Pinpot Privacy Policy
Effective Date: March 15, 2025
Introduction:
At Pinpot Inc. (hereinafter “Pinpot,” “we,” “us,” or “our”), your privacy is a top priority. We are committed to protecting your personal information and being transparent about how we handle it. This Privacy Policy explains what data we collect, how we use and safeguard it, and your rights regarding your information. We follow applicable privacy laws in Canada (including Quebec), the United States (including California), and Europe to ensure compliance and protect your rights under laws like Canada’s PIPEDA, Quebec’s Law 25, California’s CCPA/CPRA, and the EU’s GDPR. We have written this policy in clear, plain language because we want you to understand our practices and feel confident using Pinpot. By using Pinpot Inc.’s services, you consent to the practices described in this Privacy Policy.
Information We Collect
Information You Provide: When you create a Pinpot account or use our services, you give us personal information such as your name, email address, date of birth, profile details (like photos and bio), and contact information. We also collect any other information you choose to provide, such as interests, preferences, or feedback you send to us. This data is necessary to create your profile and let you connect with others.
Usage Data: We collect information about how you use Pinpot. This includes things like the date and time you log in, features you use, clicks and page views, and interactions with other users or content. We also gather device information (e.g. device model, operating system, browser type, app version, and device identifiers) and network information (IP address, mobile network) when you use the app. This helps us troubleshoot issues, improve our services, and ensure compatibility across devices.
Location Data: Pinpot is a location-based platform, so with your permission we collect precise location information (GPS coordinates) from your device. We use your location to personalize the app – for example, to show you relevant places or showing the posts that will happen in your area. Location data may be collected even when you’re not actively using the app if you have allowed background location access. If you decline to grant location permission, we will not collect your geolocation. You can always control location sharing via your device settings. We do not reveal your exact location to other users – at most, Pinpot may display generalized location info of your planned event (such as your city or an approximate distance) to help facilitate connections. We do not retain detailed location history longer than necessary to provide the service, and any temporary location data (e.g. used for a specific feature) is deleted once it’s no longer needed.
Information from Third Parties: If you choose to sign up or log in through third-party services (for example, using Google, Apple, or other social accounts via our authentication provider Clerk), we receive information from those services such as your name, email, and profile photo as permitted by that service. This helps expedite account creation. We only receive what you agree to share. Similarly, if Pinpot ever implements features like inviting friends or importing contacts, we would collect relevant information only with your consent.
Cookies and Similar Technologies: If you use our website or web features, we may use cookies or similar tracking technologies to remember your preferences, analyze usage, and personalize your experience. You can control cookies through your browser settings and our site’s cookie banner (if applicable). Pinpot does not respond to “Do Not Track” signals at this time, in line with common industry practice.
How We Use Your Information
We use the collected information to operate, improve, and protect Pinpot. The main purposes for which we process your data include:
- Providing the Service: We use your information to create and manage your account, facilitate connections, and enable core features of the app. For example, we show your profile (name, photos, etc.) to other users when you post and show you other users’ profiles when you are seeing the other users posts. We also use your data to enable location-based features (like showing nearby posts or venues) and to allow communication with other users (sending requests, etc.). Essentially, all the functionality of Pinpot relies on processing the information you provide to fulfill our contract with you as a user.
- Improving and Customizing the Service: We analyze how users interact with Pinpot to improve user experience and develop new features. This includes researching which features are popular, fixing bugs, and personalizing content. For instance, we might use your activity patterns to recommend more relevant posts. We may also send surveys or ask for feedback (optional) to learn how to make Pinpot better.
- Safety and Moderation: Your safety is extremely important to us. We monitor and may review user content (such as profiles, requests, and reports) to prevent fraud, spam, abuse, or other violations of our terms and community guidelines. Information (including reports from users) is used to detect and address illegal or unauthorized activities on the platform. For example, we may use automated systems and moderators to flag inappropriate behavior or content. This is both to protect our users and to comply with legal obligations. We also may use information to verify user identities or ages – for example, we might ask for government ID or other verification when needed to confirm a user is 18 or older and genuine. These measures are in our legitimate interest to keep Pinpot a safe space.
- Communication: We use contact information (like your email or in-app notifications) to send you service-related communications. This includes confirmations, account alerts, updates about new features, or customer support responses. We may also send marketing communications or news about Pinpot, but only in accordance with applicable law – for example, if required, we will obtain your consent to send marketing emails, and you can opt-out at any time. Transactional or safety-related messages (e.g. password resets, important account or policy updates) will be sent as needed, even if you opt out of marketing, because they are necessary for service.
