Privacy Policy

At Tiny Times, we believe privacy is a gift worth giving — especially when children are involved. This Privacy Policy explains what information we collect when you use Tiny Times at tinytimes.co, how we use it, and the choices you have. We've written it in plain English because legal jargon shouldn't be the thing standing between you and understanding how your family's data is handled.

Tiny Times is a service for adults. You must be 18 years or older to create an account or use our service. Children are the subjects of the birthday newspapers we create — they are not our users and they do not submit data to us directly. All information about a child is provided by a parent or guardian on that child's behalf.

1. What We Collect

Account Information

When you create an account, we collect your email address and a password (stored as a secure hash — we never see your actual password). That's it. We don't ask for your name, address, phone number, or anything else to get started.

Birthday Intake Form Data

To generate a newspaper, you fill out a short form. We collect what you tell us, which may include:

• The child's first name, age, and optional birthday
• Their favorite animal, colors, or interests
• Funny quirks, phrases they say, or things they love
• Family member names and optional quotes
• Party details (date, location, theme)

You decide what to share. We use only what you provide, and we'll never ask for a child's last name, school, address, or any sensitive identifying information. We don't need it, and we don't want it.

Generated Content

We store the newspaper we create for you — the text, layout, and illustration — so you can access it later from your dashboard. This content belongs to you; see Section 8 (Intellectual Property) in our Terms of Service for details.

Usage Data

We collect basic technical information when you use the site: your browser type, device type, approximate location (country/region), pages visited, and how long you spend on them. This helps us understand how people use Tiny Times and fix things that aren't working. We do not build behavioral profiles or use this data for advertising.

Payment Information

We don't store your credit card details. Payments are handled entirely by our payment processor, and only a transaction confirmation and the amount paid pass through our systems.

2. How We Use Your Information

We use your information to do one thing well: make your newspaper.

Specifically, we use it to:

• Generate personalized newspaper content based on what you tell us about your child
• Create a custom illustration that matches your child's theme
• Save your newspaper to your account so you can access it any time
• Send you a confirmation email when your account is created
• Process your payment and deliver your PDF
• Respond to support requests you send us
• Improve Tiny Times over time (using aggregated, anonymized patterns — not your personal data)

We do not use your data for advertising. We do not sell your data. We do not build profiles for marketing purposes. We do not train AI models on your family's personal information.

3. Who We Share Your Information With

We do not sell, rent, or trade your personal information. We share it only in these circumstances:

Service Providers

We use trusted third-party service providers for hosting, content generation, image creation, and payment processing. These providers are contractually bound to protect your data and may only use it to perform services on our behalf. They are not permitted to use your information for their own marketing or to share it with others.

When you submit the intake form, the information you provide is sent to our content and image generation providers to produce the newspaper. This is the core function of the service. Please do not include sensitive information (like a child's full legal name, school, or home address) in the intake form — it isn't needed, and we'd prefer you don't share it.

Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our legal rights, the safety of any person, or to investigate fraud.

Business Transfers

If Tiny Times is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information is subject to a materially different privacy policy.

4. Children's Privacy

Tiny Times is not directed at children under 13, and we do not knowingly collect personal information directly from children. Our service is for adults — parents and guardians — who use it to create content about their children.

Any information about a child that appears in a Tiny Times newspaper was submitted by a parent or guardian who consented to its use on the child's behalf. We treat this data with extra care: we use it only to generate the requested newspaper, we don't share it beyond what's necessary to perform that service, and we delete it when you ask us to.

If you believe we have inadvertently collected information from a child under 13 without appropriate parental consent, please contact us immediately at [email protected] and we will delete it promptly.

This policy is intended to comply with the Children's Online Privacy Protection Act (COPPA).

5. Data Retention

We keep your data for as long as you have an account with us. Specifically:

• Account data (email): Retained until you delete your account.
• Newspaper content and intake form data: Retained until you delete the newspaper from your dashboard or close your account.
• Generated illustrations: Retained in the same way as newspaper content.
• Payment records: Retained for 7 years as required by US tax law.
• Usage data (logs): Retained for up to 90 days, then automatically deleted or anonymized.

When you delete content or close your account, we delete your data from our active systems within 30 days. Backups may retain the data for up to 90 days before they are rotated out and permanently deleted.

6. Security

We take reasonable steps to protect your information from unauthorized access, loss, or misuse. These include:

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using industry-standard algorithms — we never store them in plain text
• Database access is restricted and authenticated
• Our service providers are vetted and contractually required to maintain security standards

No system is perfectly secure. If you believe your account has been compromised, please contact us immediately at [email protected].

7. Your Rights

Regardless of where you live, you can always:

• Access your data — request a copy of the personal information we hold about you
• Correct your data — ask us to fix inaccurate information
• Delete your data — request deletion of your account and all associated data
• Object to processing — ask us to stop using your data in a particular way

To exercise any of these rights, email us at [email protected] with the subject line “Privacy Request.” We'll respond within 30 days.

For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15) — obtain confirmation of whether we process your data and receive a copy
• Right to rectification (Art. 16) — correct inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion (“right to be forgotten”)
• Right to restriction (Art. 18) — limit how we use your data
• Right to portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to object (Art. 21) — object to processing based on our legitimate interests

Our legal basis for processing your data is contract performance (to provide the service you requested) and legitimate interests (to operate and improve the service). We do not rely on consent as a basis for processing, except where explicitly noted.

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your rights under GDPR.

For California Residents (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you, and how we use and share it
• Right to delete — request deletion of your personal information, subject to certain exceptions
• Right to opt-out of sale — we do not sell personal information, so there is nothing to opt out of
• Right to non-discrimination — we will not treat you differently for exercising your privacy rights

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

To make a CCPA request, email [email protected] with the subject line “CCPA Request.” We may need to verify your identity before processing the request.

8. Cookies and Tracking

We use a small number of cookies to make Tiny Times work:

• Authentication cookies — to keep you signed in between visits
• Session cookies — to temporarily store your newspaper data while you navigate between pages

We do not use advertising cookies, third-party tracking pixels, or behavioral analytics that follow you across the web. We may use basic analytics to understand how people use the site, but this data is aggregated and not tied to your identity.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the effective date at the top of this page. If we make a material change — particularly one that affects how we handle children's data — we'll notify you by email before the change takes effect.

Your continued use of Tiny Times after a policy update constitutes acceptance of the updated terms.

10. Contact Us

Privacy questions, requests, and concerns should be directed to:

We aim to respond to all privacy requests within 30 days. For urgent matters involving a child's data, we will prioritize your request.