Sign inSign up

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how pintopin (“we”, “us”) collects, uses, shares and protects your personal data when you use our website and services. We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and the Turkish Personal Data Protection Law (KVKK).

1. Data Controller

pintopin is the controller of personal data processed via the Service. You can reach us at privacy@pintopin.lovable.app.

2. Data We Collect

You provide

  • Account data: email address, username, display name, password hash, optional avatar.
  • Profile & content: boards, pins, links, comments, reactions, settings.
  • Support: messages you send us.

Collected automatically

  • Usage: pages viewed, actions taken, approximate location (from IP), device and browser info.
  • Cookies & similar: see our Cookie Policy.

From third parties

  • Payments: Paddle shares limited transaction data (plan, country, last 4 digits of card, billing email).
  • Auth providers: if you sign in via Google we receive your basic profile (name, email, avatar).

3. How We Use Your Data

  • provide, secure and improve the Service (legal basis: contract / legitimate interests);
  • process payments and prevent fraud (contract / legal obligation);
  • send transactional emails and, with your consent, marketing emails (consent);
  • comply with legal obligations (legal obligation);
  • analyse aggregated usage to improve product quality (legitimate interests).

4. Sharing

We do not sell your personal data. We share it only with:

  • Paddle.com Market Limited — payment processing, tax, invoicing and fraud prevention as our merchant of record;
  • Cloud infrastructure — hosting, storage and database providers acting under data processing agreements;
  • AI providers — only the content you explicitly submit to an AI feature, used for inference;
  • Authorities — when required by valid legal process.

5. International Transfers

Your data may be processed outside your country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Retention

We retain account data for as long as your account is active. Boards and pins remain until you delete them or your account. After account deletion, residual backups are purged within 30 days. Tax/transaction records are kept for the period required by applicable law (typically 7–10 years).

7. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to processing, port your data, and withdraw consent. EU/UK users may lodge a complaint with their local supervisory authority. California residents have specific CCPA/CPRA rights including the right to know, delete, correct and opt out of “sharing”. To exercise any right contact privacy@pintopin.lovable.app.

8. Security

We use encryption in transit (HTTPS/TLS), encryption at rest for sensitive fields, role-based access control, audit logs, and routine security reviews. No service can be 100% secure; you remain responsible for protecting your password.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16; if you believe we have, contact us so we can delete it.

10. Changes

We will notify you of material changes via the Service or by email. The “Last updated” date above always reflects the current version.

11. Contact

Email privacy@pintopin.lovable.app for any privacy-related question.