- Legal Compliance and Enforcement: We process information as needed to comply with applicable laws and regulations and to respond to lawful requests or legal processes. This includes using data to assist law enforcement where required by law and to enforce our own legal rights or agreements. For example, if we receive a court order or subpoena, we may need to provide certain data to authorities as mandated by law. We also may use or disclose information to investigate and prevent fraud, security issues, or other harm, or to assert the terms of service if needed.
Our legal bases for processing personal data under laws like the GDPR include: your consent (for optional uses such as certain marketing or accessing device features), performance of a contract (providing you the Pinpot app and its services), compliance with legal obligations, and our legitimate interests (such as improving the service, and ensuring safety). Where we rely on your consent, you have the right to withdraw consent at any time, and we will not continue that specific processing. If you withdraw consent, however, this will not affect processing already done and may affect features that rely on that consent (for instance, turning off location services may limit location-based features).
How We Share Your Information
We do not sell or rent your personal information to third parties for their own marketing purposes. We only share information in the following situations, in line with standard industry practices and this Privacy Policy:
- With Other Pinpot Users: Pinpot is designed to help you meet people, so certain profile information you provide will be visible to other users. This includes the information you choose to make public on your profile (such as your name, surname, photos, age, bio, and interests). Please be mindful that any information you share on your public profile or directly with other users can be seen, collected, or used by them. We cannot control what other users do with information you share, so we encourage you to not post anything you aren’t comfortable making public. No precise location or contact information is ever shown to other users by Pinpot without your consent. Also, if you interact with others, those users will see the content of your communications. We have already enabled you to control the visibility of your location by only showing the exact location of venue to the person who you have confirmed to meet.
- With Our Service Providers (Processors): We engage trusted third-party companies to help us run Pinpot and perform necessary services on our behalf. These service providers assist us with a variety of tasks, including: hosting and infrastructure (e.g. DigitalOcean, which hosts our servers), databases (e.g. Neon which hosts our databases), authentication (e.g. Clerk, which manages secure user login and identity), cloud storage and media hosting (e.g. Cloudinary, which stores and delivers user-uploaded images and voices), maps and location services (e.g. Google Places API, which provides location and place information in the app), analytics, customer support, and email/SMS delivery, among others. We only share the data that is necessary for each provider to perform their work – for instance, our hosting provider will store your account data on secure servers, our image service will store your photos, and our authentication service will handle login credentials. These third parties act under our instructions and are bound by strict data protection and confidentiality obligations. They are not allowed to use your information for any purpose other than providing services to us. If you’d like to know the identities of our key service providers or have questions, you can contact us (see Contact Us section).
- With Third-Party Partners: In some cases, we may share limited information with third-party partners when necessary for integration or optional features. For example, if Pinpot integrates Google Maps/Places features, certain data (like location coordinates or place queries) may be sent to Google’s APIs to retrieve map information.
- Use of Google services: Pinpot uses the Google Places API to provide location-based features (such as showing the bars, restaurants and café around you which you can choose). This means that when you use such features, information about your device and location may be shared with Google in accordance with Google’s terms. Google’s Privacy Policy is incorporated by reference and can be found at the following link: https://policies.google.com/privacy. By using Pinpot’s location features, you agree to be bound by Google’s Maps/Places Terms of Service https://policies.google.com/terms. We do not retain raw data from Google’s APIs beyond what is needed for the feature (for instance, we might store a Place ID for a location in your event details, but not the full Google response). Aside from services like Google, we generally do not share your personal data with any third parties unless it’s needed to operate the app as described.
- With Law Enforcement or When Required by Law: If we are presented with a legal demand (such as a subpoena, court order, or warrant) or have to comply with applicable laws, we may disclose the requested information as required. We only do so after verifying the legitimacy of the request and only provide the minimum necessary data. Additionally, we may share information if we believe in good faith that it’s necessary to prevent or investigate illegal activities, fraud, or situations involving potential threats to the safety of any person. For example, we might provide information to law enforcement to assist in the investigation of criminal activity if legally obligated, or share data to protect someone’s vital interests in an emergency. If allowed by law, we will try to inform you if we have to provide your data to authorities. However, in some cases we may be legally prohibited from notifying you. Rest assured, we handle all government requests with care and only disclose information when legally compelled or to enforce our rights or protect users.
- With Our Affiliates or in Business Transfers: If Pinpot is ever involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, your information may be transferred to the new owner or successor entity as part of that transaction (so that the service can continue to operate). In such cases, we will ensure the new owner honors the commitments we have made in this Privacy Policy. Also, if we ever establish affiliate or subsidiary companies, your information might be shared with them under the same strict conditions outlined here, for purposes consistent with this policy. Any corporate affiliate that may process your data will do so only as our agent or for the purposes stated (for example, for centralized data management, analytics, etc.), and will also comply with applicable privacy laws.
