← Back to blog

Why we built TinyX

· TinyX · 5 min read

Why we built TinyX

We didn't set out to build a link shortener.

We set out to stop leaking data. The link shortener came later — once we realised the tools everyone uses every day were doing things people had no idea about.

The problem started at SO Studio

SO Studio is a UK creative agency. We needed a tool to share information, galleries, documents, contracts, etc. with our clients, and everything was failing us: it did not do what we wanted, was not secure enough, was ridiculously priced, or all of the above.

Bitly. WeTransfer. Typeform. Linktree.

Tools like these sit in the middle of everything: client deliverables, proposals, intake flows, file transfers. And they all have something in common: they see everything you send through them.

Every click on a Bitly link is logged. The destination, the sender, the recipient's IP, device, location, referrer. That data belongs to Bitly. You sent the link — but Bitly owns the intelligence.

Every file you push through WeTransfer travels through their infrastructure. In July 2025, WeTransfer updated their terms to include AI training on uploaded files. They reversed it after public outcry. But the intent was clear. They see what you send. And they want to learn from it.

We were done with this.

What we actually needed

At SO Studio, we send sensitive documents constantly. NDAs, reports, client data. The idea that any of that was sitting on a third-party server — readable, indexed, potentially fed into a model — was not acceptable.

So we asked: what would a link and file tool look like if it was built by people who understood what's really needed?

The answer was TinyX.

What "privacy-first" actually means

This is not marketing language. Here is the technical reality:

When you upload a file through TinyX, the file never touches our servers. Full stop. Your browser encrypts it client-side using AES-256-GCM before it leaves your machine. The encrypted payload goes directly to Cloudflare R2 via a presigned URL. We never see the plaintext. We don't have the key.

If someone served us a subpoena for the contents of a file you sent through TinyX, we could not comply. Not because of legal posture — because we literally do not have the data. That's what zero-knowledge encryption means in practice. I mean we can give it to them but all they will get is a random string of random data, good luck!

Short links work similarly: analytics are for you, not us. When someone clicks your link, you see the country, device, browser, and referrer — in real time, within seconds of the click. That data lives in your account. It's not sold, shared, or used to train anything.

No ads. No AI training on your uploads. No interstitial pages that make your recipient think they're about to download malware.

The moment we realised everyone needed this

We built TinyX internally. Used it for client work. Then colleagues at other firms started asking what tool we were using.

We'd share a link. They'd click it. File downloaded instantly — no "prepare your download" spinner, no upsell modal, no redirect through six ad networks. The short link resolved in milliseconds off Cloudflare's global edge.

The reaction was always the same: why doesn't my tool do this?

The answer is: because the tools you're using aren't built to serve you. They're built to extract value from you. Your clicks are their data. Your files are their training set. Your recipients are their ad impressions.

You are the product. Your data is the product. Your recipients are the product.

We built TinyX because we weren't willing to accept that anymore — and we suspected we weren't alone.

What TinyX does that other tools won't

We didn't just build a cleaner version of Bitly. We built one platform that replaces four:

Short links with real analytics. Custom codes, QR codes auto-generated, password protection, expiry by time or click count.

Encrypted file sharing. Zero-knowledge. Client-side encryption. Files go direct to R2. We cannot read them.

Upload drops. A link anyone can upload to — no account needed from the sender. Auto-encrypted on receipt. Used by photographers for client proofing, by consultants for intake, by anyone who's tired of receiving files via Gmail attachments.

Questionnaires. Markdown-based forms via a short link. Cap responses. Set expiry. Export CSV. No Typeform account required.

All of this from one subscription, starting at $9/month.

Why the timing matters

Bitly added interstitial ads to their free tier in 2025. Your recipient clicks your link and gets shown an ad before landing. Your professional communication now looks like a spam redirect.

WeTransfer tried to train AI on user files. They backed down — but the intention was stated publicly, in writing. The lesson: if a free or cheap tool is handling your data, you should be asking what they get out of it.

The answer is usually: your data.

We're not a free tool with a hidden cost. We charge a fair price upfront so we don't need to monetise your content. That's the deal.

Who TinyX is for

If you've ever winced at a WeTransfer link you sent a client — knowing it was going to arrive covered in ads and someone else's branding — TinyX is for you.

If you've ever sent a Bitly link and wondered who else can see the analytics — TinyX is for you.

If you're a freelancer, consultant, agency, or anyone who handles information that matters — TinyX is for you.

We're not here to be the biggest link tool. We're here to be the one you'd actually trust with something sensitive.

Start for free at tinyx.co — no credit card required. Upgrade when you need more.