Trust & Compliance Center

Welcome to our Trust & Compliance Center. This page provides an overview of our commitment to security, privacy, and regulatory compliance. For detailed information, please refer to the specific documents linked below.

Privacy Policy

Complete details on data collection, processing, and your privacy rights under GDPR.

Terms of Service

Legal agreements, pricing, acceptable use, and Data Processing Agreement (DPA).

Technical Overview

Detailed technical architecture, security measures, and data flow documentation.

GDPR / RGPD Compliance

Tiny IDP operates in full compliance with GDPR/RGPD regulations to protect user data. We act as a "Data Processor", processing data solely on behalf of our customers (the "Data Controllers").

Data Residency

All infrastructure is located within the EU (Madrid, Spain region). No international transfers outside the EEA.

Zero-Storage Philosophy

Documents are deleted within seconds after processing. No permanent storage of customer data. See our Privacy Policy for details.

Sub-processors

We work with the following trusted third parties to provide our services. All data processing stays within the EU:

Entity	Purpose	Location
Google Cloud Platform (GCP)	Cloud Infrastructure & AI Processing	EU (Madrid, Spain)
Stripe	Payment Processing	EU / Global (No payment data stored by us)

Change Notification: Tiny IDP will notify customers of any changes to sub-processors with at least 30 days' advance notice via email or dashboard notification. Customers may object to such changes within this notice period.

Data Breach Policy

Security is our top priority. In the unlikely event of a data breach, we have procedures in place to notify affected parties without undue delay after becoming aware of the breach, and in compliance with GDPR requirements (within 24 hours). We will provide all necessary information to demonstrate compliance with Article 28 of the GDPR.