- • With Sponsored Venues: From time to time, Pinpot may partner with bars, restaurants, or other venues that pay a sponsorship or advertising fee to be featured or highlighted within the app. Any such sponsorships or promotions will be clearly identified as sponsored or paid features. We never share personal information (such as names, contact details, or precise locations) with these sponsors. However, we may provide them with aggregated statistics – such as the total number of meetups or events planned at their venue via Pinpot – which do not identify individual users. Sponsors do not have direct access to your data, and we will not disclose your personal information to these venues.
- With Your Consent or At Your Direction: We may ask for your consent to share your information with third parties in ways not covered above. In such cases, we will clearly explain what information would be shared and for what purpose, and proceed only if you agree. You are also in control of any sharing you do yourself — for instance, if you link Pinpot to another app or choose to share a Pinpot event on social media, we will share data at your direction. Outside of the scenarios listed in this policy, we will not share your personal information with third parties unless you give us permission.
International Data Transfers
Pinpot is a global service, and as such, your information may be stored or processed in Canada, the United States, or other countries where our service providers are located. For example, if you are in the EU or another region, your data might be transferred to and stored on servers in the United States (such as on DigitalOcean or Cloudinary infrastructure) or other jurisdictions. We take steps to ensure that international transfers of personal data are done in compliance with applicable laws. If you are located in the European Economic Area (EEA) or United Kingdom, and your data is transferred out of Europe, we rely on approved legal mechanisms to protect your information, such as the European Commission’s Standard Contractual Clauses (SCCs) or other safeguards to ensure an adequate level of data protection. In practice, this means our contracts with service providers bind them to GDPR-level data protection standards regardless of where they operate. We also assess our vendors for strong security practices.
By using Pinpot, you understand that your information may be transferred to servers in countries outside of your home jurisdiction. However, no matter where your data is processed, we will apply the same level of protection as required by the strictest laws mentioned in this policy. We also comply with any specific local requirements for data transfer. For instance, Canadian user data may be accessed by foreign authorities under foreign laws, but we will only disclose data to third parties as outlined in “How We Share Your Information,” and we remain accountable for the protection of personal information entrusted to us, even when it’s handled by third-party agents in other jurisdictions.
If you have questions about international data transfer or want more information about the safeguards in place, you can contact us (see Contact Us section below).
Data Retention and Deletion
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and as required or permitted by law. In other words, we keep your data for the period we are using it for the reasons described above (providing the service, legitimate business needs such as security, etc.), and then we delete or anonymize it.
If you decide to delete your Pinpot account, we will remove or anonymize personal data associated with your account from our active databases.
Account Deletion: You can delete your account at any time through the app or by contacting us. Once you initiate deletion, your profile will no longer be visible to other users. We then proceed to permanently erase or anonymize your personal information from our systems after a retention period. Why a retention period? For safety and business record reasons, we maintain a short “grace period” after account deletion before final erasure. This is to cover situations like account deletion by mistake, to protect against certain forms of abuse, and to meet certain legal obligations. For example, Pinpot may keep your account data for a brief window (30 days) in case you change your mind and want to restore your account, or to allow us to investigate any recent illegal or policy-violating behavior before data is gone (this is similar to industry practices, such as Tinder retaining data for 3 months after deletion for safety or Bumble allowing 28-day reactivation). After this interim period, we begin the deletion process for your personal data.
In practice, once the retention period expires, we either securely delete the data or irreversibly anonymize it so that it can no longer be linked to you. However, please note that there are a few exceptions where we might retain certain information for a longer period, strictly as necessary:
- Legal compliance: We may keep data if required to comply with laws or regulations. For instance, if financial transactions occurred (e.g. you purchased a premium feature), we might retain transaction records as required for tax or accounting laws. Also, certain jurisdiction laws mandate retaining specific data for a set time (for example, basic subscriber information or “traffic data” might be kept for a period under telecommunication retention laws).
- Evidence of consent or agreements: We might retain records of your consent to this Privacy Policy, Terms of Service, or other consents for a reasonable period (e.g. five years) as evidence that we complied with our legal obligations. This is important for our legal protection.
- Dispute resolution: If there is an unresolved issue, dispute, or claim related to your use of Pinpot (for example, a complaint under investigation or a lawsuit), we will retain the necessary information until the issue is resolved. We will also retain data as needed to enforce our rights or agreements, such as information about users who were removed for misconduct, to support any legal claim or defense.
