Tiny Inbox
Pricing Sign in Get started

Privacy Policy

Last updated: April 25, 2026

What we collect

Only what's needed to run the service:

  • Your email address and optional display name
  • Items you capture — the text, any URL you attached, tags, due dates, and related metadata
  • AI-generated suggestions for your items (see "AI processing" below)
  • Identities from the OAuth providers you sign in with (Google, Discord)
  • Credentials for integrations you connect (Slack, Todoist, Google Tasks) — held until you revoke them
  • Auth tokens (refresh tokens and, if you create them, personal API tokens) — hashed at rest
  • Server logs (IP, request metadata) retained briefly for debugging and abuse prevention
  • Audit records of actions on your account — your own (sign-ins, token changes, integration connects and revokes) and any administrative actions taken on your record by operators — kept for up to one year, then deleted nightly
  • Product analytics events — what users do with the product (signups, captures, triage actions, AI suggestion responses, exports). We use these to compute aggregate metrics like activation, retention, and AI suggestion acceptance. Events are stored alongside the actor or subject they describe; you see the same events in your data export and they're purged with your account.
  • Signup attribution — if you arrive via a link with utm_*, ref, or ad-click parameters (gclid, fbclid), we keep a copy of those values on your user record so we can tell which channels are bringing in users. First-touch only — we don't track every visit.
  • Subscription state — if you upgrade to Pro, we keep your plan, billing period, current-period end date, and a customer ID issued by our payment processor (Lemon Squeezy). We do not see or store your full card details — Lemon Squeezy handles those.
  • Cancellation feedback — if you cancel a paid subscription through our in-app flow, we record the reason category you picked and any free-text comment you wrote, alongside your account. This helps us learn why people leave; it's deleted when you delete your account.

What we don't

  • No advertising or marketing trackers
  • No cross-site tracking
  • No advertising, analytics-tracking, or session-replay cookies on this domain (which is why you don't see a cookie banner today; if we add one in the future it'll be because we added something that needs your consent first)
  • No selling your data, ever

How we use it

  • To provide and improve the service
  • To send transactional email (password reset, email verification)
  • To generate AI suggestions on items you capture (see "AI processing")
  • To forward items to the export destinations you connect

Sub-processors

Third parties that process your data on our behalf:

  • Fly.io — application hosting
  • Neon — managed Postgres database
  • Cloudflare — static site hosting, inbound email routing, and privacy-first traffic analytics (no cookies, no fingerprinting)
  • Resend — transactional email delivery
  • OpenAI — AI suggestions on captured items (model: gpt-4o-mini)
  • Lemon Squeezy — merchant of record for Pro subscriptions; handles payment processing, invoicing, and sales tax / VAT compliance. Full card details never reach Tiny Inbox — they go directly from your browser to Lemon Squeezy.

Separately, you can choose to connect your Tiny Inbox account to third-party services:

  • Google and Discord — sign-in providers; they receive your sign-in attempt and return your identity
  • Slack — capture from Slack; we store a workspace connection and your Slack user ID
  • Todoist and Google Tasks — export destinations; we store their tokens so we can forward items you choose to export

Each of these services has its own privacy policy covering what it does with the data you share through it. Disconnecting a service from your Tiny Inbox settings removes the credentials we hold for it.

Capture surfaces

Every way data can enter Tiny Inbox:

  • The web app at my.tinyinbox.app — anything you type or paste in
  • The browser extension — text you highlight and send, plus the page URL and title
  • Slack — the message or text you send via shortcut or slash command
  • Discord — the message or text you send via context menu or slash command
  • Email forwarding — the subject and body of anything you forward to your private capture address
  • MCP clients — anything an AI agent captures on your behalf through the Tiny Inbox MCP tool

Cookies and browser storage

We set one cookie, only when you're signed in:

  • An HTTP-only refresh-token cookie — strictly necessary to keep you signed in; no consent required under GDPR

Short-lived OAuth state cookies are also set during sign-in and integration flows for CSRF protection; they're cleared as soon as the flow completes.

The web app keeps a small amount of state in your browser, all strictly for running the app:

  • A short-lived access token held in memory (cleared when you close the tab)
  • A flag in localStorage indicating whether a session exists, plus your theme preference
  • A return-to URL in sessionStorage so we can send you back where you were after signing in, and a similar stash in localStorage used by the password-reset flow

If you install the browser extension, it stores your Tiny Inbox API token in its local extension storage (chrome.storage.local) so it can send captures without asking you to sign in each time. That token is scoped to capture and read-only access to your Today view.

The marketing site (this page) uses Cloudflare's privacy-first analytics, which doesn't use cookies or fingerprinting.

AI processing

When you capture an item, we send its text and the current date to OpenAI's gpt-4o-mini model to generate a suggestion (title, type, tags, due date). The suggestion is stored alongside your item; it's not applied unless you choose to apply it. OpenAI processes this content on our behalf and, under our usage agreement, does not use it to train their models. If you'd rather not have AI processing on your captures, email us and we'll turn it off for your account.

