Who We Are
Wallisoft (sole trader), 7 Hunloke Avenue, Eastbourne, East Sussex, England BN22 8UL.
We are the data controller for personal data collected in connection with TinyWeb services and this website. We are registered with the Information Commissioner's Office (ICO).
Privacy enquiries: [email protected]
What We Collect
- Account data — username, email address, phone number (verified via SIM for app users)
- Device data — Android device ID, device model, Android version, FCM push token, SIM carrier information
- Payment data — processed by Stripe; we receive only a payment reference, never card details
- Usage data — SMS sent/received counts, service uptime, activity logs (stored locally on your device)
- Technical data — IP address, web server access logs retained for up to 30 days for security purposes
Per-Service Data
TinyVPS — Container Hosting
We collect username, email, payment reference and container configuration. Container contents are entirely your own — we have no access to data stored inside your container.
TinySMS — SMS Gateway
The TinySMS app requires permission to send, receive and read SMS messages. This is the core function of the app — acting as an SMS gateway on behalf of the account holder. No Gmail or third-party email account is required or used.
The app collects your Android device ID, FCM push token, SIM phone number (for verification and routing), and device model. Your phone number is used solely to route incoming SMS replies and verify your SIM — it is never shared with third parties.
SMS message content passes transiently through our server to reach your gateway device. Message content is stored only in your own account for conversation history, accessible only to you. We log message counts for billing purposes but do not analyse message content.
The app does not access contacts, camera, microphone, location or any data beyond what is necessary for SMS gateway functionality.
You may manage your sender whitelist from the TinyWeb dashboard at tiny-web.uk/dashboard/sms.
TinyText — Web SMS Interface
TinyText (tinytext.us) is a web interface for your TinySMS gateway. Conversation history is stored in your TinyWeb account and accessible only to you. We do not analyse message content. Sessions are authenticated via your TinyWeb credentials and protected by HTTPS/TLS.
TinyRDP — Remote Desktop
Session metadata (IP address, connection time, helper identity) is collected for security and audit purposes. Remote desktop session content is not recorded or stored — sessions are peer-to-peer via WebRTC.
TinyDNS — Dynamic DNS
We store your domain name, associated IP addresses, and Cloudflare record IDs. DNS query logs are not retained.
TinyMail — Webmail
Email is stored on our UK-based mail server hosted on Hetzner infrastructure. Mail contents are accessible only to you. We do not scan, analyse or share email content. Your mailbox is encrypted in transit via TLS.
How We Use Your Data
- To provide, maintain and improve TinyWeb services
- To process licence subscriptions and billing
- To route SMS messages to your gateway device via FCM
- To verify your SIM number and link your device
- To send service notifications and billing communications
- To respond to support requests
- To detect and prevent abuse
- To comply with legal obligations
We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.
Legal Basis for Processing
- Contract — processing necessary to provide the service you have signed up for
- Legitimate interests — security logging, abuse prevention, service improvement
- Legal obligation — financial records retained as required by HMRC (7 years)
Third Parties
- Stripe — payment processing. Stripe operates under their own privacy policy and PCI DSS compliance. We receive only a payment confirmation and customer reference.
- Hetzner Online GmbH — server infrastructure. Our servers are located in Germany (EU). Hetzner processes infrastructure data under GDPR.
- Cloudflare — DNS, CDN and DDoS protection. Traffic passes through Cloudflare's network. Cloudflare operates under their own privacy policy.
- Google Firebase (FCM) — push notifications used to wake the TinySMS gateway app. Only the FCM device token and message payload are transmitted. No personal data is stored by Firebase beyond what is necessary for delivery.
Data Retention
- Licence and billing records — 7 years (HMRC)
- Account data — retained while your account is active, deleted within 30 days of account closure on request
- Device records — retained while device is registered; removed on unlink or account deletion
- SMS logs — message counts only, retained for 90 days
- Web server access logs — 30 days
- Support correspondence — 2 years after last contact
Your Rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request erasure (subject to legal retention obligations)
- Object to processing based on legitimate interests
- Portability of data we hold about you
- Lodge a complaint with the ICO at ico.org.uk
To exercise any right, email [email protected]. We will respond within 30 days.
Security
- Encryption in transit — all data transmitted using TLS 1.2 or 1.3
- Passwords — stored as bcrypt hashes; never stored in plaintext
- Access controls — personal data accessible only to authorised systems
- Infrastructure — servers hardened with firewall, fail2ban, and Cloudflare WAF
- Minimal retention — only data necessary to provide the service is retained
If you believe your data has been compromised, contact us immediately at [email protected].
Cookies
We do not use tracking or analytics cookies. Session cookies are set only when you log in to manage your account — these are strictly necessary and expire when you close your browser.
The TinySMS Android app does not use cookies.
Changes to This Policy
We may update this policy from time to time. Material changes will be notified to account holders by email. The current version is always available at tiny-web.uk/privacy.php.
Contact
Wallisoft
7 Hunloke Avenue, Eastbourne, East Sussex, England BN22 8UL
[email protected]