top of page

Privacy Policy — TinyBackup

Effective Date: 2024.01.01
 

TinyBackup (“we”, “us”, or “our”) provides an automated Shopify data backup and restore application (“Service”). We are committed to protecting user privacy and processing data lawfully and transparently.
 

1. General Information

TinyBackup automatically backs up Shopify store data and allows merchants to restore previous versions when needed. This Privacy Policy explains how we collect, process, store, and protect personal data.
 

2. Data Controller and Processor Roles

For website visitors and marketing purposes, TinyBackup acts as the data controller.
For backup and restore operations performed within Shopify stores, TinyBackup acts as the data processor, while the Shopify merchant acts as the data controller.

Our processing is governed by applicable data protection laws, including the GDPR and UK GDPR, and by our Data Processing Addendum (DPA).
 

3. What Data We Collect

When using TinyBackup, we process the following types of information:

  • Account information: Store name, store URL, Shopify shop ID, and owner contact details provided by Shopify OAuth connection.

  • Service and backup data: Full store data accessible via Shopify APIs, including products, collections, pages, blogs, articles, themes, files, and related metadata.

  • Webhook data: Shopify event information such as object IDs, timestamps, event type (create, update, delete), and job results.

  • Support data: Messages and attachments you send to our support team.

  • Technical data: IP addresses, device and browser type, operating system, log timestamps, and app performance metrics.

  • Billing data: Subscription status, plan type, and transaction identifiers (we do not store full payment card information).

  • Cookies and analytics data: Non-sensitive information about how visitors interact with our website.
    We do not sell or rent personal data to third parties.
     

4. How TinyBackup Works

TinyBackup continuously protects every Shopify store connected to our Service. Once installed, the system automatically backs up all available store data. Merchants cannot select which data to include or exclude from backups.

The Service listens to Shopify webhooks for all create, update, and delete events. Every time a change occurs, TinyBackup automatically triggers an incremental backup. This ensures every modification is saved and recoverable without manual input.

Backups run in the background at all times and require no user action. This structure ensures real-time protection against data loss caused by accidental deletions, third-party app issues, or human error.
 

5. Purpose and Legal Basis for Processing

We process personal data for the following purposes:

  • To provide the Service, including full automatic backups, incremental updates, and restore functionality.

  • To maintain security, integrity, and reliability of backups and webhooks.

  • To detect and correct operational issues.

  • To process billing and subscription management.

  • To communicate about service updates and support inquiries.

  • To comply with legal and regulatory requirements.
     

The legal bases for processing are:

  • Article 6(1)(b) GDPR — performance of a contract.

  • Article 6(1)(f) GDPR — legitimate interests in maintaining and improving the Service.

  • Article 6(1)(c) GDPR — legal obligations for billing and compliance.

  • Marketing communication is processed only under consent (Article 6(1)(a) GDPR).
     

6. Data Retention

We retain data for as long as necessary to fulfill our contractual and legal obligations.

Account and billing records are retained during the subscription period and as required by tax and accounting laws.

Backup versions remain available until deleted by the merchant or upon account termination.

Webhook and event logs are retained for limited periods to ensure service integrity and troubleshooting.

Support messages are retained for up to 24 months after resolution.

Analytics data is stored in aggregated or anonymized form.

Once data is no longer needed, it is deleted or irreversibly anonymized.
 

7. Data Sharing and Sub-Processors

TinyBackup works with trusted service providers who perform tasks such as hosting, monitoring, analytics, support, and billing. These providers process data only as instructed by TinyBackup and are bound by strict confidentiality and data protection agreements.
 

We may disclose data:

  • To our service providers under contractual safeguards.

  • To public authorities when legally required.

  • During business transfers such as mergers or acquisitions, with proper protections in place.

8. International Transfers

If personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, TinyBackup applies appropriate safeguards such as the European Commission’s Standard Contractual Clauses or the UK’s International Data Transfer Addendum.
 

9. Data Security

We apply industry-standard security measures to protect all collected and processed data, including:

  • Encryption at rest and in transit.

  • Multi-factor authentication and role-based access.

  • Continuous monitoring and regular security reviews.

  • Network and system isolation for backup data.

  • Although no system is immune to all threats, TinyBackup maintains rigorous technical and organizational controls to minimize risk.
     

10. Cookies and Tracking

TinyBackup uses essential cookies to operate the website and maintain sessions. Optional analytics cookies may measure performance and feature usage.
You can manage non-essential cookies through your browser settings or by using the cookie banner on our website.
 

11. Your Data Protection Rights

Under applicable data protection laws, you may have the right to:

  • Access your personal data.

  • Request correction or deletion.

  • Object to or restrict processing.

  • Request data portability.

  • Withdraw consent at any time.

If your data is processed as part of your Shopify store’s backups, contact your Shopify store owner to exercise these rights. We will assist the store owner in responding to such requests.
 

To contact TinyBackup regarding personal data requests, email info@tinybackup.io
 

12. Changes to This Policy

TinyBackup may update this Privacy Policy to reflect changes in legal, technical, or business conditions. Updates will appear on this page with a new effective date. Continued use of the Service after changes means you accept the updated policy.
 

13. Contact Information

Email: info [at] tinybackup.io

Website: https://tinybackup.io

14. Data Processing Addendum

The Data Processing Addendum (DPA) forms part of TinyBackup’s Terms of Service and defines our processor obligations, sub-processor relationships, and data deletion policies. Merchants can review or request the DPA at info@tinybackup.io
.

bottom of page