Data retention

  • Items: retained until you delete them, or you delete your account
  • Access tokens: 15 minutes (short-lived)
  • Refresh tokens: expire after 7 days; expired tokens are hard-deleted nightly
  • Password-reset links: 1 hour; email-verification links: 24 hours (one-time use)
  • Personal API tokens you create: no expiry — they live until you revoke them from your settings
  • Deleted accounts: soft-deleted immediately when you request deletion (you can no longer sign in), permanently purged 30 days later. At purge time, all items, suggestions, identities, integration credentials, tokens, memberships, and audit records for that account are removed. A minimal trace that the purge ran is retained for up to one year for accountability, then deleted. Email us if you'd like the purge itself to happen sooner.
  • Audit records: retained for up to one year, then deleted nightly. They include your account actions (sign-ins, token changes, integration connects and revokes) and any administrative actions taken on your record by operators. In your data export, events you initiated are tagged "you", operator-initiated events are tagged "operator", and the purge trace is tagged "system" — raw operator identifiers are never exposed.
  • Product analytics events: retained for up to two years, then deleted nightly. We keep them longer than audit records so we can compute year-over-year cohort retention. They're purged immediately when you delete your account.
  • Signup attribution: lives on your user record for the life of the account; deleted when your account is purged. Not separately exposed beyond what's already described under "What we collect."
  • Resolved AI suggestions (ones you've applied or dismissed): retained for 30 days, then deleted nightly. Pending suggestions stay until you act on them.
  • Background job records: completed or failed jobs are retained for 7 days by default, then deleted by our job system.
  • Server logs: whatever retention our hosting provider keeps by default (currently 7 days on Fly.io) — we don't keep a separate copy
  • Subscription cancellation feedback (the reason you picked, the free-text comment, and whether you accepted any retention offer): kept on your account for the life of the account, deleted when your account is purged. We aggregate these to understand churn drivers; we don't share individual responses externally.
  • Payment processor event log (records of subscription created / updated / cancelled / payment-succeeded / payment-failed deliveries from Lemon Squeezy): kept for the lifetime of the customer relationship as billing accountability records, then purged when you delete your account.

Your rights

Things you can do from your account:

  • Change your email, display name, or password
  • See and revoke every API token, integration connection, and export connection
  • Disconnect any OAuth provider (as long as one sign-in method remains)
  • Delete your account — soft-deleted immediately, permanently purged 30 days later

You can download a copy of your data from your Settings page at any time. It's delivered as a JSON file covering your profile, items, suggestions, connections, and account activity. If you'd prefer another format, or if your export is too large to download in the browser, email hello@tinyinbox.app and we'll help.

Residents of US states with comprehensive privacy laws

If applicable US state privacy law applies to our processing of your personal information, this section provides additional disclosures and explains the rights we honor for residents of those states. We aim to honor the substance of these rights for residents of any US state that grants them, regardless of whether we're strictly obligated to under that state's specific law.

Categories of personal information we handle

In the 12 months before the "Last updated" date above, we've collected the following categories of personal information (using the CCPA's category labels for clarity):

  • Identifiers: email address, optional display name, OAuth provider IDs, and a customer ID issued by our payment processor (Lemon Squeezy) for users on a paid plan
  • Commercial information: for users on a paid plan, your subscription state (plan tier, billing period, current-period end date, status). Full card details never reach us — Lemon Squeezy handles those directly.
  • Internet or network activity: server logs (IP, request metadata) retained briefly for debugging and abuse prevention; product analytics events describing what you do with the service (signups, captures, triage, AI suggestion responses, exports); and signup attribution (UTM, referrer, ad-click identifiers from the URL you arrived through) kept on your user record
  • User-provided content: the items you capture and any context you attach to them
  • Inferences: AI-generated suggestions for your items, stored alongside your items; we don't use these to profile you

Sensitive personal information

Under California law, you have the right to limit how we use and disclose "sensitive personal information" (such as precise geolocation, financial account numbers, racial or ethnic origin, genetic or biometric data, or the contents of private communications). Our current practices don't materially trigger this right: we don't collect any of the categories of sensitive personal information listed in the CCPA, and we don't use or disclose personal information for purposes that exceed what the CCPA defines as necessary to provide the service you've requested. If that changes, we'll update this section and add the required opt-out mechanism.

Sources

We collect this information directly from you, from the OAuth providers you sign in with (Google, Discord), and from the integrations you connect (Slack, Todoist, Google Tasks). We don't buy personal information from data brokers.

Business purposes

We use this information for the purposes listed in "How we use it" above — running the service, sending transactional email, generating AI suggestions, and forwarding items to the export destinations you've connected. We don't use it for targeted advertising or profiling.

Who we share it with

The sub-processors listed in the "Sub-processors" section above, and the third-party services you've chosen to connect. We don't share personal information with anyone else.

We do not sell or share your personal information

Tiny Inbox does not sell personal information, and does not "share" it for cross-context behavioral advertising as those terms are used in the CCPA. There is nothing to opt out of on that front — we don't do either.

Your rights

Depending on your state of residence, you may have some or all of the following rights. Where applicable, we honor them:

  • Right to know what personal information we collect, use, and disclose — this policy covers that
  • Right to access or download your personal information — use "Download my data" in Settings
  • Right to delete your personal information — use "Delete my account" in Settings
  • Right to correct inaccurate personal information — change your email, display name, or password from Settings; email us for anything else
  • Right to limit use and disclosure of sensitive personal information — see "Sensitive personal information" above
  • Right to opt out of sale or sharing — not applicable; we don't do either (see above)
  • Right to non-discrimination — we won't penalize you for exercising any of these rights
  • Right to appeal a denied privacy-rights request — see below

How to exercise your rights

For requests we can satisfy self-service (access, deletion, correction of profile fields), use the Settings page on your account. For anything else, email hello@tinyinbox.app. We'll respond within the deadline required by applicable law — typically 45 days under California's CCPA and similar windows under other state laws. We may need to verify your identity by asking you to sign in or confirm details we already have on file. Where applicable law gives you the right to appeal a denied privacy-rights request, email us and we'll respond within the deadline required by applicable law.

Authorized agents

You can designate someone to exercise your rights on your behalf. The agent must provide written authorization from you, and we may ask you to confirm the authorization directly.

Changes

If we make material changes to this policy, we'll update the date at the top of the page and note what changed in the repo's commit history.

Contact

hello@tinyinbox.app

Tiny Inbox is operated as a sole proprietorship by Mark Nelson, based in New Mexico, United States.