Skip to main content
Tinn
Download Clipper Pricing About Blog FAQ Contact
Log in Download ↓
  • English✓
  • Norsk
  • Português (BR)
DownloadClipperPricingAboutBlogFAQContact Log in Download ↓
  • English✓
  • Norsk
  • Português (BR)

Privacy Policy

Last updated: June 2026 (rev. 4) · Bjørkå Flatin ENK / Tinn

Tinn is a product specification and mood board tool for architects, engineers, interior designers, and builders. This policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have.

1. Who is responsible for your data

Data controller: Bjørkå Flatin ENK, org. no. 933 152 893, Norway. Contact: privacy@tinn.app

If you have questions about how your data is handled, or want to exercise any of your rights, email the address above. We will respond within 30 days.

2. What data we collect and why

Account and profile data

  • Email address, required to create an account and send you sign-in links.
  • Full name and company name, provided by you at registration, used to personalise the interface and identify you in shared projects.
  • Sign-in provider: we record whether you signed in via email or Google so we can route authentication correctly.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)), these are necessary to provide the service.

Project and specification data

  • Everything you create inside Tinn: projects, products, mood boards, notes, supplier links, images.
  • Your project files are stored locally on your device as .tinn files. Plans with cloud features (cross-device sync, shared access) additionally store selected project data on our servers; this is clearly indicated at the point of use. We do not access your project content except to diagnose technical problems at your request.

Legal basis: performance of a contract (Art. 6(1)(b)).

Onboarding and preference data

  • Role, project type, team size, and currency preference, collected optionally on first login to personalise the experience.
  • You can skip this at any time. It does not affect access to the service.

Legal basis: legitimate interest (Art. 6(1)(f)), improving the product for professional users.

Usage and technical data

  • Basic server logs (IP address, browser type, page visited, timestamp) collected automatically by our hosting provider (Vercel). Retained for up to 30 days.
  • No third-party analytics scripts (no Google Analytics, no tracking pixels).

Legal basis: legitimate interest (Art. 6(1)(f)), diagnosing errors and ensuring security.

Client portal data

  • If you share a project via the client portal, your clients’ email addresses and their votes/comments are stored. You are responsible for informing your clients that their data is processed through Tinn.

Legal basis: performance of a contract (Art. 6(1)(b)) between you and your clients.

3. Who we share your data with

We do not sell or rent your data. We use the following third-party processors:

  • Supabase, database, authentication, and file storage. Data is stored in the EU (Stockholm region, eu-north-1). SOC 2 Type 2 compliant.
  • Vercel, application hosting and CDN. Server logs held for up to 30 days.
  • Cloudflare, DNS, marketing site hosting (Cloudflare Pages), object storage for project images and binary downloads (R2, EU region), and email routing for hello@tinn.app, support@tinn.app, press@tinn.app. GDPR compliant.
  • Resend, transactional email (magic links, project invitations). Your email address and name are shared.
  • Sentry, error and crash reporting. Device type, OS version, anonymised stack traces, and IP address may be shared when a crash occurs.
  • PostHog, product analytics. Anonymised usage events (feature interactions, session counts). No project content is shared.
  • Google, optional “Sign in with Google”. If you use this, Google shares your name, email, and profile picture with us. Governed by Google’s own privacy policy.

All processors are required by contract to process your data only on our instructions and to protect it in accordance with GDPR.

4. How long we keep your data

  • Account and profile data, kept for as long as your account exists. Deleted within 30 days of account deletion.
  • Project data (local), stored on your device as .tinn files. Tinn does not control or delete local files.
  • Project data (cloud plans), kept on our servers for as long as your account exists. You can delete individual projects at any time.
  • Server logs, up to 30 days, then automatically deleted by Vercel.

You can delete your entire account and all associated data from Settings → Delete Account. Deletion is permanent and cannot be undone.

5. Cookies and local storage

  • Session cookie (sb-*), set by Supabase to keep you signed in. Expires after 30 days of inactivity.
  • Auth marker cookie (tinn_auth), a lightweight indicator used by our server to route you correctly. Contains no personal data.

No advertising cookies. No cross-site tracking. No consent banner is shown because we only use strictly necessary cookies.

6. International data transfers

Your data is primarily stored within the EU (Supabase Stockholm, Cloudflare EU). Vercel may route requests through servers in other regions as part of its CDN, but does not persistently store personal data outside the EU. Any transfers outside the EEA are covered by Standard Contractual Clauses (SCCs).

7. Your rights under GDPR

If you are in the EU/EEA, you have the following rights:

  • Access, request a copy of the personal data we hold about you.
  • Rectification, ask us to correct inaccurate data.
  • Erasure, ask us to delete your data. You can also do this yourself via Settings → Delete Account.
  • Data portability, request your data in a machine-readable format by emailing privacy@tinn.app.
  • Restriction, ask us to pause processing while a complaint is pending.
  • Objection, object to processing based on legitimate interest.
  • Withdraw consent, where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any right, email privacy@tinn.app. We will respond within 30 days. You also have the right to lodge a complaint with the Norwegian Data Protection Authority: Datatilsynet (datatilsynet.no), or the supervisory authority in your country of residence.

8. Security

We implement industry-standard security measures: HTTPS everywhere, row-level security on the database, scoped API keys, and rate limiting on sensitive endpoints. No system is perfectly secure; if you discover a vulnerability, please report it to privacy@tinn.app.

9. Children

Tinn is a professional tool intended for adults. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy. If changes are material, we will notify registered users by email at least 14 days before they take effect. The “last updated” date at the top always reflects the current version.


Questions? privacy@tinn.app · Terms of Service

Tinn

Specification software for the built environment.

Bjørkå Flatin ENK · Oslo, Norway

org. no. 933 152 893

Product

DownloadPricing

Company

AboutContact

Resources

BlogFAQRelease notes

Account

Log in
© 2026 Bjørkå Flatin ENK
Terms of Service Privacy Policy