- Safety and fraud prevention: We retain certain data to detect and prevent fraud, scams, or repeat abuse. For example, if a user was banned for serious violations or safety reasons, we may keep information (like email, phone, device ID, and reason for ban) to block that person from creating new accounts. This is a legitimate business interest to protect our community.
After the applicable retention period or exception is satisfied, the corresponding data will be deleted or anonymized. Keep in mind that due to the nature of distributed systems and caching, complete removal from all backups and caches might not be instantaneous. We aim to purge data promptly, but there could be residual copies in backup storage that are purged periodically. We will not use retained data for any purpose other than what is described in the exceptions above. We also want to be transparent that while our systems are designed to carry out deletions per these guidelines, technical constraints mean we cannot guarantee that every single trace of data will be removed from all systems immediately. Nonetheless, once your account is deleted, your personal data will no longer be accessible or processed in the app, and we will not restore or use it except if it falls under the narrow exceptions above.
If you have questions about our data retention practices or wish to request deletion of your data, see Your Rights below on how to contact us.
Your Rights and Choices
You have rights and choices regarding your personal information. Pinpot is designed to empower you to control your data, and we also comply with rights granted by laws like GDPR (for EU users), CCPA (for California users), and other privacy regulations. Regardless of where you live, we extend many of these core rights to all our users to be consistent and fair. These rights include:
- Access Your Data: You have the right to request a copy of the personal information we hold about you. For example, you can request a report of your profile info, messages, and other data. We provide many details in-app (your profile, etc.), but if you need a full export, contact us and we will provide you with a copy of your data in a portable format (where required by law, this is often called the right of access or data portability).
- Rectification (Correcting Data): If any personal information we have about you is incorrect or has changed (for instance, you want to update your contact info), you have the right to correct it. You can edit most of your profile information directly in the app via your account settings. If you have trouble updating or find other data (like account details) that you cannot change, you can contact us to request correction.
- Deletion of Data: You have the right to delete your personal data (the “right to be forgotten”). As described in Data Retention and Deletion, you can delete your account at any time which erases your personal info from the service after the safety retention period. You may also contact us to request deletion of specific information or your entire account. We will honor deletion requests and remove your data, unless an exception applies (as noted above, e.g. we may retain certain information if legally required or for safety reasons). Once we process your deletion request, your personal data will be removed from active use. (Note: if you simply uninstall the app without deleting your account, your account data will remain until you delete or we deem the account inactive after a long period.)
- Withdraw Consent: If we are processing any personal information based on your consent, you have the right to withdraw that consent at any time. For example, you can disable location access in your device settings if you no longer want to share location, or unsubscribe from marketing emails by clicking “unsubscribe” in the email. Withdrawing consent will stop the specific processing that relied on consent (there may be some features you can no longer use if you do so, but we will always respect your choice). Note that processing performed before you withdrew consent may still be lawful. If you want to opt out of certain data collection (like analytics or targeted ads, if applicable), please contact us for possible settings or adjustments.
- Objection and Restriction: In certain situations, you have the right to object to or restrict our processing of your data. For example, EU users can object to processing based on our legitimate interests if they believe their rights outweigh our interests. You can also ask us to temporarily restrict processing if you contest the accuracy of data or want to establish, exercise, or defend legal claims. If you object to processing that is essential for providing the service (for instance, using your date of birth to enforce age restrictions), we’ll let you know if we’re unable to fulfill the request without terminating the service to you. In all cases, we will consider and respond to your request in accordance with applicable law.
- Portability: To the extent required by applicable law, you can request a copy of your data in a structured, commonly used, machine-readable format, so you can transfer it to another service if you wish. Typically, this would be encompassed in an access request where we provide your data file.
- California Privacy Rights: If you are a California resident, state law provides you some additional rights. You have the right to know the categories of personal information we collect, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share that information (which this Privacy Policy already outlines). You also have the right to request that we delete your personal information, which we honor as described above. Pinpot does not “sell” your personal information to third parties for monetary value or for their direct marketing, and we do not share your personal information for cross-context behavioral advertising without consent, so the opt-out of sale/sharing is not applicable except as your general right to not have your data shared beyond the service purposes. California’s “Shine the Light” law allows users to request once a year a notice describing what categories of personal info we shared with third parties for direct marketing in the previous calendar year. However, Pinpot does not share data with third parties for their own direct marketing, so such a list would be empty. If you still wish to inquire about your California privacy rights, you can contact us. We will not discriminate against you (deny services, etc.) for exercising any privacy rights, as per California law.
