Policy, please do not use the Service.

2. Personal Data We Collect

We collect the following categories of personal data:

• Account Data: Email address, password (hashed), display name, and any profile details you choose to provide.
• Billing Data: Limited payment‑related information such as billing name, billing address, and transaction history. Full payment details (e.g., card numbers) are processed and stored by Stripe, not tinyGRID.
• Usage Data: IP address, device and browser information, pages viewed, in‑app actions, and other analytics or log data.
• Support Data: Information you provide when you contact us (e.g., email content, attachments).
• Project Data: Floor plans and other content you create in tinyGRID, which may contain personal data if you choose to include it.

We do not intentionally collect sensitive categories of data unless you choose to include such information within your content, which you should avoid where possible.

3. How We Collect Data

We collect data in the following ways:

• Directly from you when you register, update your account, create content, or contact support.
• Automatically via cookies, local storage, and similar technologies when you use the Service.
• From third‑party services we integrate with, such as Stripe (payment confirmations) and Supabase (authentication and database storage).

4. Legal Bases for Processing (GDPR/UK GDPR)

If you are in the EEA, UK, or Switzerland, we process your personal data on the following legal bases:

• Performance of a contract: To create and manage your account, provide the Service, and process payments.
• Legitimate interests: To secure and improve the Service, prevent fraud and abuse, understand usage, and support business operations, provided such interests are not overridden by your rights.
• Consent: For certain analytics, cookies, or marketing communications where required by law. You may withdraw consent at any time.
• Legal obligations: To comply with tax, accounting, and other legal requirements.

5. How We Use Personal Data

We use personal data to:

• Provide, operate, and maintain the Service.
• Authenticate you and secure your account.
• Process payments and manage subscriptions.
• Save and render your floor plans and project data.
• Communicate with you about your account, updates, and support.
• Monitor and improve performance, usability, and security.
• Comply with legal obligations and enforce our Terms.

6. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Keep you signed in and maintain session state.
• Remember your preferences (e.g., theme, view settings).
• Perform analytics and understand how users interact with the Service.

If required in your region, we will present a cookie banner or preferences tool to obtain consent for non‑essential cookies. You can manage cookie preferences through your browser or our in‑app controls, though disabling certain cookies may limit functionality.

7. How We Share Personal Data

We share personal data only as necessary and with appropriate safeguards:

• Service providers:
  • Supabase (hosting, authentication, database).
  • Stripe (payment processing).
  • Analytics, logging, and email service providers.
• Legal and compliance: When required by law, legal process, or to respond to lawful requests by public authorities.
• Business transfers: In connection with a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to continued protection.

We do not "sell" personal information for monetary consideration, and we do not share personal information for cross‑context behavioral advertising in a way that would constitute "sale" or "sharing" under CCPA/CPRA.

8. International Data Transfers

Our service providers may process personal data in countries outside your own, including the United States.

• When transferring personal data from the EEA/UK/Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms as provided by our vendors (for example, Stripe's SCCs and participation in the Data Privacy Framework).
• For Supabase, you can typically choose hosting regions; projects dealing with EU personal data should select an appropriate region and implement additional GDPR measures as needed.

9. Data Retention

We retain personal data for as long as reasonably necessary to:

• Provide and maintain your account and the Service.
• Fulfill the purposes described in this Policy.
• Comply with legal, tax, and accounting requirements.
• Resolve disputes and enforce our agreements.

When your account is deleted, we will delete or anonymize your personal data within a reasonable period, except where we are required or permitted to retain certain information by law (for example, billing records).

10. Your Rights (GDPR/UK GDPR)

If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data, subject to certain conditions:

• Right of access: Obtain confirmation and a copy of your personal data we hold.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data in certain circumstances.
• Right to restriction: Request restriction of processing in certain cases.
• Right to data portability: Receive your personal data in a structured, commonly used format and transmit it to another controller where technically feasible.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: When processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@tinygrid.net. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority.

11. Your Rights (California – CCPA/CPRA)

If you are a California resident, you have the following rights with respect to your personal information:

• Right to know: Request details about the categories and specific pieces of personal information we have collected, used, disclosed, and the sources and purposes.
• Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out of sale/sharing: tinyGRID does not sell or share personal information as defined by CCPA/CPRA; if this changes, we will update this Policy and provide an opt‑out mechanism.
• Right to non‑discrimination: We will not discriminate against you for exercising your CCPA rights.

You can submit a verifiable consumer request by emailing privacy@tinygrid.net. We may need to verify your identity and residence before fulfilling your request.

12. Children's Privacy

tinyGRID is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us and we will take steps to delete such data.

13. Security

We implement technical and organizational measures to protect personal data, including encryption in transit, access controls, and secure hosting.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Third‑Party Links

The Service may contain links to third‑party websites or services. We are not responsible for the privacy practices of such third parties, and we encourage you to review their policies before providing personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we do, we will update the "Last updated" date at the top, and if changes are material, we will provide additional notice (for example, via email or in‑app notification).

Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised Policy.

16. Contact Us

For questions or requests related to this Privacy Policy or your personal data, please contact:

• Email: privacy@tinygrid.net