Privacy Policy

Created on 29 March, 2026 • 3 minutes read

How TinyBell collects, uses, and protects your data. GDPR compliant.

Privacy Policy

Last updated: March 2026

TinyBell ("we", "our", "us") operates the TinyBell hotel direct booking widget platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

1. Information We Collect

Account Information

When you register, we collect your name, email address, billing information, and hotel/business details. This information is necessary to provide the service.

Usage Data

We collect data about how you use TinyBell, including campaign settings, widget configurations, and feature preferences. This helps us improve the platform and provide you with relevant analytics.

Widget Analytics Data

When your visitors interact with TinyBell widgets on your hotel website, our pixel collects: anonymised IP addresses (used only for variant assignment in A/B testing and geographic analytics), browser user-agent strings, page URL, impression and click timestamps. We do not collect personal data about your website visitors without their consent.

Payment Information

Payments are processed by Stripe. We do not store card numbers or full payment details on our servers. We receive only a tokenised reference and the last 4 digits of your card.

2. How We Use Your Information

  • To provide, operate, and maintain the TinyBell platform
  • To process payments and send billing notifications
  • To send transactional emails (account alerts, password reset, invoices)
  • To send product updates and announcements (you can unsubscribe at any time)
  • To provide customer support
  • To detect and prevent fraud or abuse
  • To improve the platform through aggregated, anonymised analytics

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are based in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance: processing needed to provide the service you signed up for
  • Legitimate interests: improving the platform, preventing fraud, security monitoring
  • Legal obligation: tax records, invoicing requirements
  • Consent: marketing communications (you can withdraw consent at any time)

4. Data Retention

We retain account data for as long as your account is active. Campaign analytics data (impressions, clicks, variant assignments) is retained for 24 months from collection and then automatically deleted. After you close your account, we retain minimal records for 6 months for legal and billing purposes, then permanently delete your data.

5. Cookies and Tracking

TinyBell uses essential cookies for authentication and session management. Our analytics pixel does not use cookies to track your hotel visitors — variant assignment is done server-side using an anonymised hash of IP and user-agent. For full details, see our Cookie Policy.

6. Data Sharing

We share data only with trusted sub-processors necessary to operate the service:

  • Stripe — payment processing
  • Amazon Web Services (AWS) — cloud hosting and file storage
  • Mailgun / Postmark — transactional email delivery

All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

7. Data Security

We implement industry-standard measures including TLS encryption in transit, encrypted storage for sensitive fields, regular security audits, and strict access controls. No method of transmission over the internet is 100% secure; however, we take every reasonable precaution to protect your data.

8. Your Rights

Under GDPR and equivalent laws, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at info@thetinybell.com. We will respond within 30 days.

9. International Transfers

TinyBell is operated from within the EU/EEA. If data is transferred outside the EEA (e.g., to AWS US regions for redundancy), we rely on Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

TinyBell is a B2B service intended for hotel and hospitality professionals. We do not knowingly collect data from individuals under 18. If you believe a minor has submitted data to us, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before any material changes take effect. Continued use of TinyBell after the effective date constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or to exercise your rights:

TinyBell
Email: info@thetinybell.com
Data Controller: TinyBell SRL
Registered in the Dominican Republic

We comply with the EU General Data Protection Regulation (GDPR) for all users located in the European Economic Area (EEA).