Tiny IDP
← Trust & Compliance Center

Terms of Service

Last updated: January 22, 2026

1. Legal Information and Acceptance

These Terms of Service (hereinafter, "Terms") regulate the use of the digital services provided by Tiny IDP (hereinafter, the "Service" or "Platform").

  • Provider: Albert Vazquez Mendez
  • Trade Name: Tiny IDP
  • Tax ID (NIF): 45153937S
  • Address: C/ Mirada del Toro, 12, 07740, Es Mercadal (Illes Balears), Spain.
  • Contact: hello@tiny-idp.com

By registering, accessing, or using the API provided by Tiny IDP, you (hereinafter, the "Client" or "User") expressly accept these Terms and enter into a binding legal agreement. If you do not agree, you must not use the Service.

2. Description of Service

Tiny IDP provides a SaaS (Software as a Service) API that utilizes Artificial Intelligence (AI) to process images of documents (such as National IDs, Passports, Vehicle Documentation) and extract data in JSON format. For technical implementation details, see our Technical Overview.

2.1 AI Nature and Disclaimer

The Service utilizes third-party AI models (Google Cloud Vertex AI). The Client acknowledges that:

  1. The results are probabilistic predictions and may contain errors.
  2. Human Verification Required: The Client is solely responsible for verifying the accuracy of the extracted data before using it for any legal, financial, or critical decision-making.
  3. Tiny IDP does not guarantee 100% accuracy and is not liable for errors in the transcription or extraction of data.

3. Account Registration and Security

  1. Credentials: You are responsible for maintaining the confidentiality of your API keys and password. You are responsible for all activities that occur under your account.
  2. Prohibitions: You may not share your API keys with third parties.
  3. Blocking: Tiny IDP reserves the right to suspend accounts that show suspicious activity or violate these Terms.

4. Intellectual Property

  1. Platform Ownership: Albert Vazquez Mendez owns all rights, title, and interest in the Tiny IDP API, code, and infrastructure.
  2. Client Data: The Client retains full ownership of the images uploaded to the API. Tiny IDP acquires no rights over this data, except for the limited license to process it as described in the Privacy Policy and DPA.

5. Pricing and Payments

  1. Payment Processor: Payments are processed securely via Stripe. Tiny IDP does not store payment details.
  2. Billing: Services are billed according to the plan selected (e.g., usage-based or subscription) as displayed on the website.
  3. Taxes: Prices do not include VAT (IVA) unless stated otherwise. VAT will be applied where applicable based on the Client’s location.
  4. Refunds: Due to the digital nature of the service (immediate consumption of API resources), no refunds are provided for credits already used or subscription periods already started, unless required by mandatory consumer law.

6. Acceptable Use Policy

The Client agrees NOT to use the Service to:

  1. Process illegal content (e.g., forged documents with malicious intent, child sexual abuse material, etc.).
  2. Reverse engineer the API or attempt to scrape the underlying technology.
  3. Overload the infrastructure (DDoS) or bypass rate limits.

7. Limitation of Liability

To the maximum extent permitted by applicable law:

  1. "As Is" Service: The Service is provided on an "as is" and "best effort" basis. Tiny IDP does not guarantee that the service will be uninterrupted or error-free.
  2. Indirect Damages: Tiny IDP shall not be liable for loss of profits, data loss, or business interruption resulting from the use of the API.
  3. Liability Cap: The total liability of Tiny IDP for any claim arising out of these terms shall be limited to the amount actually paid by the Client to Tiny IDP in the last three (3) months preceding the event giving rise to the claim.

8. Data Protection

The processing of personal data is governed by our Privacy Policy and the Data Processing Agreement (DPA) attached specifically as Annex A to these terms. By accepting these terms, the Client also signs and accepts the DPA.

9. Governing Law and Jurisdiction

These Terms are governed by Spanish Law.

For any dispute arising from the interpretation or execution of these Terms, the parties submit to the courts and tribunals of Mahón (Menorca), explicitly waiving any other jurisdiction that may correspond to them, unless the Client acts as a "Consumer" under Spanish law, in which case the jurisdiction will be determined by the consumer's domicile.

ANNEX A: DATA PROCESSING AGREEMENT (DPA)

Between:

  1. The Client (acting as Data Controller)
  2. Tiny IDP / Albert Vazquez Mendez (acting as Data Processor)

1. Scope

This DPA applies to the processing of personal data (e.g., images of IDs, names on documents) uploaded by the Client to the Tiny IDP API.

2. Subject Matter and Duration

  • Nature: Processing of images to extract text via OCR/AI.
  • Duration: The term of the Client's active account.
  • Data Types: Identification data (names, ID numbers, addresses, vehicle details).

3. Obligations of the Processor (Tiny IDP)

Tiny IDP agrees to:

  1. Process data only on documented instructions from the Controller (i.e., via API requests).
  2. Ensure that persons authorized to process the data have committed themselves to confidentiality.
  3. Implement appropriate technical and organizational measures to ensure security.

4. Sub-processors

The Client authorizes Tiny IDP to engage the following sub-processors (see complete details in our Trust & Compliance Center):

  • Google Cloud Platform (Google Ireland Ltd): For hosting and AI processing. Location: Madrid, Spain (EU).
  • Stripe: For payment processing.

5. International Transfers

Tiny IDP guarantees that data processing occurs within the European Economic Area (EEA). Specifically, the infrastructure is located in the GCP Europe-Southwest1 (Madrid) region.

6. Ephemeral Storage & Deletion

Tiny IDP warrants that (complete details in our Privacy Policy):

  1. Images and extracted data are stored only temporarily (ephemeral storage) for the duration of the processing request (typically seconds).
  2. Data is not used to train Tiny IDP’s or Google's AI models.
  3. Upon completion of the API request, the data is permanently deleted from the active processing memory.

7. Audit and Breaches

  1. Tiny IDP will notify the Client without undue delay after becoming aware of a personal data breach.
  2. Tiny IDP will provide necessary information to demonstrate compliance with Article 28 of the GDPR.