Skip to content

docs: update Dify privacy policy #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hwennnn merged 1 commit into from
Feb 11, 2026
Merged

docs: update Dify privacy policy #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 80 additions & 2 deletions dify/PRIVACY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,81 @@
## Privacy
# Privacy Policy

Please refer to the Privacy Policy of [TinyFish](https://www.tinyfish.ai/privacy-policy).
How we collect, use, and protect your information.

Effective Date: December 14, 2025

TinyFish Inc. ("TinyFish," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services (collectively, the "Services").

## Personal Information Collection

We collect information that you provide directly to us when you register for an account, use our Services, communicate with us, or otherwise interact with TinyFish. We are transparent about what we collect and why.

## Data Types Collected

We may collect the following types of information:

- **Registration Information:** Name, email address, company name, and account credentials when you create an account.
- **Device Information:** Device type, operating system, browser type, IP address, and unique device identifiers.
- **Usage Analytics:** Information about how you interact with our Services, including pages visited, features used, and time spent on our platform.
- **Cookies and Tracking:** We use cookies and similar technologies to recognize your browser or device, remember your preferences, and analyze usage patterns.
- **Payment Information:** Billing address and payment card details when you subscribe to our paid services. Payment processing is handled by third-party processors, and we do not store complete payment card information.

## Data Usage

We use the information we collect to:

- **Provide Services:** Operate, maintain, and improve our Services, including processing your requests and providing customer support.
- **Marketing Communications:** Send you technical notices, updates, security alerts, and promotional messages (you may opt out at any time).
- **Fraud Prevention:** Detect, prevent, and address technical issues, security incidents, and fraudulent activity.
- **Legal Compliance:** Comply with applicable laws, regulations, and legal processes, or respond to lawful requests from public authorities.

## Third-Party Sharing

We may share your information with third parties in the following circumstances:

- **Analytics Providers:** We work with third-party analytics services to understand how users interact with our Services.
- **Affiliates:** We may share information with our corporate affiliates for business purposes.
- **Payment Processors:** Payment information is shared with our payment processing partners to complete transactions.
- **Legal Requirements:** We may disclose information if required by law, court order, or governmental request.

We do not sell your personal information to third parties.

## User Rights

Depending on your location, you may have certain rights regarding your personal information:

- **EU and UK Users:** Under GDPR, you have the right to access, correct, delete, or restrict processing of your personal data. You may also request data portability and object to certain processing activities.
- **California Residents:** Under CCPA, you have the right to know what personal information we collect, request deletion, and opt out of the sale of your information (though we do not sell personal information).
- **Other Jurisdictions:** You may have additional rights under applicable local laws.

To exercise your rights, please contact us using the information below.

## Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

## Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

## International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

Comment on lines +7 to +64
Copy link

@coderabbitai coderabbitai bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

TinyFish Inc privacy policy data practices

💡 Result:

Tiny Fish, Inc. (TinyFish) describes these privacy/data practices in its Privacy Policy for AgentQL (effective August 13, 2024) [1]:

  • Data they collect

    • You provide: account registration info (name, email), any information you submit through the service, support communications (and newsletter fields like company/job title), job-application info, and payment info is processed by Stripe (Tiny Fish may receive some related info from the processor) [1].
    • Automatically: inferred general location (via IP), device/browser/OS info, and usage/activity data (pages/content viewed, timestamps) [1].
    • Cookies/trackers: uses cookies/pixels/web beacons; lists “strictly necessary” cookies (e.g., session/auth) and analytics/performance cookies (e.g., product improvement), with retention periods shown (commonly 6 months for key cookies) [1].
    • From third parties: if you link a third‑party account, it may receive profile and related info from that service [1].

  • How they use data

    • Provide/maintain/improve services, personalize experience, analytics & product development, customer support/communications, marketing/advertising, deidentified/aggregated analytics, fraud prevention/security, and legal/compliance purposes [1].

  • How they share/disclose data

    • With affiliates, vendors/service providers, customers/employers (if you use the service as part of a customer relationship), analytics providers (e.g., Google Analytics), for legal requests/safety, and during corporate transactions (merger/sale), or with your consent [1].

  • Your choices & rights

    • Unsubscribe from marketing emails; describes EEA/UK rights (access, correction, deletion, portability, restrict/object, withdraw consent) and notes they may retain some data for backups, legal obligations, fraud prevention, etc. [1].

  • Retention, security, other notes

    • Retains data only as long as needed for stated purposes (or longer if required by law); uses “reasonable” safeguards but cannot guarantee security; not directed to children under 13; services hosted in the U.S. and may transfer data internationally using mechanisms like Standard Contractual Clauses [1].

  • Contact

Sources: AgentQL / Tiny Fish, Inc. Privacy Policy [1]; TinyFish Terms of Service (references/incorporates the Privacy Policy) [2].

🏁 Script executed:

# Check if dify is TinyFish's codebase and search for data collection/handling code
git ls-files | head -20

Repository: tinyfish-io/tinyfish-web-agent-integrations

Length of output: 515

🏁 Script executed:

# Search for data collection, user tracking, analytics implementation
rg -i "(collect|track|analytics|telemetry|cookie)" --type js --type py --type ts | head -30

Repository: tinyfish-io/tinyfish-web-agent-integrations

Length of output: 391

🏁 Script executed:

# Check for any references to privacy policy URLs or canonical sources
rg "privacy" -i | head -20

Repository: tinyfish-io/tinyfish-web-agent-integrations

Length of output: 1638

🏁 Script executed:

# Look for payment/billing related code that might contradict "we do not store complete payment card information"
rg -i "(payment|card|billing)" --type js --type py --type ts | head -20

Repository: tinyfish-io/tinyfish-web-agent-integrations

Length of output: 69

Fix effective date and verify policy scope alignment.

The effective date "December 14, 2025" is a future date and must be corrected. Additionally, this policy diverges significantly from the published TinyFish AgentQL Privacy Policy (effective August 13, 2024)—it omits contact email (info@tinyfish.io), specific payment processor details (Stripe), children's privacy restrictions, Standard Contractual Clauses for international transfers, and cookie retention periods. Clarify whether this is a plugin-specific template or should align with the official published policy before merging.

🤖 Prompt for AI Agents 
In `@dify/PRIVACY.md` around lines 7 - 64, Update the PRIVACY.md effective date to
a past or current date (not "December 14, 2025") under the "Effective Date" or
top-of-document header, and reconcile this document's scope with the official
TinyFish AgentQL policy: add the contact email info@tinyfish.io, name Stripe as
the payment processor, include a children's/privacy/age-restriction section,
document Standard Contractual Clauses (SCCs) or equivalent safeguards for
international transfers, and state cookie retention periods; alternatively,
explicitly label this file as a plugin-specific template and call out deviations
from the AgentQL policy so reviewers know it is intentionally different.

## Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

## Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. Your continued use of our Services after any changes indicates your acceptance of the updated policy.

## Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

TinyFish Inc.

Email: support@tinyfish.ai

Location: Cupertino, California