No credit card required 😊

Privacy Policy

Last Updated: 2nd Feb, 2022

Hi there, and welcome! Here at TinyWhale Platforms Inc (if you’re a resident of the U.S.) or TinyWhale Platforms Pte Ltd (if you’re a resident anywhere else in the world) (you can call us “TinyWhale”), we provide services that help you run your awesome businesses, find and book new customers, manage customer relationships, promote your services, showcase your licenses, awards and certifications, send invoices, accept payments, bump up your online presence and MORE through our website available at https://www.tinywhale.com & https://tinycard.to/ (our “Site”) and platform too together with our mobile applications and related services this comprises our “Services”). Together with our Terms of Use, we have our Privacy Policy which was created to provide you essential information about us and our Services to you, your clients and your vendors. This Privacy Policy includes in detail our policy with respect to information including personally identifiable data (“Personal Data“), Contact Information ( defined below) and other information that is collected from visitors to the Site and Services. When you voluntarily provide us with Personal Data, you consent to our use of it in accordance with this Privacy Policy. 

If you are our customer and we are processing personal information on your behalf, please also read through the accompanying Data Processing Addendum. If you have any questions or privacy concerns that haven’t been resolved, please let us know at privacy@tinywhale.com. Data protection laws can be different among countries, with some providing you with more protection than others. However, to keep things simple, we apply common protections as described in this Privacy Policy no matter where your information is processed. These protections align with well-known standards such as ISO 27001:2017 and others.

We’ll need to tweak or update our Privacy Policy from time to time, and we reserve the right to do so at our sole discretion. We will post the latest changes to this page, and let you know at the top of this page the date this Privacy Policy was last updated. We strongly recommend you get into the habit of checking our Privacy Policy each time before you use our Services, just to make sure you’re up to speed on our latest changes and updates! 

  1. Information We Collect
    When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
    1. Personal Data That You Provide Through the Services
      We collect Personal Data from you when you voluntarily provide such information, for e.g. when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services. When we collect Personal Data we make an effort to provide a link to this Privacy Policy.
    2. Contact Information
      Where you choose to import to sync your Google account, contacts, iCal or similar accounts or services with our Services, we will collect and store information such as your contacts’ email address, name, address, website URL, phone number and other metadata assigned to that contact; we obtain this data in order to create profiles, suggest existing profiles for you to connect with and invite new persons to use the Services. If you activate Gmail integration on your account you will be able to use the Services to send emails to your customers and create calendar events.

      Notwithstanding anything else in this Privacy Policy, TinyWhale’s use of Contact Information obtained through your synched Google account will adhere to Google API Services User Data Policy, including the limited use requirements.
    3. Bank Account Information
      Where you link your bank account for payment or invoicing purposes, we will also collect your bank account numbers. If you choose to link your bank account automatically through the API provided by Stripe Inc. (“Stripe”), we will also receive information related to the transactions associated with that account, including the transaction ID, transaction category and type, merchant name, amount, currency, date, and location. By using the Stripe API, you grant us and Stripe the right to access and transmit your personal and financial information from the relevant financial institution and you agree that your personal and financial information will be transferred, stored, and processed by Stripe in accordance with the Stripe Privacy Policy.
    4. Other Information
      1. Non-Identifiable Data: When you interact with TinyWhale through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information itself or such information may be included in databases owned and maintained by our affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.
      2. Cookies: In operating the Services, we may use a technology called “cookies.” Please refer to our Cookie Notice for more details on our cookie use, including information on how you can opt-out of certain cookies.
    5. Aggregated Personal Data
      We at TinyWhale continuously strive to better understand and serve YOU. As such, we often conduct research on our customer demographics, interests and behavior based on the Personal Data and other information provided to us, including information available in any vendor contracts and related proposals that you may upload. Rest assured that we definitely do not use or aggregate Contact Information for these purposes. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
    6. Location Information
      Our Services and third parties that are integrated into our Services may collect and use your location information (for example, by using the GPS on your mobile device) to better provide certain functionality of our Services. We may also use your location information in an aggregate way, as described above in the “Aggregated Personal Data” section.
    7. Tracking and Analytics
      We may allow third party service providers to use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of the Services.

