Privacy Policy

Effective Date: January 1, 2024

TinyBackup (“we”, “us”, or “our”) provides an automated Shopify data backup and restore application (“Service”). We are committed to protecting user privacy and processing data lawfully and transparently.

1. General Information

TinyBackup automatically backs up Shopify store data and allows merchants to restore previous versions when needed. This Privacy Policy explains how we collect, process, store, and protect personal data.

2. Data Controller and Processor Roles

For website visitors and marketing purposes, TinyBackup acts as the data controller.

For backup and restore operations performed within Shopify stores, TinyBackup acts as the data processor, while the Shopify merchant acts as the data controller.

Our processing is governed by applicable data protection laws, including the GDPR and UK GDPR, and by our Data Processing Addendum (DPA).

3. What Data We Collect

When using TinyBackup, we process the following types of information:

  • Account information: Store name, store URL, Shopify shop ID, and owner contact details provided by Shopify OAuth connection.
  • Service and backup data: Store data accessible via Shopify APIs, including products, collections, pages, blogs, articles, themes, files, and related metadata.
  • Webhook data: Shopify event data such as object IDs, timestamps, event type, and job results.
  • Support data: Messages and attachments sent to our support team.
  • Technical data: IP address, device and browser type, operating system, log timestamps, and performance metrics.
  • Billing data: Subscription status, plan type, and transaction identifiers. We do not store full payment card information.
  • Cookies and analytics data: Non-sensitive website interaction data.

We do not sell or rent personal data to third parties.

4. How TinyBackup Works

TinyBackup continuously protects every Shopify store connected to the Service. Once installed, the system automatically backs up all available store data. Merchants cannot select or exclude specific data from backups.

The Service listens to Shopify webhooks for create, update, and delete events. Each event triggers an incremental backup, ensuring all changes are saved automatically.

Backups run continuously in the background and require no manual action.

5. Purpose and Legal Basis for Processing

We process personal data to:

  • Provide automatic backups, incremental updates, and restore functionality
  • Maintain security and reliability of the Service
  • Detect and resolve operational issues
  • Manage billing and subscriptions
  • Respond to service and support communications
  • Comply with legal obligations

The legal bases for processing are:

  • Article 6(1)(b) GDPR — performance of a contract
  • Article 6(1)(f) GDPR — legitimate interests
  • Article 6(1)(c) GDPR — legal obligations
  • Article 6(1)(a) GDPR — consent for marketing communications

6. Data Retention

We retain data only for as long as necessary:

  • Account and billing data during the subscription period and as required by law
  • Backup data until deleted by the merchant or account termination
  • Webhook and event logs for limited operational periods
  • Support data for up to 24 months after resolution
  • Analytics data in aggregated or anonymized form

Data is deleted or irreversibly anonymized when no longer required.

7. Data Sharing and Sub-Processors

TinyBackup uses trusted service providers for hosting, monitoring, analytics, support, and billing. These providers act only under our instructions and contractual safeguards.

We may disclose data:

  • To service providers under data protection agreements
  • To public authorities when legally required
  • During mergers or acquisitions with appropriate safeguards

8. International Transfers

If personal data is transferred outside the EEA or the UK, we apply safeguards such as Standard Contractual Clauses or the UK International Data Transfer Addendum.

9. Data Security

We use industry-standard security measures, including:

  • Encryption at rest and in transit
  • Multi-factor authentication and role-based access
  • Continuous monitoring and security reviews
  • Network and system isolation for backup data

10. Cookies and Tracking

Essential cookies are used to operate the website and maintain sessions. Optional analytics cookies measure performance and feature usage.

You can manage non-essential cookies through browser settings or the website cookie banner.

11. Your Data Protection Rights

You may have the right to:

  • Access personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent

If data relates to Shopify store backups, requests should be directed to the store owner. We assist store owners in responding.
Contact us at [email protected] for data-related requests.

12. Changes to This Policy

This Privacy Policy may be updated to reflect legal, technical, or business changes. Updates are published with a new effective date.

13. Contact Information

Email: [email protected]
Website: https://tinybackup.io

14. Data Processing Addendum

The Data Processing Addendum forms part of the Terms of Service and defines processor obligations, sub-processors, and deletion policies. To read more about our Data Processing Addendum (DPA), click here