- Canadian and Quebec Users: Pinpot complies with Canada’s privacy laws, including PIPEDA and provincial laws like Quebec’s Act 25. This means we will obtain your consent for the collection, use, and disclosure of your personal information, except where otherwise permitted by law. You have similar rights to access and correction under PIPEDA. If you are in Quebec and under 14, please do not use Pinpot – we do not collect information from anyone under 18 (and parental consent is required under 14 by law). If you’re 14 or older but under 18, note that our platform is still adults-only. (See Age Restrictions below.) For all Canadian users, you may contact us to access or correct your info, or to withdraw consent, and we will respond per the timelines in Canadian law. You also have the right to file a complaint with the Privacy Commissioner of Canada or your provincial privacy regulator if you believe your data has been mishandled.
- EU/EEA/UK Users: In addition to the rights listed (access, rectification, deletion, objection, portability, etc.), you have the right to lodge a complaint with your local Data Protection Authority if you have concerns about how we handle your data. We encourage you to contact us first so we can address your concerns directly. We have appointed a privacy officer (contact details below) who is responsible for GDPR compliance. We may also designate an EU representative if required, to facilitate communication with EU regulators and users.
To exercise any of your rights, please contact us at the email or mailing address provided in Contact Us. For certain requests, we may need to verify your identity before proceeding (for example, by asking you to provide information that confirms you are the account owner). This is to protect your account from unauthorized access. We will respond to your request within the timeframe required by law (for example, within 30 days under some regulations, or notify you if we need more time). If we cannot fulfill your request, we will explain why – for instance, if the request is unduly repetitive, jeopardizes others’ privacy, or is not required by law to be honored.
Your Choices: Aside from formal rights, you have control through various settings:
- You can access and update your profile info at any time via the app.
- You can enable/disable certain data sharing through your device (e.g. location, push notifications).
- You can opt out of marketing emails by unsubscribing.
- If you want to stop all data collection, you can delete your account or as a last resort, uninstall the app (uninstalling alone only stops new data collection on that device; it won’t delete your account data unless you also request account deletion).
- We may provide in-app privacy controls for specific features as needed.
We want you to be in control of your information. If you have any questions or need assistance with managing your privacy preferences, please reach out to us.
Age Restrictions and Children’s Privacy
18+ Only – No Minors Allowed: Pinpot is strictly for users who are 18 years of age or older. We do not permit individuals under 18 to use our platform, and we do not knowingly collect personal information from anyone under the age of 18. When you create an account, you are required to provide your date of birth to confirm that you are at least 18. If we discover (or have reason to suspect) that a user is under 18, we will take immediate action to terminate the account and delete any personal data associated with it. This is both to comply with legal requirements (e.g. COPPA in the U.S. forbids collecting data from children under 13, and Quebec law requires parental consent under 14) and to maintain a safe environment appropriate for adults.
We do not market Pinpot to children, and the content on our service is not intended for anyone under 18. If you are under 18, you are not allowed to use Pinpot. Do not attempt to register or send us any personal information.
Age Verification Measures: To enforce our age policy, we may implement verification checks. For example, we might use automated age estimation tools or require users to complete a one-time photo verification. In some cases, we may request government-issued ID to verify age. Refusal or failure to successfully verify age when requested will result in account suspension or removal. These measures are in place to prevent underage users from accessing the platform and are consistent with industry practices to keep minors off dating and meetup services.
Parental Reporting: If you are a parent or guardian and you become aware that your minor child (under 18) has created a Pinpot account or provided us with personal information, please contact us immediately. We have a dedicated process to handle such reports. You can email us at our support address or use any in-app reporting function to flag the underage account. We will promptly delete the account and all associated personal data of the minor, in accordance with applicable laws. We may ask for some verification (to confirm you are the parent/guardian) before releasing any information about an account. Note that if a user is found to be underage, we will remove them – this is for their own safety and the community’s integrity.
Additionally, within the app, users can report profiles that they suspect are under 18 (or that otherwise violate our guidelines). Our Trust and Safety team will review all such reports. We encourage all users to report any suspicious or underage behavior through the in-app reporting tools (usually accessible via a “Report” option on a profile). This community vigilance helps us maintain a strictly 18+ platform.
By using Pinpot, you affirm that you are at least 18 years old. We reserve the right to ask for proof of age at any time to verify compliance with this policy.
Security Measures to Protect Your Data
Pinpot takes the security of your personal information very seriously. We implement a variety of technical and organizational security measures to safeguard your data against unauthorized access, loss, or disclosure. These measures include, for example:
- Encryption: We use encryption to protect data in transit and at rest. All communications between your app/web browser and our servers are encrypted via HTTPS/TLS. Sensitive information (like passwords or authentication tokens) is stored hashed or encrypted. By encrypting personal data, we ensure that even if data were intercepted or accessed improperly, it would not be easily readable.
