Privacy Policy
The short version
- Your photos, videos, captions and child profiles never leave your phone. They live in the app's local database. Nothing syncs to a server.
- This website collects only your email (if you sign up for the beta), so I can send you an install link.
- Anonymous app usage data (which screens you open, whether a recap export succeeded) is sent to PostHog so I can fix bugs and improve the app. You can switch this off in Settings → Help improve Tiny Wonders.
- No advertising trackers, no selling data, no ads.
1. Who's behind Tiny Wonders
Tiny Wonders is a small, indie app built by one parent (me). For the purposes of the EU General Data Protection Regulation (GDPR), I'm the data controller for any limited data described below.
If anything here is unclear, email me at [email protected].
2. This website
What we collect
- Your email address, only if you submit the beta signup form.
- Standard server logs when you visit the site (your IP address, browser type, the page you requested, and a timestamp). These are kept by the hosting provider for security and debugging and rotated automatically.
Why
So I can send you an invite link to install Tiny Wonders from Google Play Internal Testing and, occasionally, a short update email about the beta. That's the only purpose. I will never subscribe you to a newsletter, sell your email, or pass it to a third party.
How it's stored
The form is processed by Formspree (privacy policy), which receives your submission, emails it to me, and stores it in your account dashboard. The website itself is hosted on DigitalOcean (privacy policy), which keeps the standard server logs described above. Both providers are GDPR-aware and Data Processing Addenda are in place.
How long it's kept
Your email is kept for as long as the beta is running, plus a short tidy-up window after launch. If you ask me to delete it (one email), it's gone within a few days. Server logs roll off automatically within 30 days.
Legal basis (GDPR)
Consent under Art. 6(1)(a) GDPR: by typing your email and tapping "Join the beta" you're giving consent for the uses described above. You can withdraw consent any time by emailing me to be removed.
3. The app
What stays only on your phone
The following is stored exclusively in the app's private storage, on your device. It is not transmitted to me or anyone else:
- Photos and videos you capture or import
- Captions and dates you attach to memories
- Child names, birth dates and avatars you add
- Your reminder settings and recap preferences
- The recap MP4 files the app generates
Uninstalling the app removes this data along with it. There is no server backup that I can restore for you.
When you tap "Share" on a recap, the MP4 is handed off to whichever app you choose (WhatsApp, Photos, etc.). What happens after that is governed by that app's privacy policy, not mine.
What the app sends back to me (and how to switch it off)
If you have not opted out, the app sends a small amount of anonymous usage data to PostHog (privacy policy), hosted in the European Union (Frankfurt).
What's sent:
- A randomly generated anonymous device ID. Not linked to your phone number, email, Google account, or anything else identifying.
- Platform (Android) and app version.
- App lifecycle signals: opened, backgrounded, installed, updated.
- Product events: a memory was saved (with whether it included photos/videos, how many media items, how many children were tagged, whether a caption was added — but never the content); a recap was created, viewed, shared, or exported; export succeeded or failed.
- Device metadata PostHog automatically attaches: device type, OS name and version, app build, and an approximate country derived from your IP. The IP itself is discarded after the geo-lookup.
What is never sent:
- Your photos or videos.
- Your captions or any free-text you typed.
- Your children's names, birth dates or avatars.
- Your phone number, email, or any account identifier.
- Your precise location.
- Your contacts, calendar, or any other phone data.
To switch it off: open the app → Settings → Help improve Tiny Wonders → toggle off. No further usage events are sent. Events already received cannot be retroactively unsent, but they are anonymous and I have no way to link them back to you.
Permissions the app asks for
- Photos — to let you pick existing photos and videos to save as memories.
- Camera — to let you capture new photos and videos.
- Microphone — required by Android when recording video with the camera.
- Notifications — to send the gentle reminder you can configure in Settings. All reminders are scheduled locally on your device; no server pushes them.
You can revoke any of these in your phone's settings at any time.
Legal basis (GDPR)
The data that lives only on your device is processed on the legal basis of contract (Art. 6(1)(b)) — it's what the app does for you. The anonymous usage data is processed under legitimate interest (Art. 6(1)(f)) to operate and improve the app. You can object at any time by switching off the toggle described above.
4. Children's data
Tiny Wonders is intended for parents and guardians keeping private memories of their own children. The app is not directed to children, and children should not use it directly. I do not knowingly collect any data from children. Information you record about your children (names, birth dates, photos) stays on your device, as described above.
5. Data retention
- On-device data: until you delete a memory, delete a recap, or uninstall the app.
- Anonymous usage data in PostHog: up to 12 months, then automatically deleted.
- Your email at Formspree: for the duration of the beta plus a short post-launch tidy-up window, or until you ask me to delete it.
- Server access logs: rotated within 30 days.
6. Your rights
Under GDPR and similar laws, you can:
- Access the personal data I hold about you (which is, at most, your email and any beta correspondence).
- Correct it if it's wrong.
- Delete it. See the data deletion page for the exact steps — usually a single email — and the response times.
- Object to processing, including the anonymous in-app analytics — just toggle it off.
- Lodge a complaint with your local data protection authority if you think I've mishandled your data.
The anonymous usage data in PostHog isn't linked to your identity, so I usually can't extract "your" events from the haystack. If you want me to try, email me and we'll figure out what's possible.
7. Third parties I rely on
- Formspree — receiving the beta signup form. US company; SCC in place for EU transfers. Privacy policy.
- DigitalOcean — hosting this website. Server logs as described above. Privacy policy.
- PostHog — anonymous in-app product analytics. EU region (Frankfurt). Privacy policy.
- Google Play — distributing the app. Subject to Google's own data handling. Privacy policy.
That's the full list. I do not use Google Analytics, Firebase Analytics, Crashlytics, the Facebook SDK, or any advertising network.
8. Changes to this policy
If I make material changes to how data is handled, I'll update this document and bump the date at the top. For significant changes affecting privacy, I'll surface a notice in the app on next launch and email beta testers.