Privacy Policy (Tinyhelpr)
Effective date: 13 February 2026
This Privacy Policy explains how Tinyhelpr (“we”, “us”, “our”) collects, uses, and shares information when you use our website and services (the “Service”), including the Tinyhelpr AI chatbot, lead capture, ticketing, knowledge base, webhooks, and related functionality.
Controller (Data Controller)
Tinyhelpr
Karlsruhe, Baden-Württemberg, Germany
Email: support@tinyhelpr.com
1. Scope
This Privacy Policy applies to:
visitors of the Tinyhelpr website,
customers who create a Tinyhelpr account (“Customers”), and
visitors of Customer websites where the Tinyhelpr widget is embedded (“End Users”).
2. Roles under GDPR (Controller vs Processor)
For Customer account and billing data, Tinyhelpr acts as the Data Controller.
For End User data collected through the embedded widget on a Customer’s website, the Customer is typically the Data Controller, and Tinyhelpr acts as a Data Processor processing data on the Customer’s behalf to provide the Service.
If you are an End User, the website owner you are interacting with controls how your data is used. In most cases, you should contact that website owner first for privacy requests.
3. Information we collect
We collect information depending on how you interact with the Service:
A) Account and profile information (Customers)
When you sign up, we may collect your name, email address, organization/company details, login/security details, and your configuration settings (e.g., widget settings, team access settings).
B) Billing and payment information (Customers)
If you purchase a paid plan, payments are processed by payment providers such as PayPal and Stripe. We receive transaction metadata (e.g., plan, amount, timestamps, payment status) but typically do not store full payment card details on our servers.
C) Customer Content (Customers)
To power the chatbot, you may provide text, FAQs, knowledge base entries, website content, documents, images (if enabled), instructions, and other materials (“Customer Content”). We process this content only to provide and maintain the Service.
D) Chat, ticket, and form data (End Users and Customers)
Depending on configuration, the chatbot and related forms may process:
messages typed into the chat,
contact details (e.g., name, email, phone) if lead capture is enabled,
ticket details (e.g., subject, description, attachments) if ticketing is enabled,
and conversation metadata (timestamps, page URL where chat occurred).
E) Technical and usage data
We collect standard logs and usage data such as IP address, browser/device type, approximate location (derived from IP), timestamps, referring pages, and interactions with our site and Service. This helps us secure and operate the Service and understand performance.
F) Cookies and similar technologies
We may use cookies (or similar technologies) for essential functions (e.g., login/session management), preferences, security, and performance measurement. Where required by law, we will request consent for non-essential cookies.
4. How we use information
We use personal data to:
provide, operate, maintain, and improve the Service,
authenticate users and administer accounts,
process subscriptions and payments,
deliver support and communicate service-related notices,
prevent fraud, abuse, and security incidents,
enforce plan limits and feature availability,
analyze usage to improve product performance and reliability.
5. AI processing and generated responses
Tinyhelpr uses automated systems to generate responses based on Customer Content and conversation context. AI outputs may be inaccurate or incomplete. Customers control what information is provided to the bot and how it is configured (including escalation to humans/tickets). End Users should avoid sharing sensitive information unless the Customer explicitly requests it and has a lawful basis to process it.
6. Legal bases (GDPR / EU)
Where GDPR applies, Tinyhelpr processes personal data under these legal bases as applicable:
Contract (Art. 6(1)(b)) to provide the Service to Customers,
Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, and service improvement,
Legal obligation (Art. 6(1)(c)) for compliance (e.g., tax/accounting),
Consent (Art. 6(1)(a)) where required (e.g., non-essential cookies, certain marketing).
When Tinyhelpr acts as a Processor for End User data, processing is performed under the Customer’s instructions and legal basis.
7. How we share information
We do not sell personal data. We share data only as necessary:
A) Service providers (subprocessors)
We use vendors for hosting, infrastructure, communications, analytics, customer support tooling, and payments. Examples include Hostinger (hosting) and PayPal/Stripe (payments). These providers process data only to perform services for us and under appropriate contractual safeguards.
If you are a Customer and need a current list of key subprocessors, you can request it via support@tinyhelpr.com.
B) Integrations and webhooks
If you enable webhooks or integrations, data may be sent to destinations you configure (e.g., CRMs, automation tools). You are responsible for ensuring you have the legal basis and proper notices for such transfers.
C) Legal and safety
We may disclose information if required by law or to protect rights, security, and integrity of Tinyhelpr, our Customers, End Users, or the public.
D) Business transfers
If Tinyhelpr is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction, subject to appropriate safeguards.
8. International data transfers
Some service providers may process data outside the European Economic Area (EEA). Where required, we use appropriate safeguards such as EU Standard Contractual Clauses and additional measures as needed.
9. Data retention
We retain personal data only as long as necessary to provide the Service and for legitimate business and legal purposes:
Account data is retained while your account is active and as needed thereafter for compliance and dispute resolution.
Chat/ticket data is retained according to Service functionality and your settings, and may be deleted upon request (subject to legal obligations).
Technical logs are retained for a limited period for security and troubleshooting.
Customers can request deletion of their account data by contacting support@tinyhelpr.com.
10. Security
We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, and misuse. No system can be guaranteed 100% secure. Customers are responsible for maintaining strong passwords and controlling access to their accounts.
11. Your rights (GDPR)
Depending on your location and applicable law, you may have rights to:
access your data, correct it, delete it, restrict processing, object to processing, and receive a copy (data portability). You may also withdraw consent where processing is based on consent.
Customers (account holders) can contact support@tinyhelpr.com to exercise rights regarding data for which Tinyhelpr is the controller.
End Users should typically contact the website owner (the Customer) first, since the Customer controls the embedded chatbot experience and purposes.
12. Children’s privacy
Tinyhelpr is not intended for children under 13 (or the minimum age required by local law). We do not knowingly collect personal data from children.
13. Marketing communications
If we send marketing emails, you can opt out at any time using the unsubscribe link (where available) or by contacting support@tinyhelpr.com. Service and billing emails may still be sent when necessary to operate your account.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The “Effective date” will reflect the most recent version. Material changes will be communicated via the website or within the Service where appropriate.
15. Contact
For privacy questions or requests, contact:
support@tinyhelpr.com
Tinyhelpr, Karlsruhe, Baden-Württemberg, Germany