- Secure Infrastructure: Our servers are protected by firewalls and network security monitoring. We keep our software and systems updated with security patches. Data is stored in secure facilities and we limit physical and remote access to those systems. We also utilize cloud security best practices (for instance, our cloud providers like DigitalOcean and Cloudinary maintain robust security certifications and protocols).
- Access Controls: Internally, access to personal data is restricted to authorized personnel who need it to operate the service (for example, customer support or technical staff) and is protected by authentication and monitoring. Our team members are trained on data security and privacy requirements. We enforce strict confidentiality agreements with any staff or contractors who handle personal data.
- Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks. We use intrusion detection systems and perform periodic security audits and penetration tests to find and fix weaknesses. We also utilize security features provided by our vendors (e.g., Cloudinary’s content security scanners, Clerk’s authentication safeguards) to add layers of protection. If we detect any suspicious activity or potential breach, we respond promptly to mitigate it.
- Anonymization and Pseudonymization: Where possible, we anonymize or pseudonymize personal data, especially when using it for analytics or improvements. For example, we might aggregate usage data or strip identifiers to analyze trends without directly identifying individuals. This reduces the risk in case of any data leak and aligns with privacy by design principles.
Despite all these efforts, no security measure is 100% perfect. The internet is not completely secure, and we cannot guarantee that your information will never be accessed, hacked, or lost in ways that are not described in this policy. We continuously update our security practices to adapt to new threats, but you should also be aware of your own security: protect your account credentials and use a unique, strong password.
User Responsibility: You play a role in keeping your data secure. We urge you to keep your login credentials confidential and to be cautious about who has access to your devices. Here are some tips (as also reflected in industry guidance) to help keep your account secure:
- Use a strong, unique password for Pinpot that you don’t reuse on other services.
- Never share your password or verification codes with others. Pinpot will never ask you for your password via email or chat.
- Log out of the app if you are using someone else’s device, and use device locks (PIN, fingerprint) so others can’t use your logged-in sessions.
- Be careful about phishing – if you receive emails or messages that look suspicious or ask for personal info, double-check that they are actually from Pinpot.
- Enable additional security features we may offer, such as two-factor authentication (2FA), if available.
If you suspect any unauthorized access to your account or any security breach, please notify us immediately. We may suspend or restrict access to your account to protect you and your data if we suspect any security issue.
Data Breach Procedures: In the unfortunate event of a data breach that affects your personal information happens, we will act promptly. We will contain and investigate the incident, and we will notify affected users and appropriate authorities as required by law (for example, we comply with breach notification laws such as those in GDPR and Canadian law that mandate notifying the data protection authority and users in certain cases). Our goal is to be transparent and help you take protective measures if needed.
Overall, we strive to maintain a level of security appropriate to the sensitivity of the personal data we hold, as required by regulations like GDPR Article 32. We are continuously working to improve our security practices and we invest in safeguards to protect our community.
Third-Party Services and Integrations
Pinpot relies on certain third-party services to function. This section provides more detail about how those services are used and what that means for your data. We want to be clear about who our partners are and how your information might be shared or processed by them, so you can make informed decisions. All third parties we use are obligated to handle your data securely and only for the purposes we've contracted with them.
Here are the key third-party services integrated with Pinpot and what to know about each:
- Authentication (Clerk): We use Clerk for user authentication and account management. When you sign up or log in, Clerk processes your login credentials (email/phone/social login information) and handles features like password storage (using secure hashing), multi-factor authentication, and session management. Clerk may store basic account information (such as your email, hashed password, authentication tokens, and possibly your IP address or device info for security). Clerk acts as a data processor for us – they use your info only to log you in and ensure account security. Clerk is compliant with GDPR and other privacy frameworks; they have measures in place to protect user credentials and personal data. For example, Clerk will never share your login info with anyone except as needed for the service. If you sign in with a third party (like Google or Apple via Clerk), those providers will receive notice that you’re using Pinpot and might share some info with Clerk/us as described in Information We Collect. This entire login process is secure and encrypted. For more details, you can refer to Clerk’s own privacy policy on their website. In summary, Clerk helps us make your sign-in experience both simple and secure, and your data is protected under our agreement with them.
