Privacy Policy

TinyCard is an independent project that lets you send beautiful digital gift cards as a link — free, with no account required. We are based in the European Union and this policy is written to meet GDPR requirements.

For privacy matters, you can reach us at: privacy@tinycard.app

When you create a card, we store: the names you enter (sender and recipient), your message, the gift description, the Unsplash photo you selected (along with photographer credit, which we are required to show), and the animation style you chose. This data is necessary to deliver the card.

If you provide an email address when creating a card, we store it so you can use the "Find your cards" feature to recover your edit links. Providing an email is entirely optional.

We record a timestamp the first time a card is opened. This tells the sender that their card has been received — nothing more.

We do not collect IP addresses, device identifiers, browser fingerprints, or any behavioural data. We do not use cookies for tracking or advertising.

Free cards expire 14 days after creation. Premium cards expire one year from the date of upgrade. When a card expires, it is no longer accessible and is eligible for deletion from our database. We do not retain card content beyond the applicable expiration period.

If you delete your card using the edit link, all associated data is removed immediately.

We process card content on the basis of your explicit request to use the service (performance of a service at your request — Article 6(1)(b) GDPR). If you provide an email address, you do so voluntarily and it is processed on the basis of your consent (Article 6(1)(a) GDPR).

You can withdraw consent at any time by deleting your card using the edit link, which removes all data including your email address.

We use Unsplash (unsplash.com) to provide the image library. When you search for or select a photo, your query is sent to the Unsplash API. Unsplash's own privacy policy governs how they handle that data.

If you use the "Find your cards" feature, we use Resend (resend.com) to send you an email. Your email address is transmitted to Resend solely for the purpose of delivering that message. We do not store your email with Resend beyond what is needed to send the message.

If you purchase a premium upgrade, the payment is processed by Stripe (stripe.com). We do not store your payment details — they are handled entirely by Stripe. Stripe's own privacy policy governs how they handle payment data.

We do not sell, rent, or otherwise share personal data with any third party for marketing or advertising purposes.

Under GDPR you have the right to access, correct, or erase your personal data. Since cards are identified by a secret edit link rather than an account, the most direct way to exercise these rights is to use your edit link to delete your card.

If you no longer have your edit link, you can contact us at privacy@tinycard.app with enough information to identify your card (e.g. the view URL), and we will delete it manually within 30 days.

You also have the right to lodge a complaint with your local supervisory authority if you believe we are processing your data unlawfully.

TinyCard runs on Cloudflare's global edge network. Data may be processed in data centres within the European Economic Area and in other regions. Cloudflare is certified under the EU-U.S. Data Privacy Framework.

We may update this policy from time to time. The "last updated" date at the top of this page reflects when it was last revised. Continued use of the service after changes constitutes acceptance of the updated policy.