TinyStepper

Privacy Policy

Last updated: 6 April 2026

TinyStepper (“we”, “us”, “our”) is the data controller for the personal data described in this policy. This page explains what data we collect, why, and what rights you have.

What we collect

We collect very little. Specifically:

  • Newsletter sign-up: your email address, provided when you subscribe to our newsletter.
  • Waitlist sign-up: your email address, provided when you join our early access waitlist.

We do not collect your name, location, payment information, or any other personal data. We do not require you to create an account.

Why we collect it

  • Newsletter emails are used solely to send you our newsletter. Lawful basis: your consent (UK GDPR Article 6(1)(a)).
  • Waitlist emails are used solely to notify you when new features become available. Lawful basis: your consent (UK GDPR Article 6(1)(a)).

You can withdraw your consent at any time by unsubscribing (there is a link in every email) or by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Who we share it with

We use the following services to process your data on our behalf:

  • Buttondown(Portland, Oregon, US) — processes newsletter subscriptions and sends emails.
  • Amazon Web Services (AWS)(EU West — London region) — hosts our website and stores waitlist email addresses.

We do not sell, rent, or share your email address with anyone else.

International transfers

Newsletter data is processed by Buttondown in the United States. Buttondown participates in the EU-US Data Privacy Framework, which has been extended to cover UK transfers. Our hosting provider (AWS) processes waitlist data in the London (eu-west-2) region.

How long we keep it

  • Newsletter emails: retained until you unsubscribe. Once you unsubscribe, your email is removed from our mailing list.
  • Waitlist emails: retained until the relevant feature launches, after which they are deleted within 30 days.

Cookies and tracking

TinyStepper does not set any cookies. We use Umami for website analytics, which is fully cookieless and does not collect any personal data. No cookie consent banner is needed because there are no cookies.

Children

TinyStepper is a resource for parents and carers of young children. It is not directed at children, and we do not knowingly collect personal data from anyone under 18.

Automated decision-making

We do not use your data for profiling or automated decision-making of any kind.

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate data
  • Deleteyour data (“right to be forgotten”)
  • Restrict how we process your data
  • Port your data to another service
  • Object to processing
  • Withdraw consent at any time

To exercise any of these rights, email us at hello@tinystepper.co. We will respond within 30 days.

Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
ico.org.uk

Changes to this policy

If we make changes, we will update this page and the “last updated” date above. For significant changes, we will notify newsletter subscribers by email.

Contact

For any questions about this privacy policy or your data, email hello@tinystepper.co.