- Cloud Storage & Media (Cloudinary): Pinpot uses Cloudinary to store and deliver user-uploaded images and possibly other media (like videos). When you upload a profile picture or any image in the app, that file is sent to Cloudinary’s servers, where it’s stored in our account’s repository. We do this to efficiently handle images (they provide fast CDN delivery, resizing, etc.). Cloudinary will have access to the content of your images since they host them, but not to other personal information. The URLs for your images may be accessible to those who know them, but we use unguessable identifiers to keep them reasonably protected. We advise users not to upload anything they wouldn’t want to be public. Cloudinary is a reputable cloud service that implements strong security (including encryption in transit and at rest for stored files). They only processes our data under our instructions. If you delete an image or your account, we will delete the image from Cloudinary as well, though there might be brief caching on their CDN that expires shortly. By using Pinpot, you agree to Cloudinary’s processing of your images on our behalf. Cloudinary’s privacy policy is available on their site if you want to read more. We ensure that Cloudinary does not use your photos for any purpose other than storing and retrieving on our request.
- Hosting (DigitalOcean): Our application code and services run on DigitalOcean’s cloud infrastructure. When you use Pinpot, your requests are processed by our servers on DigitalOcean. They provide the reliable environment that allows Pinpot to function 24/7. DigitalOcean is certified with international security standards such as ISO 27001 and SOC 2, and they implement robust firewalls and network security measures. DigitalOcean acts as our hosting provider and does not access or use the data beyond what is necessary to maintain the infrastructure. They may transfer data across borders for redundancy or backup, but always under strict security protocols. If DigitalOcean engages any subcontractors (e.g., for hardware maintenance), those parties must also comply with rigorous data protection standards. DigitalOcean is contractually forbidden from viewing, using, or sharing our data for any unauthorized purpose.
- Database Storage (Neon): Your account data (profile info, posts, and other records) is stored in a managed database service provided by Neon. Neon hosts our primary database and keeps it backed up to ensure reliability and quick access. Whenever you log in or interact with Pinpot (e.g., creating or editing a post), the application communicates with Neon’s servers to read and write information. While Neon physically stores the data, they act solely as our data processor and do not examine or use your personal details beyond providing secure storage. Neon’s staff and systems are bound by confidentiality and data protection agreements. We also implement encryption and other safeguards at the database level, so your data remains protected against unauthorized access. Like any reputable cloud provider, Neon may be legally required to disclose stored data under certain circumstances (e.g., a valid court order), but only as strictly mandated by law.
By using Pinpot, you acknowledge that both DigitalOcean and Neon handle your data on our behalf. We choose these providers for their strong security practices, and we maintain strict agreements with them to ensure your data remains confidential and is processed only under our instructions. If you have questions about our hosting or database infrastructure, please contact us at the information provided in the “Contact Us” section of this Privacy Policy.
- Location and Places (Google Maps Platform): As mentioned earlier, Pinpot integrates Google’s Places API for location-based features. This allows us to convert addresses to map coordinates, suggest places or venues, and display map information. When you use a Pinpot feature that involves maps or location search (for example, searching for a meetup location by name or viewing a map in-app), certain information is sent to Google’s servers. This may include your current GPS location (if you are looking for nearby places) or the query text you input (like the name of a café). Google may log these requests (e.g., for service improvement or auditing) and they will handle that data under their own privacy policy. As noted, by using these features you agree to Google’s Terms of Service for Maps. We incorporate Google’s Privacy Policy by reference, meaning their policy applies to any data they receive through Pinpot’s use of their API https://policies.google.com/privacy. Importantly, we do not send your Pinpot account info (like your name or user ID) to Google when making map requests; we only send the necessary location/query data. Google may receive your device’s IP address and location as part of the API call. We do not permanently store the raw data Google returns except as needed (e.g., the name and coordinates of a place you select will be saved to your event details). If you prefer not to have any data shared with Google’s services via Pinpot, you can opt not to use features that involve maps (though core functionality of our app may depend on it). You could also disable location access, but then location-based functions will not work. We want to assure you that Google is only involved to provide maps functionality – they are not getting your messages, profiles, or any unrelated personal data from us. Please see Google’s own privacy policy for how they handle any data collected through Maps/Places.
- Notifications (Expo): Pinpot uses Expo to send push notifications to your device. Notifications can include alerts about post responses, reminders for upcoming events, or relevant app updates. When you enable notifications in the Pinpot app, Expo processes certain device information (like a push token) so we can deliver timely alerts. Expo does not have access to the contents of your posts, messages, or other sensitive data; it only handles the routing of notification messages that contain limited contextual info (e.g., a brief text or ID reference). Expo’s infrastructure is protected by industry-standard security measures. You can turn off push notifications at any time by adjusting your device settings. If you do so, Expo will no longer receive your device’s push token, and you will stop receiving real-time notifications from Pinpot.