      Our Site currently does not respond to “Do Not Track” (DNT) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will update on how we do so in this Privacy Policy.
    8. Social Networking Services
      One nifty feature of the Services is that it allows you to enable or log in to the Services via various social networking services like Facebook or Twitter (“Social Networking Service(s)“). To be able to use this feature, we will ask you to log into or grant us permission via the relevant Social Networking Service. When you add a Social Networking Services account to the Services or log into the Services using your Social Networking Services account, we will collect relevant information necessary to enable the Services to access that Social Networking Service and your data contained within that Social Networking Service. As part of such integration, the Social Networking Service will provide us with access to certain information that you have provided to the Social Networking Service, and we will use, store and disclose such information in accordance with this Privacy Policy.

      With that being said, we have no liability or responsibility for the privacy practices or other actions of any Social Networking Services that are enabled within the Services, so we strongly recommend that you also read through the policies of such third parties to educate yourself on how they use, store and disclose your information.
  2. How we Use the Information We Collect
    We use the Personal Data you provide in a manner that’s consistent with our Privacy Policy.

    This includes for the following:
    • Operate and improve our Services;
    • Send you advertising or promotional materials;
    • Provide and deliver the Services or other services you request, process transactions, and send you related information;
    • Send you technical notices, updates, security alerts, and support and administrative messages;
    • Respond to your comments, questions, and requests and provide you with requested customer support;
    • Monitor and evaluate trends, usage, and activities in connection with our Services;
    • Secure our systems, prevent fraud, and help us to protect the security of your account;
    • Prevent, detect, and investigate potentially prohibited or illegal activities and to enforce our terms and policies;
    • Personalize and improve the Services, and provide content, communications, or features that match users interests; and
    • Link or combine with other information we obtain from third parties to help understand your needs and provide you with better service.

    We reserve the right at all times to review your content and information to help resolve problems with our software or the Services, or to ensure that you remain in compliance with our Terms of Use and other policies.
  3. How we Share/Disclose your Personal Data and Other Information
    There are some situations where we may share your Personal Data with selected third parties without further notifying you. For example:
    1. Service Providers, Agents, Consultants and Third Parties
      Like many other businesses, we sometimes engage or work with other companies to perform certain business-related functions in the provision of our Services to you. For example this may include processing payments, advertising and marketing, security, infrastructure and IT services, mailing information etc. When we engage another entity to perform such functions, we only provide them with the information that they need to perform that function.
    2. Business Transfers
      As we grow, we may buy or sell business or assets. Where we conduct a corporate sale, merger, reorganization, dissolution or something similar (individually known as a “Corporate Transaction”), Personal Data may be part of the transferred assets. On top of this, we may provide certain Personal Data to an investor or prospective investor and their legal or business advisors in anticipation of and/or in connection with a potential Corporate Transaction. We’ll definitely update you if we disclose any Contact Information in connection with a Corporate Transaction.
    3. Related Companies
      We may share your Personal Data (not including Contact Information) with our affiliated entities for purposes consistent with this Privacy Policy.
    4. Legal Requirements
      We may disclose your Personal data if required to do so by law, or in the good faith believe that this is necessary to:
      1. Comply with a legal obligation;
      2. Protection and defend our rights or property;
      3. Act in urgent circumstances to protect the personal safety of users of the Services or the public; or
      4. Protect against legal liability.

        In the course of sharing information, when we transfer personal information to countries within the European Economic Area (“EEA”) or other regions with comprehensive data protection laws, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable data protection laws.
    5. Consent
      We may share Personal Data with your consent.
  4. Where we Store Your Personal Data
    1. Data Storage
      All the data that you provide to us through our Services is stored on secure servers located in the U.S.  Any payment transactions will be encrypted using SSL technology; all payment data is stored by our payment processors and is never stored on our servers.  Where we have given you (or where you have chosen) a password that enables you to access your account and the Product, you and you alone are responsible for keeping this password confidential.  We recommend that you not share your password and that you change it often.
    2. Data Security
      We take reasonable measures to protect your Personal Data and your content from loss, misuse, and unauthorized access, disclosure, modification, and destruction and to ensure that your content remains protected and available to you.  However, the transmission of data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your Personal Data sent through the Services.  Please note that all transmissions are at your own risk.
    3. Data Retention
      We store the information we collect for as long as necessary for the purpose for which it was originally collected and in compliance with our legal obligations.  The retention periods applied by TinyWhale comply with applicable legislation then in effect, namely:
      1. For data relating to your account, such data will not be retained beyond your request that your account be deleted.
      2. For transactional data relating to your purchases, such data is kept for the entire period of our contractual relationship, then in accordance with legal obligations and applicable statute of limitations periods.  Please note that this data does not include payment card information, which is processed by our third-party payment processors and not TinyWhale.
      3. For data collected based on your consent to receive marketing communications, we will use the data until you withdraw your consent or applicable law requires that such data is no longer used.
      4. For data collected in connection with your requests or questions, such data is kept for the period necessary to process and reply to your request or question.
      5. When cookies or other trackers are placed on your computer, they may be retained for a period of 12 months.

