Back to Home

Privacy Policy

Last updated: 11/15/2025

1. Introduction

TinyData ("we," "us," or "our") operates Loa ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, username, password (hashed), profile information
  • User Content: Data entries, observations, visualizations, legends, and other content you create
  • Beta Signup Information: Email address and name (if provided)
  • Payment Information: Processed securely through Stripe (we do not store full payment card details)
  • Communications: Messages you send to us, feedback, support requests

2.2 Automatically Collected Information

  • Usage Data: How you interact with the Service, features used, time spent
  • Device Information: Device type, operating system, browser type, IP address
  • Log Data: Server logs, error reports, performance data
  • Cookies and Tracking: See Section 7 for details

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your account
  • Send you service-related communications
  • Respond to your inquiries and provide customer support
  • Send you marketing communications (with your consent, which you can withdraw at any time)
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience (using anonymized data)

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To fulfill our contract with you (providing the Service)
  • Consent: When you consent to marketing communications or beta signups
  • Legitimate Interests: To improve the Service, ensure security, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

5.1 Service Providers

We use trusted third-party services that help us operate the Service:

  • Supabase: Database and authentication services
  • Vercel: Hosting and infrastructure
  • Stripe: Payment processing
  • Mailchimp: Email marketing (if you opt-in)
  • Analytics Providers: Google Analytics (anonymized data)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Public Sharing

If you choose to share your visualizations publicly, that content will be visible to others. You control what you share.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

6. Data Retention

We retain your personal data only for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate you and maintain your session
  • Remember your preferences
  • Analyze Service usage (anonymized)

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

8. Your Rights (GDPR)

Under GDPR and other data protection laws, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at hello@loalab.art. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security assessments
  • Access controls and authentication
  • Regular backups

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) with service providers
  • Compliance with GDPR requirements
  • Data processing agreements with third parties

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Emailing you at the address associated with your account
  • Posting a notice on the Service
  • Updating the "Last updated" date

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: hello@loalab.art
Subject Line: "Data Protection Inquiry"

14. Supervisory Authority

If you are located in the European Economic Area (EEA) and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

TinyData
Email: hello@loalab.art
For Data Protection Inquiries: hello@loalab.art (Subject: "Data Protection Inquiry")