- Analytics and Other Tools: (If applicable) We may use third-party analytics services (such as Google Analytics or similar) to collect aggregated information about app usage. These services might use device identifiers or cookies to help us understand usage patterns. Any third-party analytics tool will be configured to minimize data sharing (for example, IP anonymization if available) and will not receive direct personal identifiers like your name. We use analytics purely to improve the product. You typically can opt-out of such analytics by using built-in settings or contacting us. If we use any analytics or error tracking services, we will list them here and ensure they are GDPR/CPPA compliant as processors. (Currently, Pinpot’s primary third-party services are the ones listed above.)
- Social Media or Sharing Features: If Pinpot offers the ability to link or share content to third-party social networks (like an “Share this on Facebook” option or logging in via Facebook), those external services might receive some data. For example, if you share a Pinpot event link on Twitter, Twitter’s own privacy policy governs what they do with that shared content on their platform. Similarly, if we allow you to import data from another service (say, import your profile picture from Instagram), we will clearly ask your permission and explain what is imported. Those actions are completely voluntary.
Each third-party service that we integrate is carefully vetted, and we ensure there are appropriate contracts (Data Protection Addendums, etc.) in place to protect user privacy. We also list these services in our Privacy Policy to maintain transparency. However, please note: if you navigate away from Pinpot to third-party websites or services (for example, by clicking an external link someone shared in a post description), this Privacy Policy no longer applies. Always review the privacy policies of other sites or apps you visit, since we aren’t responsible for the practices of sites not under our control.
If you have any questions about our third-party partners or what data they might receive, feel free to reach out to us. We strive to keep this list updated as our app evolves and new integrations are added or removed.
User Consent and Policy Acceptance
By creating an account or otherwise using Pinpot, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.
Consent Mechanisms: When you first sign up, we will present you with this Privacy Policy (for example, via a link or as part of the onboarding flow) and by proceeding you indicate your consent. In certain cases, we may ask for consent through a clear affirmative action (such as checking an “I Agree” box) especially if required by law for your region.
We also obtain specific consents for particular data processing activities when needed:
- We will ask for your consent to access sensitive device information like your location (via the mobile OS prompt)or your photos (if we implement features requiring those) or notification service. You have the choice to allow or refuse, and you can change your mind later in your device settings.
- If we introduce any new purposes for using your data that are not covered by this policy, we will seek your consent before doing so.
- For users in jurisdictions that require opt-in consent for certain cookies or tracking (like the EU’s ePrivacy Directive), we will present a cookie consent banner or similar mechanism on our website.
You have the right to withdraw your consent at any time when we process your info based on consent. To do so, you can adjust your app or device settings, or contact us for assistance. Note that withdrawing consent will not affect the lawfulness of processing that has already happened, but it will prevent future processing of the specific data or for the specific purpose you withdraw from (for example, if you withdraw consent for location, we stop collecting it going forward). If you withdraw consent for something essential (like our general Terms or this Policy), we might have to close your account as we cannot provide the service otherwise.
Using Pinpot is voluntary – if you do not agree with our Privacy Policy or any updates to it, you should stop using the app and delete your account. We will treat continued use of the service as acceptance of the terms of the Privacy Policy in effect at that time.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time as Pinpot evolves or as privacy laws change. If we make significant (material) changes, we will notify you in advance and give you the opportunity to review the revised policy before it becomes effective. Notifications may be done via email (to the address associated with your account) or via an in-app alert, and will explain the key changes. Minor updates (such as clarifications or grammatical fixes) that do not materially affect your rights will be posted on our site or in the app with a new effective date.
We encourage you to review this Policy periodically to stay informed about how we protect your information. If you continue to use Pinpot after a Privacy Policy update takes effect, it means you have accepted the revised policy. If you do not agree to the changes, you may delete your account at any time.
The “Effective Date” at the top of this Policy indicates when the latest changes became applicable.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and committed to addressing any privacy-related issues.
Contact Information:
Email: [email protected]
Mail: Pinpot Inc. Privacy Office – 2244 St Joseph Blvd E, Montréal,
QC H2H 1G2, Canada
When you contact us about a privacy matter, please include your name, contact information, and a detailed description of your request or concern. We will respond as soon as possible, and at most within any timeframe required by law.
If you’re not satisfied with our response, and depending on your jurisdiction, you may have the right to reach out to a regulatory authority (such as the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, your state Attorney General’s office in the U.S., or a Data Protection Authority in the EU/UK). But we genuinely hope to resolve any issue directly and promptly.
Thank you for reading our Privacy Policy. We value your trust, and we are continuously working to keep Pinpot a safe and private community for everyone. Your use of Pinpot is subject to this Privacy Policy as well as our Terms of Service. We appreciate you being a part of the Pinpot community and will always strive to protect your personal information and privacy rights.