        We may retain certain information for legitimate business purposes or as required by law.
    4. Third Parties
      This Privacy Policy only concerns the processing for which TinyWhale. Third-parties who provide and/or publish content through our Services shall be deemed the data controllers for any personal data contained in the content uploaded by any such party to the  Services (“Third-Party Content”) and any other personal data processed in relation to such Third-Party Content. If you have any questions regarding personal data contained in Third-Party Content, please contact the third-party provider responsible for such Third Party Content.
  5. Children
    TinyWhale does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, you’re technically not allowed to register for an account on the Services, and definitely please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to TinyWhale through the Services, please contact us, and we will endeavor to delete that information from our databases.
  6. Your Choices and Rights
    You can visit the Site without providing any Personal Data, but do note that you may not be able to use certain Services.

    You also have several options with respect to your Personal Data as detailed here:
    1. You can terminate your use of the Services at any time (of course, we’d much prefer if you didn’t!).  However, we would still be able to process your Personal Data in our capacity as a service provider to our customers if your Personal Data is necessary for us to provide our Services to them.
    2. Once you’ve created your account, you can access, change or delete your personal information whenever you want. However even if you delete certain information from your account or deactivate your account, we may continue to retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of your information for a certain period of time.
    3. You can opt out of receiving promotional emails, text messages or mail from us by emailing opt-out@tinywhale.com or visiting your user settings via the “Edit Your Preferences” or “Completely Unsubscribe” link in any promotional email. Do note that even if you opt out, we’re still able to send you transactional or relationship messages like emails about your account, or updates to our Services.
    4. If you don’t have an account and want to delete any personal information you might have  provided through your use of our Services and/or any other services, please email us at privacy@tinywhale.com with the header “Delete My Information” in the subject line.
  7. Malware/Spyware/Viruses
    These are gross, and we definitely do not knowingly permit their use and/or other similar types of software.
  8. Links to External Sites
    We work with a lot of awesome partners, affiliates and advertisers and our Services may contain links to and from their or other third party websites. If you choose to follow a link to an external website, it will (or it should!) have its own privacy policy, and we are not responsible for any content or practices of these third party websites, or their policies. We’re also not responsible for any information you might share with these websites. Therefore, we strongly recommend that you refer to each website’s privacy policy and practices before you share any personal information.
  9. Transfer of Information Across National Borders:
    If you are located outside the jurisdiction of the United States, please note that TinyWhale operates and processes data in the United States. Information we collect from you will be processed in the United States, and by using this website you acknowledge and consent to the processing of your data in the United States.  Last we checked, United States has not received a finding of “adequacy” from the EEA under Article 41 of the GDPR.

    We collect and transfer to the U.S. personal data only with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. When we transfer your personal information to other countries, we will protect that data as described in this Privacy Policy or in our agreement with you and take steps, where necessary, to ensure that international transfers comply with applicable laws.
  10. Privacy Shield
    As you may be aware, TinyWhale is based in the U.S. The U.S. may have data protection laws less stringent than or otherwise different from the laws in effect in the EEA and the U.K.. Transfers of your Personal Data to us in the U.S. are necessary to perform the agreement we have entered into, or are about to enter into, with you.

    TinyWhale complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the European Union (including the other countries in the EEA) (“EU”) and Switzerland to the U.S.. If there is any conflict between the policies in this Privacy Policy and the EU or Swiss Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Frameworks, please visit https://www.privacyshield.gov/.
  11. EEA Data Subjects & Transfers Outside the EEA
    For our EEA users, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. We may provide your data to third party providers who are located outside the EEA, or they may use servers that are located outside the EEA. If this happens, we will ensure that adequate protection of your data is provided as required by applicable law, for instance by concluding Standard Contractual Clauses issued by the European Commission.
  12. Residents of the EEA
    We provide the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). If you reside in the European Territories (including the EEA, Switzerland, and the United Kingdom), our legal basis for collecting and using the Personal Data will depend on the personal information concerned and the specific context in which we collect it.

    We will normally collect Personal Data from you where the processing is in our legitimate interests. In some cases we may collect and process Personal Data based on consent.

