Privacy Policy

The controller responsible for the processing of personal data described in this Privacy Policy is:

For the purposes of applicable data protection law, tinyworker UG (haftungsbeschränkt) is the controller of your personal data.

This Privacy Policy explains how we process personal data that we collect from you, that you provide to us, or that is generated when you use our website or our mobile applications.

This Privacy Policy applies to our website and our mobile applications.

Where this Privacy Policy refers to “website” or “mobile apps”, this refers to the respective services operated by tinyworker UG (haftungsbeschränkt), unless stated otherwise.

In connection with your use of our website and mobile apps, we may collect the following categories of personal data:

Contact and communication data that you provide when you contact us, including by email to support@tinyworker.com or otherwise contact us (for example your name, email address, the content of your message, and any other information you choose to provide).

Technical data and server log data generated when you access our website or our mobile apps, including IP address, date and time of access, requested content, device or browser information, operating system, language settings, referrer URL, and other log information required to provide and secure our services.

Usage data relating to how you use our website or our mobile apps, such as pages or screens viewed, interactions with content, session information, app usage events, and similar information about how our services are accessed and used.

Analytics and diagnostic data, including information collected through analytics or crash-reporting tools, such as Google Analytics, Firebase Analytics, Firebase Crashlytics, or similar services, where such tools are enabled.

Advertising-related data, including information that may be collected in connection with advertising services or campaigns for our apps or services, for example through Google Ads, Meta advertising services, or similar providers, where such services are used.

Account and profile data, where a mobile app offers user accounts or login functionality, such as username, email address, account identifiers, authentication information, and other data required to create, maintain, and secure an account.

Transaction data, where a mobile app offers in-app purchases or subscriptions, such as information about purchases, subscription status, transaction identifiers, and information received from platform providers such as Apple or Google in connection with payment processing and purchase validation.

Content and permission-based data, where required by a specific app feature, including photos, camera input, microphone input, and related files or media that you choose to provide or make accessible to the app.

Data relating to the use of embedded third-party content, where such content is included on our website or in our mobile apps, for example YouTube videos.

Data processed through external infrastructure and service providers used in connection with our services, including providers for communication, hosting, backend, analytics, and productivity services, such as Microsoft 365, Google Workspace, Amazon Web Services (AWS), Firebase, or similar providers, where applicable.

We generally receive personal data directly from you, from your device when you use our services, from platform providers such as Apple or Google, and from service providers that support the operation, analysis, security, advertising, or delivery of our website and mobile apps.

Some data is only collected if a particular website function, mobile app feature, third-party service, login system, purchase flow, or permission-based feature is actually enabled and used.

We process personal data for the following purposes, as applicable to our website and mobile apps:

To provide, operate, maintain, and improve our website and mobile apps.

To ensure the security, stability, performance, and integrity of our website, mobile apps, systems, and infrastructure.

To respond to support requests, user inquiries, and other communications sent to us, including via support@tinyworker.com.

To analyze usage of our website and mobile apps, diagnose technical issues, detect errors, and improve user experience, functionality, and content.

To provide account-related features, authenticate users, manage user profiles, and enable login functionality where such features are offered.

To provide app-specific features that require access to user-provided content or device permissions, including features involving photos, camera access, microphone access, or media files, where such features are enabled by the user.

To process and validate in-app purchases, subscriptions, and related transactions, including communicating with platform providers such as Apple and Google where required.

To deliver, host, support, and administer our services using external infrastructure and service providers, including providers for hosting, backend services, communication, analytics, diagnostics, and productivity tools.

To display or enable embedded third-party content, such as YouTube videos, where such content is included in our website or mobile apps.

To promote our apps and services, support advertising campaigns, measure the performance of advertising activities where applicable, and improve the visibility and reach of our offerings.

To comply with legal obligations, enforce our rights, prevent misuse, and establish, exercise, or defend legal claims.

We process personal data on one or more of the following legal bases, depending on the specific processing activity:

Art. 6 (1) sentence 1 lit. (a) GDPR, where you have given your consent.

Art. 6 (1) sentence 1 lit. (b) GDPR, where processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.

Art. 6 (1) sentence 1 lit. (c) GDPR, where processing is necessary for compliance with a legal obligation to which we are subject.

Art. 6 (1) sentence 1 lit. (f) GDPR, where processing is necessary for the purposes of our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms do not override those interests.

In particular, we generally rely on Art. 6 (1) sentence 1 lit. (f) GDPR for the operation, security, technical provision, administration, and improvement of our website, mobile apps, systems, and infrastructure, as well as for support handling, fraud prevention, misuse prevention, and the establishment, exercise, or defense of legal claims.

We generally rely on Art. 6 (1) sentence 1 lit. (b) GDPR where processing is necessary to provide app functionalities requested by you, to manage user accounts, to provide login functionality, or to process and validate in-app purchases, subscriptions, and related transactions.

We generally rely on Art. 6 (1) sentence 1 lit. (a) GDPR where consent is required, in particular for certain analytics, advertising-related processing, or permission-based features, where applicable.

We generally rely on Art. 6 (1) sentence 1 lit. (c) GDPR where we are legally required to retain or disclose certain data, for example under commercial, tax, or other applicable legal obligations.

We may disclose personal data to third parties where this is legally permitted and necessary for the purposes described in this Privacy Policy, in particular in the following cases:

where you have given your consent pursuant to Art. 6 (1) sentence 1 lit. (a) GDPR;

where the disclosure is necessary for the performance of a contract with you or for steps taken at your request before entering into a contract pursuant to Art. 6 (1) sentence 1 lit. (b) GDPR;

where the disclosure is necessary for compliance with a legal obligation pursuant to Art. 6 (1) sentence 1 lit. (c) GDPR;

where the disclosure is necessary for our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. (f) GDPR, including for the establishment, exercise, or defense of legal claims, provided that your interests or fundamental rights and freedoms do not override those interests.

