Privacy Policy

Effective Date: March 11, 2026 | Last Updated: March 11, 2026

1. Introduction

This Privacy Policy ("Policy") is provided by TinyOffice ("Company," "we," "us," or "our") and applies to all individuals ("you" or "your") who access or use the TinyOffice platform, website, APIs, and services (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

2.1 Identifiers

Name, company name, job title, email address, phone number, mailing address
Social media profile URLs (LinkedIn, Twitter, Facebook)
IP address, unique user identifiers, and account IDs

2.2 Customer Records

Billing and invoicing records
Partial payment card information (last four digits, card brand, expiration only — full card numbers are never stored)
Partial bank account information (last four digits, bank name only)

2.3 Commercial Information

Records of services purchased or considered, invoice amounts, payment history

2.4 Internet or Electronic Network Activity

Browser type, user agent, device type, operating system
Pages viewed, time on page, scroll depth, interaction data, search queries within the Service
Session identifiers, referring URLs

2.5 Geolocation Data

Approximate location (city, region, country) derived from IP address

2.6 Professional or Employment-Related Information

Job title, industry, company size, LinkedIn profile data
Employment and hiring signals from publicly available third-party sources

2.7 Audio, Electronic, and Visual Information

Meeting recordings and transcripts
File attachments uploaded to the Service

2.8 Inferences

Lead scores, buyer intent signals, AI-generated summaries, sentiment analysis, and pattern detection outputs

2.9 Communications Data

Email messages (subject, body, attachments, sender/recipient), email engagement metrics (opens, clicks, replies)
LinkedIn messaging data, meeting booking submissions, AI conversation logs

2.10 Sensitive Personal Information

Account login credentials (email and hashed password)
Contents of communications processed through the Service

Sensitive personal information is used only for purposes authorized under the CCPA/CPRA as described in Section 4.

3. Sources of Information

Directly from you: account registration, forms, file uploads, connected email accounts, meeting bookings, client portal usage, AI feature interactions
Automatically: IP address, browser/device data, login records, page interaction data, email engagement events, cookies
Third-party sources: lead enrichment providers, scheduling platforms, payment processors, connected Google accounts (under your OAuth authorization), LinkedIn automation platforms, accounting platforms

4. How We Use Your Information

Providing and maintaining the Service (accounts, client management, invoicing, payments, scheduling, email, client portals, third-party sync)
Sales and lead management (lead scoring, enrichment, outreach, proposals)
AI-powered features (meeting briefs, summaries, sentiment analysis, email drafting, anomaly detection, conversational AI, lead scoring). Certain AI features run on automated schedules.
Security and fraud prevention (login monitoring, IP logging, rate limiting)
Analytics and service improvement (usage analysis, privacy-respecting website analytics via Fathom Analytics)
Complying with applicable laws and legal processes

5. Disclosure of Information

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising.

We disclose Personal Information for business purposes to the following categories of recipients:

Category of Recipient	Purpose
Payment processors	Payment processing and billing
Email delivery providers	Sending transactional and outreach emails
Cloud storage providers	File and document storage
AI and machine learning providers	AI-generated summaries, analysis, and conversational features
Lead enrichment providers	Supplementing lead profiles with publicly available data
Connected Google services	Email and calendar sync under user authorization
LinkedIn automation platforms	Outreach and connection campaigns
Scheduling platforms	Appointment data via webhooks
Accounting platforms	Financial record synchronization
Workflow automation platforms	Business workflow integrations
Law enforcement or government agencies	When required by law or legal process
Business transferees	In connection with a merger, acquisition, or asset sale

Third-party providers are subject to their own privacy policies. We are not responsible for their data practices.

6. Cookies and Tracking

We use one essential cookie:

Cookie	Purpose	Duration
`token`	Authentication (HTTP-Only, Secure, SameSite)	7 days

We use Fathom Analytics for website analytics. Fathom does not use cookies and does not collect personally identifiable information.

7. Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, satisfy legal and accounting requirements, and establish or defend legal claims.

Data Category	Retention Period
User account data	Duration of account plus up to 7 years for legal/tax compliance
Financial records	Minimum 7 years per California and federal requirements
Client records	Duration of relationship plus up to 7 years
Lead and prospect data	Duration of active engagement plus reasonable period thereafter
Security and login records	Up to 2 years
Meeting recordings and transcripts	Until manually deleted by user
Analytics data	Up to 2 years
Uploaded files	Until manually deleted or account closure

Deleted records may be soft-deleted (marked inactive) rather than permanently removed and may be retained for the periods described above.

8. Data Security

We implement reasonable administrative, technical, and physical security measures to protect Personal Information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your California Privacy Rights

California residents have the following rights under the CCPA as amended by the CPRA:

Right to Know: Request disclosure of the categories and specific pieces of Personal Information we collected, the sources, the business purposes, and the categories of third parties with whom it was shared, covering the preceding 12 months.
Right to Delete: Request deletion of your Personal Information, subject to legal exceptions (including tax and financial record retention).
Right to Correct: Request correction of inaccurate Personal Information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your Personal Information as defined by the CCPA/CPRA.
Right to Limit Use of Sensitive Personal Information: We use sensitive personal information only for authorized purposes under the CCPA/CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To submit a request, contact us at the address in Section 13. You may designate an authorized agent to act on your behalf. We will verify your identity before processing any request and respond within 45 calendar days (extendable by 45 additional days with notice).

10. California "Shine the Light"

We do not disclose Personal Information to third parties for their direct marketing purposes.

11. Do Not Track

We do not use third-party advertising or cross-site tracking. The Service does not change behavior in response to Do Not Track signals.

12. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect Personal Information from children under 18. If you believe we have, contact us and we will delete it promptly.

13. Contact Information

To exercise your privacy rights or ask questions about this Policy, contact us at:

TinyOffice
[email protected]

14. Changes to This Policy

We may update this Policy at any time. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the Service after changes constitutes acceptance of the revised Policy.