← TinyKomainu

Privacy Policy

Last updated: May 20, 2026

Short version:We collect your email and which products and APIs you use. We don't sell your data. We don't track you beyond what's needed to run the service.

1. What we collect

Account data: Your email address, collected when you sign up.

Service data: Which products you use, your settings and preferences within each product.

Usage data:Basic feature events for debugging and improvement. We don't build behavioral profiles or sell this data.

We don't collect:Payment card details (Stripe handles those), location data, device fingerprints, or anything we wouldn't want collected from us.

2. How we use it

  • To deliver each product's service
  • To send billing and transactional emails
  • To debug issues and improve reliability
  • To notify you about material changes to these policies

We don't use your data for advertising. We don't sell it. Ever.

3. Third-party services

We use a small number of trusted vendors. Each processes your data only as needed:

  • Supabase — database and authentication
  • Stripe — payment processing (we never see your card number)
  • Resend — transactional email
  • Vercel — web hosting

Product-specific privacy policies may list additional vendors. See Watch's privacy policy and Hooks's privacy policy for product-specific details.

4. Hooks — webhook payloads

Payload storage:We store the raw webhook payloads you receive on our infrastructure for the duration of your tier's retention window (Free: 7 days / Pro: 30 days / Team: 90 days). Payloads are deleted automatically after this period.

Encryption at rest: Signing secrets are encrypted at rest with AES-256-GCM. Payloads and other Hooks data are stored on Supabase in the Tokyo region (ap-northeast-1), which encrypts data at rest and in transit.

What we do not do: We do not sell, share, or use your webhook payload data for any purpose other than delivering it to the channels you configured. We do not train machine learning models on your data.

PII in payloads: Webhook payloads may contain personally identifiable information (customer emails, shipping addresses, and similar fields) sent by the source service. Hooks does not redact individual fields in the MVP; post-MVP field-level redaction is planned. You control what is forwarded via filters and templates.

Replay: Hooks stores past payloads so you can replay an event through your routes again. Replays create a new processing record linked to the original event and count toward your monthly event quota.

More detail: Trust at TinyKomainu.

5. Cookies

We use session cookies to keep you logged in. That's all.

No analytics cookies. No advertising cookies. No third-party tracking pixels. We don't use Google Analytics or similar services.

6. Data retention

We keep your data for as long as your account is active. Account deletion removes your data within 30 days. Stripe may retain billing records for up to 7 years per payment regulations — we don't control this.

7. Your rights

Email mk@natrium.co.jp to export your data, delete your account, or exercise GDPR / UK GDPR rights (access, rectification, erasure, portability). We'll respond within 30 days.

8. Changes to this policy

We'll email you and post a notice before making material changes. We won't sneak in changes that weaken your privacy without telling you.