We may share personal data with service providers and processors that support the operation of our website and mobile apps, including providers for email and communication services, hosting, cloud infrastructure, backend services, analytics, diagnostics, customer support, app functionality, productivity tools, embedded content, and advertising-related services.

Depending on the service used, recipients may include, in particular, providers such as Microsoft 365, Google Workspace, Amazon Web Services (AWS), Firebase, Google, Meta, YouTube, Apple, and Google Play, or comparable providers engaged by us from time to time.

Where personal data is transferred to recipients located outside the European Union (EU) or the European Economic Area (EEA), we take appropriate measures to ensure an adequate level of data protection in accordance with applicable law. Such measures may include an adequacy decision of the European Commission or the use of standard contractual clauses or comparable safeguards, where required. Additional information on data processing by specific providers may be available in the respective provider privacy notices, for example:

• Google / Firebase
• Meta
• Microsoft
• Amazon Web Services (AWS)
• YouTube

We may also disclose personal data to courts, authorities, advisors, or other third parties where necessary to comply with legal obligations, enforce our rights, investigate misuse, or establish, exercise, or defend legal claims.

Our website and mobile apps may contain links to third-party websites or services.

If you follow such a link or access a third-party service, the processing of your personal data by that third party is governed by that third party’s own privacy policy and terms.

We are not responsible for the content, privacy practices, or data processing activities of third-party websites or services.

We recommend that you review the privacy policies of any third-party websites or services before providing personal data to them.

We store personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide our services, respond to inquiries, operate our website and mobile apps, comply with legal obligations, resolve disputes, and enforce our rights.

The actual storage period may vary depending on the type of data and the purpose of processing, including whether we are required to retain data for legal, tax, accounting, commercial, or security-related reasons.

If personal data is no longer required for the purposes for which it was collected, we will delete it or restrict its processing, unless continued retention is required or permitted by applicable law.

In some cases, we may anonymize personal data so that it can no longer be associated with an identified or identifiable individual. In that case, we may continue to use such anonymized data without further notice.

Our website may use cookies and similar technologies where this is technically necessary or otherwise legally permitted.

At present, we do not use cookies on our website for general analytics or advertising purposes unless such functionality is specifically enabled.

If cookies or similar technologies are used in connection with embedded third-party content, analytics tools, or other optional website features, the related processing will only take place where such functionality is active and, where required, after any necessary consent has been obtained.

You can generally configure your browser to block or delete cookies. Please note that some website functions may not work properly if cookies are disabled.

We may use analytics and diagnostic tools in connection with our website and mobile apps in order to understand usage, improve functionality, detect technical problems, and maintain the performance and reliability of our services.

For our website, this may include tools such as Google Analytics, where enabled.

For our mobile apps, this may include tools such as Firebase Analytics and Firebase Crashlytics, or similar analytics and crash-reporting services, where enabled.

Such tools may process technical data, device information, usage data, app events, crash information, and similar diagnostic or statistical information.

Where required by applicable law, we will obtain any necessary consent before using analytics technologies.

Our website and mobile apps may contain links to our profiles or presences on social media platforms.

We do not currently use social media plug-ins on our website or in our mobile apps that automatically transmit personal data to social media providers merely because you visit our services, unless such functionality is specifically enabled.

If you choose to visit one of our social media profiles or interact with social media features, the processing of your personal data is governed by the respective provider’s privacy policy.

Our website or mobile apps may include embedded videos or other content provided by YouTube.

If YouTube content is embedded and accessed, personal data such as technical usage data, device information, IP address, and interaction data may be processed by YouTube or Google.

YouTube content is only processed where such content is actually embedded and used.

We may use advertising services to promote our apps and services, in particular through providers such as Google Ads and Meta advertising services.

At present, we do not intend to use website-based conversion tracking unless such functionality is specifically enabled in the future.

Our mobile apps may include advertising-related services or SDKs where applicable.

Where advertising-related technologies process personal data and consent is required by applicable law, we will obtain such consent before using those technologies.

The right to request access to your personal data processed by us pursuant to Art. 15 GDPR.

The right to request the rectification of inaccurate personal data or the completion of incomplete personal data pursuant to Art. 16 GDPR.

The right to request the erasure of your personal data pursuant to Art. 17 GDPR.

The right to request the restriction of processing of your personal data pursuant to Art. 18 GDPR.

The right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, pursuant to Art. 20 GDPR.

Where processing is based on your consent, the right to withdraw your consent at any time with effect for the future pursuant to Art. 7 (3) GDPR.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Where we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. (f) GDPR, you have the right to object to such processing pursuant to Art. 21 GDPR on grounds relating to your particular situation.

Where your personal data is processed for direct marketing purposes, you have the right to object to such processing at any time pursuant to Art. 21 GDPR.

If you wish to exercise your right to object or withdraw your consent, you can contact us at mail@tinyworker.com.

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

Our security measures are reviewed and updated as appropriate in light of technological developments, the nature of the processing, and the associated risks.

We may update this Privacy Policy from time to time, in particular where this is necessary due to changes to our website, mobile apps, services, legal requirements, or data processing activities.

The version of this Privacy Policy published on our website at the time of your visit applies.

Unless otherwise stated, changes to this Privacy Policy take effect when the updated version is published.