Back

Privacy

Effective: May 5, 2026

Who we are

Reinny Almonte, an individual based in the Dominican Republic, runs Tine. Reinny is the data controller for personal data processed through the service. A public contact channel for privacy questions will be added in a future revision of this policy.

What we collect

Only the data needed to run the service. It is grouped here by purpose.

Account data. Your username, your password hash, a hash of your recovery key, and (if you set them) your email address and your display name.

Session data.A session identifier, the time you last used Tine, the IP address last seen on the session, and a short device label derived from your browser’s user-agent. Session data keeps you signed in and lets you review and revoke devices.

Journal data. The moments you log in your private journal, including any photos and notes, and the pieces you record along with the links between them. Journal data is private to you.

Field-pillar data. The pins you publish on the shared field, including coordinates, label, photos, notes attached to a pin, flags, and state events. Public pins are visible to other carvers. Private pins are visible only to you.

Reference contributions. Species suggestions you submit for the shared species catalog.

Product feedback. Feedback entries you choose to send through the in-product feedback surface.

Lawful bases

Tine processes personal data on the following bases under GDPR Article 6.

  • Account creation and journal storage.Contract (6.1.b).
  • Field-pin publication.Consent given via the pin’s public-or-private selector (6.1.a).
  • Session IP retention for security.Legitimate interest (6.1.f).
  • Transactional email (verification, password reset, account notices).Contract (6.1.b).
  • Feedback handling.Legitimate interest (6.1.f).

Retention

Sessions are purged when they expire or when you sign out. Password-reset and email-verification tokens are single-use and expire automatically.

When you delete your account, your journal data and your private pins are hard-deleted. Your public field pins are kept but anonymised, with attribution replaced by “a former carver” (consistent with GDPR Recital 26 on anonymous data).

Data exports are kept for seven days from the time you generate them, then auto-deleted.

Processors

Tine relies on a small set of third-party processors. Each has a defined role and location.

  • Resend (United States) handles transactional email delivery. Tine relies on Resend’s data processing agreement and on the transfer mechanisms applicable to personal data sent in that flow.
  • Cloudflare R2 (region pinned by the operator close to Tine’s carvers) stores photos uploaded to moments, pieces, and field pins.
  • Coolify-hosted Postgres (region pinned by the operator) is the primary database for account, journal, and field data.
  • GBIF (Global Biodiversity Information Facility) is contacted only for outbound species lookups. No carver personal data is sent to GBIF.

Your rights

Under GDPR and similar laws, you have the rights listed below. Rights requests are handled within 30 days where applicable.

  • Access. Use Settings › Export my data to download a JSON snapshot of your account.
  • Rectification. Use the in-product edit affordances on every record (display name, email, moments, pieces, pins, notes) to correct what is wrong.
  • Erasure. Use Settings › Delete account to remove your account, your journal, and your private pins.
  • Portability. Use Settings › Export my data. The export is JSON and portable to any tool that can read it.
  • Restriction. Will be served through the public contact channel added in a future revision of this policy.
  • Objection. Will be served through the public contact channel added in a future revision of this policy.
  • Complaint. You may also lodge a complaint with the data-protection authority of your country of residence.

Cookies and storage

Tine sets only the cookies and persistent client-side storage entries listed here. None of them are used for analytics, marketing, or third-party tracking. Tine sets no analytics, marketing, or third-party tracking cookies.

  • session_token (cookie). The session token that keeps you signed in. Strictly necessary.
  • tine_key_reveal (cookie). Carries the one-time recovery-key reveal during sign-up. Expires within seconds. Strictly necessary.
  • tine-theme (localStorage). Remembers your light or dark theme preference on this device. Functional.
  • sidebar-collapsed (localStorage). Remembers whether the desktop sidebar is collapsed. Functional.
  • tine-disclosure-seen (localStorage). Records that you’ve seen the on-device storage disclosure once on this device. Functional. Persists until you clear browser storage.
  • tine-offline (IndexedDB, Dexie offline store). Holds an offline copy of your records so you can read and log without a network. Functional.
  • tine-diagnostics (IndexedDB, Dexie admin-only debug ring). Captures recent error and warning details on this device for the maintainer to investigate sync problems during the beta. Only created on admin sessions; wiped on sign-out and on member change. Functional. Beta-only.
  • Serwist service-worker cache (service-worker cache). Caches the app shell and image assets for offline use. Functional.

Contact

Use the in-product paths for the rights that have one (Settings › Export my data; Settings › Delete account; the edit affordances on every record). A public contact channel for the remaining rights and any other privacy inquiry will be added in a future revision of this policy. Where applicable, rights requests are handled within 30 days.

Changes to this policy

This policy may be updated. The Effective date at the top of this page marks the current version. Earlier versions are not archived in this release.