Data flow overview
Data collected by the pixel
When a visitor loads a page with the TinyBell pixel installed, the following data is processed server-side to determine which notifications to show:| Data point | Source | Stored | Purpose |
|---|---|---|---|
| IP address | HTTP request | Temporarily (GeoIP lookup only, not logged) | Determine country and city for geo-targeting |
| Country code | MaxMind GeoIP | Yes (in tracking events) | Geo-targeting rules, analytics |
| City name | MaxMind GeoIP | No | Geo Welcome widget placeholder only |
| Browser language | Accept-Language header | Yes (in tracking events) | Language-based targeting, auto-translation |
| Browser name | User-Agent | Yes (in tracking events) | Browser-based targeting |
| OS name | User-Agent | Yes (in tracking events) | Device analytics |
| Page URL | Referer / JS | Yes (in tracking events) | URL-based targeting, page analytics |
| Device type | Screen width via JS | Yes (in tracking events) | Mobile/desktop targeting |
Data NOT collected
TinyBell does not collect:- Names, email addresses, or phone numbers (unless the visitor voluntarily submits them via a Collector widget)
- Cookies for cross-site tracking
- Browsing history beyond the hotel website
- Financial or payment information
- Biometric data
- Social media profiles
Tracking events
Each interaction generates a tracking event stored in thetrack_notifications table:
| Field | Description |
|---|---|
type | Event type: impression, hover, or click |
notification_id | Which notification was shown |
campaign_id | Which property/campaign |
url | Page where the event occurred |
country_code | Visitor country (ISO 3166-1) |
browser_language | Two-letter language code |
browser_name | Browser identifier |
os_name | Operating system |
datetime | Timestamp of the event |
Data retention
- Tracking events: Retained for the duration of the customer’s active subscription
- Account data: Retained until account deletion is requested
- Cookie consent logs: Retained in CSV format, accessible only by the account owner
Data deletion
Hotel owners can delete their tracking data at any time from the dashboard. Upon account deletion, all associated data (campaigns, notifications, tracking events) is permanently removed from our database. Under GDPR Article 17, visitors can request data deletion by contacting the hotel (data controller). The hotel can then purge relevant data through TinyBell.Sub-processors
| Service | Purpose | Location |
|---|---|---|
| MaxMind GeoLite2 | IP-to-location lookup | Local database file (no external API calls) |
| Stripe | Payment processing | EU/US |
| Nager.Date API | Holiday detection (Holiday Urgency widget) | EU |
| Open-Meteo API | Weather data (Weather Widget) | EU |
Encryption
- In transit: TLS 1.2+ for all connections
- At rest: Database stored on encrypted volumes
- Passwords: Bcrypt hashed, never stored in plain text