Privacy Policy

Last Updated: July 8, 2025

1. Introduction

Thank you for choosing to use Pinio. We're excited to have you on board! At Pinio, your privacy and trust are our top priorities. This Privacy Policy explains in a straightforward way how we collect, use, and protect your personal data when you use our app and related services.

Pinio is a powerful mobile application designed to help you save, organize, and discover content from social media in smarter ways. Behind the scenes, we use advanced AI and secure cloud technologies to make your experience seamless and personalized — all while respecting your privacy.

We want you to feel confident that your data is handled responsibly and transparently. This document outlines what information we collect, why we collect it, who we share it with, and your rights as a user.

2. Responsible Party

In compliance with the General Data Protection Regulation (GDPR), the person responsible for processing your personal data in connection with Pinio is:

Adrian Gruber Peralohstraße 61A 81737 München Germany

Email: hello@pinio-app.com

If you have any questions or concerns about your data, please don't hesitate to reach out.

3. Information We Collect

We only collect information that is essential for providing, maintaining, and improving our service.

Information You Provide to Us:

• Account Information: When you create a Pinio account, we collect your email address and a securely hashed version of your password.
• Content Data: We store all the content you save to Pinio. This includes "Pins" (the original items you share, like URLs and their metadata) and "Discoveries" (the specific information like Places, Recipes, or Products that our AI processes for you).
• Communications: If you contact us for support via email, we will keep a record of that conversation to help resolve your issue.

Information Collected Automatically:

• Crash and Performance Data: To keep Pinio running smoothly, we automatically collect data related to app crashes and performance issues. This includes information like your device type, operating system version, and unique device identifiers, which helps us identify and fix bugs quickly.

4. How We Use Your Information & Our Legal Basis

We process your data for specific purposes, and we only do so when we have a legal basis under GDPR.

• To Provide and Maintain Our Service (Legal Basis: Art. 6(1)(b) GDPR - Contract Fulfillment):

  • To create and securely manage your user account.
  • To enable the app's core features, allowing you to save, organize, and access your "Pins" and "Discoveries."
  • To process any in-app purchases or subscriptions you make.

• For AI-Powered Content Processing (Legal Basis: Art. 6(1)(b) GDPR - Contract Fulfillment):

  • To power the "Discoveries" feature, we send content from your "Pins" to external AI services (Google Gemini and OpenAI) through a secure, automated workflow. This processing is essential to analyze your content and deliver the specific information you request (like places or recipes).

• To Improve App Stability (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest):

  • We have a legitimate interest in making our app reliable. We use crash and error data to monitor performance, diagnose problems, and improve the overall user experience.

• To Communicate With You (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest):

  • We use your contact information to respond to your support requests and feedback.
  • We also use it to send you essential push notifications related to your app activity. You can manage these at any time in your device's settings.

5. Data Sharing and Disclosure

We do not sell your personal data. We only share it with trusted third-party partners who help us provide and improve our service. These partners are contractually obligated to keep your information secure.

• Supabase: We use Supabase for our entire backend infrastructure. This includes our database, storage for your "Pins" and "Discoveries," and user authentication. All data is stored on servers located in the European Union.
• RevenueCat: We use RevenueCat (based in the USA) to securely process in-app subscriptions and purchases. We share transaction-related information with them to manage your subscription status.
• Sentry: We use Sentry (based in the USA) for crash reporting and error monitoring. When the app encounters an issue, anonymized data about the event is sent to Sentry so we can fix it.
• Expo Push Notifications: We use Expo's service to reliably deliver push notifications to your device.
• OpenAI & Google (Gemini): To power our "Discoveries" feature, content from your "Pins" is sent for processing via our secure workflow to APIs provided by OpenAI and Google (both based in the USA). We only send the necessary content for analysis and never share your personal account information in this process.

6. International Data Transfers

Your core data (Pins and Discoveries) is stored within the European Union via our Supabase infrastructure. However, some of our service providers operate outside the European Economic Area (EEA), primarily in the United States (RevenueCat, Sentry, Expo, OpenAI, and Google). When your data is transferred to these services, we ensure it is protected to the same high standards as it is in Europe, using safeguards like Standard Contractual Clauses (SCCs) as required by GDPR.

7. Your Data Protection Rights under GDPR

You have comprehensive rights over your personal data. You can exercise them at any time by contacting us at hello@pinio-app.com.

• Right to Access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16 GDPR): You can ask us to correct any inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You can request the deletion of your personal data from our systems.
• Right to Restriction of Processing (Art. 18 GDPR): You can ask us to limit how we use your data.
• Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format to transfer it elsewhere.
• Right to Object (Art. 21 GDPR): You can object to our processing of your data when we are relying on a legitimate interest.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to file a complaint with your local data protection authority if you believe our processing violates data protection laws.

8. Data Retention

We keep your personal data only for as long as it is necessary to provide you with the Pinio service or to comply with our legal obligations. If you choose to delete your account, we will take steps to permanently delete your data from our active systems in a timely manner.

9. Children's Privacy

Pinio is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have, we will take steps to delete that information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please do not hesitate to contact us at: hello@pinio-app.com.