tinysamples

Legal

Privacy Policy

Last updated: April 5, 2025

tinysamples ("we", "our", or "us") is committed to protecting the privacy of researchers and teams who use our sample tracking platform. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have.

By using tinysamples, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

Effective date: April 5, 2025
Contact: privacy@tinysamples.com

1. Who We Are

tinysamples is a web-based SaaS application designed for research teams to register samples, log laboratory activities, and manage experimental workflows. We are the data controller for personal data collected through the platform.

2. Information We Collect

2.1 Information You Provide

When you create an account or use tinysamples, you may provide:

  • Account information: email address, password (hashed — never stored in plain text), and optionally your name and profile photo.
  • Authentication via Google OAuth: if you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.
  • Workspace data: laboratory name, project names, sample identifiers, activity logs, protocol descriptions, batch details, and any custom fields you create. This data belongs to you.
  • Profile information: lab name, role, institution — entered during onboarding.
  • Communications: if you contact us by email or support, we store the contents of that correspondence.

2.2 Information Collected Automatically

When you use tinysamples, our servers automatically record:

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps of requests.
  • Usage data: feature usage patterns in aggregate, anonymised form.
  • Device information: screen resolution, language settings — used only to optimise the mobile-first interface.

We do not use cookies for advertising. We use only one first-party session cookie required for authentication.

2.3 Information We Do Not Collect

  • We do not collect payment card numbers directly. Payments are processed by Stripe under their own privacy policy.
  • We do not sell your data to third parties.
  • We do not use your workspace data for training machine learning models.
  • We do not track you across other websites.

3. How We Use Your Information

We use the information we collect to provide the tinysamples service, send transactional emails, monitor service health, aggregate anonymous usage analytics, respond to support requests, and comply with legal obligations. We do not use your data for targeted advertising, behavioural profiling, or marketing to third parties.

4. Data Storage and Security

tinysamples is hosted on Supabase Cloud (AWS US East). All workspace data is isolated using PostgreSQL Row Level Security (RLS). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Passwords are hashed with bcrypt. We never store plain-text passwords.

5. Data Sharing

We share your data only with sub-processors necessary to deliver the service (Supabase, Stripe, Resend, Vercel), under legal obligation, or in connection with a business transfer. We do not sell, rent, or lease your personal data.

6. Your Rights

You may request access, correction, deletion, or export of your data at any time. EU/UK users have additional rights under GDPR. California residents have rights under CCPA. To exercise any right, email privacy@tinysamples.com.

7. Account Deletion and Data Retention

You can delete your account from Profile settings. Workspace data is permanently deleted within 30 days of account deletion. Billing records are retained for 7 years as required by law.

8. Cookies

We use only first-party, HttpOnly, Secure session cookies required for authentication. No advertising cookies. No third-party tracking.

9. Children’s Privacy

tinysamples is for users aged 16 and over. We do not knowingly collect data from minors.

10. International Users

Data is processed in the US. EU/UK transfers are made under Standard Contractual Clauses where required under GDPR.

11. Changes to This Policy

Material changes will be communicated by email at least 14 days before taking effect. The "Last updated" date above reflects the current version.

12. Contact Us

Email: privacy@tinysamples.com
Response time: 5 business days.

tinysamples · privacy@tinysamples.com · April 5, 2025