    EEA data subjects have certain rights with respect to your Personal Data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.
    1. Access, Correction or Deletion. You may request access to, correction of, or deletion of your Personal Data. We recommend that you check out your Account Settings to take these actions directly.
    2. Objection. You may object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes and may do so using the options provided in this Privacy Policy. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
    3. Restriction. You have the right to ask us to suspend the processing of your Personal Data in the following scenarios:
      (a)
      if you want us to establish the data’s accuracy;
      (b) where our use of the data is unlawful but you don’t want us to erase it;
      (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
      (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
    4. Portability. You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
    5. Withdraw Consent. If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
    6. File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data. To file a request or act on one of your rights, please contact us at the contact details provided below. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
  13. California Resident Notices
    1. California Consumer Privacy Act
      Effective January 1, 2020, the California Consumer Privacy Act of 2018 (the “CCPA”) allows you, the consumer who is a California resident, upon a verifiable consumer request, to request from businesses (like us) to:
      1. Delete any Personal Data about the consumer which the business has collected from the consumer;
      2. Disclose to the consumer certain information about the Personal Data that the business collects from the consumer; and
      3. Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.

        We do not sell any consumer Personal Data to third parties. If you want to submit a data access or data deletion request, please get in touch at privacy@tinywhale.com. However, if your request relates to Personal Data collected through any client’s or vendor’s websites or digital products, you’ll need to get in touch with the owner of that website or product directly. We may ask you certain questions to verify your identity, and ask for your email or other confirmation, before we process your request. Consistent with California law, if you choose to exercise your rights, you will not receive discriminatory treatment from us.

        In certain situations, you can designate an authorised agent to make a request on your behalf. You may be asked to provide certain verification details such as a valid power of attorney, a valid government ID, and the authorised agent’s valid government ID before we proceed with your request.
    2. California’s Shine the Light Law
      If you reside in California, CA Civil Code § 1798.83 allows you to request and obtain from us once a year, free of charge, a list of the third parties to whom we may have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. As a general policy, we do not share personal information with third parties for their own direct marketing purposes without getting your consent first. If all this sounds awful to you, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent. Do get in touch with us at privacy@tinywhale.com if you want to make such requests.
    3. Do Not Track Disclosure
      Regulatory agencies such as the U.S. Federal Trade Commission have promoted the concept of Do Not Track as a mechanism to permit internet users to control online tracking activity across websites through their browser settings. Since no industry standard has been adopted, we currently do not process or comply with any web browser’s “do-not-track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our Site or use our Services.
  14. Exclusions
    Here are some things this Privacy Policy does not apply to:
    1. Any Personal Data collected by us that is not Personal Data collected through the Services;
    2. Any unsolicited information you provide to us through the Services or any other means, which will be considered non-confidential and which we’ll be free to reproduce, use, disclose to and share with others without limitation or attribution.
  15. Security
    We know how important Personal Data is, and we take reasonable steps to protect the Personal Data you provide through the Services from loss, misuse, unauthorised access, disclosure, alteration or destruction. However despite our efforts, no internet or email transmission is 100% secure or error free. We strongly recommend that you take lots of special care and consideration in deciding what information you send over email. Please also keep this in mind when you disclose any Personal Data to us through the internet.
  16. Other Terms and Conditions
    Your access to and use of the Services is subject to the Terms of Use.
  17. Changes to Our Privacy Policy
    To serve you better, the Services and our business may change from time to time. Therefore it may be necessary for us to make changes to this Privacy Policy, and we reserve the right to update or modify this Privacy Policy at any time, without notice to you. We will post the latest changes to this page, and let you know at the top of this page the date these Privacy Policy were last updated. We strongly recommend that you review this Privacy Policy periodically, and especially before you provide any Personal Data to us. When you continue to use the Services after any changes or updates made to the Privacy Policy, this constitutes your agreement with the revised terms.
  18. Your Acceptance of These Terms
    By using our Site or Services, you accept the policies and conditions set forth in this Privacy Policy. As much as we’d hate for you to do this, please do not use our Site or Services if you don’t agree with these terms.
  19. Contacting Us
    If you need assistance in keeping your Personal Data accurate, current and complete, please contact us at privacy@tinywhale.com. Rest assured that once we receive your request, we’ll take reasonable steps to update or correct Personal Data in our possession that you’ve previously sent across through the Services. Please also feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Services. We’re always happy to hear from you!