Privacy Policy

Effective date: March 27, 2026

This Privacy Policy describes how Tiny Shops ("we", "our", "us") collects, uses, and shares information when you use the Tiny Shops platform ("Service"), including the setup wizard at launcher.tiny-shops.com and the merchant dashboard at dashboard.tiny-shops.com.

1. Who We Are

Tiny Shops is the data controller for information collected through this Service. Contact us at hello@tiny-shops.com.

2. Information We Collect

  • Telegram identity: Telegram user ID, username, first and last name — provided by Telegram when you open the Mini App.
  • Bot token: The Telegram bot token you provide during setup, stored encrypted at rest.
  • Shop details: Shop name (subdomain), admin email address (your password is stored as a bcrypt hash — never in plaintext).
  • Store content: Products, categories, orders, and customer data that you, as a merchant, upload to your store.
  • Usage data: Page views, events, and interactions collected by PostHog and Google Analytics.
  • Payment records: Subscription status, billing interval, and Telegram Stars transaction IDs received via Telegram webhook. We do not store card numbers or financial account details.

3. How We Use Your Information

  • To provide, operate, and improve the Service.
  • To authenticate you and secure your account.
  • To process subscription payments via Telegram Stars.
  • To send transactional communications (order notifications, billing alerts) through Telegram bots.
  • To analyse product usage and fix bugs (PostHog, Google Analytics).

4. Third-Party Data Processors

We share your data with the following processors only to the extent necessary to operate the Service:

  • Telegram — messaging infrastructure and Stars payment processing. Privacy Policy
  • PostHog — product analytics. Privacy Policy
  • Google LLC — Google Analytics and Google Ads conversion tracking. Privacy Policy
  • Fly.io — application hosting and infrastructure. Privacy Policy
  • Database hosting provider (Neon / Supabase) — encrypted PostgreSQL storage.

5. Telegram Stars Payments

Subscription payments are processed natively by Telegram using Telegram Stars (XTR). We receive only a webhook confirmation containing the transaction ID and amount. We do not process, store, or have access to any financial credentials.

6. Data Retention

  • Account and store data: retained while your subscription is active and for 30 days after cancellation, then deleted upon request.
  • Application logs: retained for 90 days.
  • Analytics events: retained per PostHog / Google Analytics default policies.

7. Your Rights (GDPR & Applicable Law)

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict processing of, or obtain a portable copy of your personal data, and to object to certain processing. To exercise these rights, email us at hello@tiny-shops.com. We will respond within 30 days.

8. Cookies & Analytics

We use PostHog and Google Analytics cookies to understand how users interact with the Service. These are analytics cookies; no advertising profile is built for third-party targeting. You may opt out by using browser settings or the PostHog opt-out mechanism.

9. Children

The Service is not directed to persons under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately.

10. Changes to This Policy

We may update this policy. Material changes will be announced via the dashboard notification system or by email. Continued use of the Service after changes constitutes acceptance.

11. Governing Law

This policy is governed by the laws of the jurisdiction in which Tiny Shops is incorporated. For EU residents, we comply with GDPR obligations.

12. Contact

For privacy questions or data requests: hello@tiny-shops.com

← Back to setup

Privacy Policy | Tiny Shops