Tiny Swell – Privacy Policy

    Effective Date: April 12, 2025

    Last Updated: May 22, 2025

    Introduction

    Tiny Swell ("I," "my," or "me") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you visit my website tinyswell.com, use my services, or interact with me through various communication channels (collectively, the "Services").

    By accessing or using my Services, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use my Services.

    I reserve the right to make changes to this Privacy Policy at any time and for any reason. I will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy, and you waive the right to receive specific notice of each such change or modification.

    Information We Collect

    Personal Information You Provide

    We may collect personal information that you voluntarily provide to me, including but not limited to:

    • Contact Information: Name, email address, phone number, mailing address, company name, job title
    • Professional Information: Business details, project requirements, service inquiries, consultation preferences
    • Communication Data: Information contained in emails, messages, phone calls, and other communications with me
    • Consultation Information: Details shared during consultations, project discussions, and service engagements
    • Payment Information: Billing address and payment method details (processed through secure third-party payment processors)
    • Marketing Preferences: Newsletter subscriptions, communication preferences, and marketing consent

    Information Collected Automatically

    When you visit my website or use my Services, we may automatically collect certain information, including:

    • Device Information: IP address, browser type and version, operating system, device type
    • Usage Data: Pages visited, time spent on pages, click patterns, referral URLs, search terms
    • Location Data: General geographic location based on IP address
    • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

    How I Use Your Information

    I use the information I collect for the following purposes:

    Primary Business Purposes

    • Service Delivery: To provide consulting services, respond to inquiries, and fulfill contractual obligations
    • Communication: To communicate with you about my services, appointments, project updates, and business matters
    • Client Relationship Management: To maintain client records, track project progress, and manage ongoing relationships
    • Business Operations: To process payments, maintain business records, and conduct internal operations

    Secondary Purposes

    • Marketing and Outreach: To send newsletters, service updates, and promotional materials (with your consent)
    • Website Improvement: To analyze website usage, improve user experience, and enhance my digital presence
    • Legal Compliance: To comply with applicable laws, regulations, and legal processes
    • Business Protection: To protect my rights, property, safety, and that of my clients and third parties

    Legal Basis for Processing (GDPR)

    If you are located in the European Economic Area (EEA), my legal basis for collecting and using your personal information depends on the specific information collected and the context in which I collect it:

    • Contract Performance: Processing necessary to perform my consulting services
    • Legitimate Interests: My legitimate business interests, such as improving my services and communications
    • Consent: Where you have provided explicit consent for specific processing activities
    • Legal Obligation: Where processing is necessary to comply with legal requirements

    How I Share Your Information

    I do not sell, trade, or rent your personal information to third parties. I may share your information in the following circumstances:

    Service Providers

    I may share information with trusted third-party service providers who assist me in:

    • Website hosting and maintenance
    • Email marketing and communication services
    • Payment processing
    • Analytics and website optimization
    • Cloud storage and data management

    Business Transfers

    In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of the transaction, subject to confidentiality agreements.

    Legal Requirements

    I may disclose your information when required by law, court order, or government regulation, or to:

    • Protect my legal rights and interests
    • Prevent fraud or illegal activities
    • Ensure the safety of my clients and employees
    • Comply with legal processes and investigations

    Professional Obligations

    As a consulting firm, I may need to share certain information with:

    • Professional liability insurers
    • Legal counsel and advisors
    • Regulatory bodies (when required)
    • Client-authorized third parties for project implementation

    Data Security

    I implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

    • Encryption: Data encryption in transit and at rest
    • Access Controls: Limited access to personal information on a need-to-know basis
    • Regular Updates: Security software and system updates
    • Employee Training: Staff training on data protection and privacy practices
    • Incident Response: Procedures for detecting and responding to data breaches

    However, no method of transmission over the internet or electronic storage is 100% secure. While I strive to protect your personal information, I cannot guarantee absolute security.

    Data Retention

    I retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

    Retention Periods:

    • Active Client Data: Duration of engagement plus 7 years (or as required by applicable law)
    • Marketing Data: Until you unsubscribe or withdraw consent
    • Website Analytics: Up to 26 months
    • Financial Records: 7 years from the end of the fiscal year
    • Legal Documents: As required by applicable laws and regulations

    Your Privacy Rights

    Depending on your location and applicable laws, you may have the following rights regarding your personal information:

    General Rights

    • Access: Request access to your personal information I hold
    • Correction: Request correction of inaccurate or incomplete information
    • Deletion: Request deletion of your personal information (subject to legal obligations)
    • Portability: Request transfer of your data to another service provider
    • Objection: Object to certain types of data processing
    • Restriction: Request restriction of processing under certain circumstances

    Marketing Communications

    • Unsubscribe: Opt out of marketing communications at any time
    • Preference Management: Update your communication preferences
    • Consent Withdrawal: Withdraw consent for marketing activities

    GDPR Rights (EEA Residents)

    If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.

    CCPA Rights (California Residents)

    If you are a California resident, you have specific rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to opt out of the sale of personal information.

    ← Return home