Data flow overview
Data collected by the pixel
When a visitor loads a page with the TinyBell pixel installed, the following data is processed server-side to determine which notifications to show:Data NOT collected
TinyBell does not collect:- Names, email addresses, or phone numbers (unless the visitor voluntarily submits them via a Collector widget)
- Cookies for cross-site tracking
- Browsing history beyond the hotel website
- Financial or payment information
- Biometric data
- Social media profiles
Tracking events
Each interaction generates a tracking event stored in thetrack_notifications table:
Data retention
- Tracking events: Retained for the duration of the customer’s active subscription
- Account data: Retained until account deletion is requested
- Cookie consent logs: Retained in CSV format, accessible only by the account owner
Data deletion
Hotel owners can delete their tracking data at any time from the dashboard. Upon account deletion, all associated data (campaigns, notifications, tracking events) is permanently removed from our database. Under GDPR Article 17, visitors can request data deletion by contacting the hotel (data controller). The hotel can then purge relevant data through TinyBell.Sub-processors
Cloudflare processes visitor IP addresses and HTTP metadata as part of its security and CDN services. Cloudflare is certified under the EU-US Data Privacy Framework and complies with GDPR. For details, see Cloudflare’s DPA.
Encryption
- In transit: TLS 1.2+ via Cloudflare (TLS termination at Cloudflare edge, re-encrypted to origin)
- At rest: Database stored on encrypted volumes
- Passwords: Bcrypt hashed, never stored in plain text