TinyHeadless
HomeSign in

Privacy Policy

Last updated: February 13, 2026

Introduction

TinyHeadless ("we", "our", or "us") is a headless content management service. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.

Information We Collect

We collect the following types of information:

  • Account information: When you sign in with Google OAuth, we receive your name, email address, and profile picture from your Google account.
  • Content data: Any content you create, publish, or manage through TinyHeadless, including blog posts, images, and website configurations.
  • Usage data: We may collect information about how you interact with our service, including pages visited, features used, and API requests made.
  • Technical data: Browser type, device information, and IP address collected automatically when you access our service.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Authenticate your identity and manage your account
  • Deliver the content you create through our API and hosted websites
  • Communicate with you about service updates or issues
  • Ensure the security and integrity of our platform

Data Storage & Security

Your data is stored securely using Amazon Web Services (AWS) infrastructure, including DynamoDB and S3. We implement industry-standard security measures to protect your information from unauthorized access, alteration, or destruction. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Public content: Content you choose to publish through TinyHeadless is made publicly available via your website and our API as intended by the service.
  • Service providers: We use AWS to host and operate our service. Your data is processed in accordance with AWS's security and privacy practices.
  • Legal requirements: We may disclose information if required by law or in response to valid legal requests.

Data Retention

We retain your data for as long as your account is active or as needed to provide our services. If you delete your account, we will remove your personal data and content from our systems. Some data may be retained in backups for a limited period.

Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Delete your account and associated data
  • Export your content data

Cookies

We use essential cookies to manage authentication sessions. These cookies are necessary for the service to function and cannot be disabled. We do not use tracking or advertising cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page with a revised "Last updated" date.

Contact

If you have questions about this Privacy Policy, please contact us at support@tinyheadless.blog.