One Tiny PartyPrivacy Policy
The short version: we don't sell your data or show you ads
Last updated
Our Approach
One Tiny Party is built with privacy as a core principle, not an afterthought. We collect the minimum data needed to make the registry work and nothing more. We do not sell, rent, or share your personal data with third parties for marketing purposes.
What We Collect
Registry Owners (Admins)
- Google account info — Your name and email address from Google OAuth, used to identify your account. We do not store your Google password.
- Registry data — The items you add (titles, links, images, prices), your registry name, and settings you configure (banner, shipping info, guest password).
- Uploaded images — Product images and banner images you upload are stored on Cloudflare R2.
Registry Guests
- No account required. Guests access registries using a password. We do not require guests to create an account, provide an email, or install an app.
- Purchase markers — When a guest marks an item as purchased, we optionally store the name they provide (if any) so the registry owner knows who bought what.
- Session cookie — A password-verification cookie (registry_access) is stored in the guest's browser so they don't have to re-enter the password on every page load. It contains no personal information.
What We Don't Do
- We do not show advertisements.
- We do not sell or share your data with advertisers or data brokers.
- We do not use tracking pixels, retargeting cookies, or fingerprinting.
- We do not profile guests or track their browsing behavior.
- We do not send marketing emails.
- We do not use your registry data to recommend products or generate revenue.
Analytics
We use privacy-focused analytics (Aizen Analytics) to understand how people use the site — things like which pages are visited and what devices are used. This analytics tool does not use cookies, does not collect personal data, and does not track individual users across sessions. It is compliant with GDPR and similar privacy regulations.
Data Storage & Security
- Registry data is stored on Cloudflare D1 (SQLite database) on Cloudflare's global infrastructure.
- Uploaded images are stored on Cloudflare R2 (object storage).
- All connections use HTTPS encryption.
- Authentication is handled via Google OAuth with JWT session tokens.
- Guest passwords are stored as plain text in the database (they are simple access codes, not security credentials). We recommend not reusing sensitive passwords for your registry.
Third-Party Services
- Google OAuth — Used for admin sign-in. Subject to Google's Privacy Policy.
- Cloudflare — Hosts the site, database, and images. Subject to Cloudflare's Privacy Policy.
- Aizen Analytics — Privacy-focused, cookie-free analytics.
Your Rights
You can delete your registry and all associated data at any time from your dashboard. If you want your account and all data permanently removed, email us and we will process the request within 7 days.
For any privacy questions or data deletion requests, contact us at hello@onetinyparty.com.
Changes to This Policy
If we make changes to this policy, we will update the date at the top of this page. We will not reduce your privacy protections without giving notice.