Privacy Policy

Last updated: July 1, 2025

1. Introduction

Tiny Steps A Day ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, and related services (collectively, the "Service").

This Privacy Policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

  • Account Information: Name, email address, username, password, profile picture, and biographical information
  • Contact Information: Phone number, mailing address, and emergency contact details
  • Payment Information: Credit card details, billing address, and payment history (processed securely through third-party payment processors)
  • Profile Data: Personal goals, preferences, interests, and wellness objectives
  • Communication Data: Messages, feedback, support requests, and other communications with us
  • Social Authentication: Information from Google, Apple, or other social login providers when you choose to sign in using these services

2.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information, including:

  • Device Information: IP address, device type, operating system, browser type, and device identifiers
  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
  • Location Data: General location information (city/country level) based on IP address
  • Cookies and Similar Technologies: Information stored on your device to enhance your experience
  • Log Data: Server logs, error reports, and performance data

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social media platforms when you connect your account
  • Payment processors for transaction verification
  • Analytics providers for usage insights
  • Public databases and directories

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Provide personalized content, courses, and recommendations
  • Process payments and manage subscriptions
  • Track your progress and achievements
  • Enable community features and social interactions
  • Provide customer support and respond to inquiries

3.2 Communication

  • Send you important service updates and notifications
  • Provide educational content and wellness tips
  • Send marketing communications (with your consent)
  • Respond to your questions and support requests

3.3 Improvement and Analytics

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Conduct research and surveys
  • Monitor and prevent fraud and abuse

3.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights and property
  • Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to our processing of your data
  • Contract Performance: To provide the services you have requested
  • Legitimate Interest: To improve our services and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service, including:

  • Payment processors (Stripe, PayPal)
  • Cloud hosting providers (AWS, Google Cloud)
  • Email service providers
  • Analytics and marketing tools
  • Customer support platforms

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal proceedings
  • Government requests or investigations
  • Protection of our rights and safety
  • Prevention of fraud or security threats

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Improve our services

When we no longer need your information, we will securely delete or anonymize it. You may request deletion of your account and associated data at any time.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Request a copy of your data in a portable format
  • Know how we process your information

8.2 Correction and Update

You can:

  • Correct inaccurate or incomplete information
  • Update your profile and preferences
  • Request data rectification

8.3 Deletion and Restriction

You may:

  • Request deletion of your personal information
  • Restrict processing of your data
  • Withdraw consent for data processing

8.4 Objection and Automated Decisions

You have the right to:

  • Object to processing of your data
  • Request human review of automated decisions
  • Opt out of marketing communications

To exercise these rights, please contact us using the information provided below. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. For detailed information about our use of cookies, please see our Cookie Policy.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with applicable laws, including standard contractual clauses and adequacy decisions.

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@tinystepsaday.com

Address: Kigali, Rwanda

Data Protection Officer: hello@tinystepsaday.com

Phone: +250 780 599 859

14. Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately.