Privacy Policy

Last Updated: February 7, 2026

1. Introduction

Thank you for choosing to use Pinio. We're excited to have you on board! At Pinio, your privacy and trust are our top priorities. This Privacy Policy explains in a straightforward way how we collect, use, and protect your personal data when you use our app and related services.

Pinio is a powerful mobile application designed to help you save, organize, and discover content from social media in smarter ways. Behind the scenes, we use advanced AI and secure cloud technologies to make your experience seamless and personalized — all while respecting your privacy.

We want you to feel confident that your data is handled responsibly and transparently. This document outlines what information we collect, why we collect it, who we share it with, and your rights as a user.

2. Responsible Party

In compliance with the General Data Protection Regulation (GDPR), the person responsible for processing your personal data in connection with Pinio is:

Pinio App - Adrian Gruber c/o Online-Impressum.de #4751 Europaring 90 53757 Sankt Augustin Germany

Email: hello@pinio-app.com

If you have any questions or concerns about your data, please don't hesitate to reach out.

3. Information We Collect

We only collect information that is essential for providing, maintaining, and improving our service.

Information You Provide to Us:

• Account Information: When you create a Pinio account, we collect your email address and a securely hashed version of your password. If you sign in via Apple or Google, we receive the information you authorize those services to share (typically your name and email).
• Content Data: We store all the content you save to Pinio. This includes "Pins" (the original items you share, like URLs and their metadata) and "Discoveries" (the specific information like Places, Recipes, or Products that our AI processes for you).
• Communications: If you contact us for support via email, we will keep a record of that conversation to help resolve your issue.

Information Collected Automatically:

• Crash and Performance Data: To keep Pinio running smoothly, we automatically collect data related to app crashes and performance issues. This includes information like your device type, operating system version, and unique device identifiers, which helps us identify and fix bugs quickly.
• Website Analytics (Landing Page Only): On our website (pinio-app.com), we use Vercel Analytics and Vercel Speed Insights to understand how visitors use our site. This collects page views, navigation events, browser and device information, geographic region, and Core Web Vitals performance metrics. This data is collected in an aggregated, non-personally-identifiable manner. No analytics tracking is used inside the mobile app itself.

4. How We Use Your Information & Our Legal Basis

We process your data for specific purposes, and we only do so when we have a legal basis under GDPR.

• To Provide and Maintain Our Service (Legal Basis: Art. 6(1)(b) GDPR - Contract Fulfillment):

  • To create and securely manage your user account.
  • To enable the app's core features, allowing you to save, organize, and access your "Pins" and "Discoveries."
  • To process any in-app purchases or subscriptions you make.

• For AI-Powered Content Processing (Legal Basis: Art. 6(1)(b) GDPR - Contract Fulfillment):

  • To power the "Discoveries" feature, we send content from your "Pins" to external AI services (Google Gemini) through a secure, automated workflow. This processing is essential to analyze your content and deliver the specific information you request (like places or recipes). The AI processing is fully automated but does not produce legal effects or similarly significant decisions about you. You can review, edit, or delete any AI-generated Discoveries at any time.

• For Place Enrichment (Legal Basis: Art. 6(1)(b) GDPR - Contract Fulfillment):

  • When our AI identifies a place from your saved content, we use the Google Places API to enrich it with additional details like address, coordinates, ratings, and photos, so you can view your saved places on a map.

• To Improve App Stability (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest):

  • We have a legitimate interest in making our app reliable. We use crash and error data to monitor performance, diagnose problems, and improve the overall user experience.

• To Improve Our Website (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest):

  • We have a legitimate interest in understanding how our website is used. We use Vercel Analytics to monitor page performance and visitor patterns on our landing page.

• To Communicate With You (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest):

  • We use your contact information to respond to your support requests and feedback.
  • We also use it to send you essential push notifications related to your app activity (e.g., when a Discovery is ready). You can manage these at any time in your device's settings.

5. Data Sharing and Disclosure

We do not sell your personal data. We only share it with trusted third-party partners who help us provide and improve our service. We have appropriate data processing agreements in place with all service providers listed below.

• Supabase: We use Supabase for our entire backend infrastructure. This includes our database, storage for your "Pins" and "Discoveries," and user authentication. All data is stored on servers located in the European Union.
• RevenueCat: We use RevenueCat (based in the USA) to securely process in-app subscriptions and purchases. We share your user ID and transaction-related information with them to manage your subscription status.
• Sentry: We use Sentry (based in the USA) for crash reporting and error monitoring. When the app encounters an issue, anonymized data about the event is sent to Sentry so we can fix it.
• Expo: We use Expo's push notification service to reliably deliver push notifications to your device. Your device's push token is shared with Expo for this purpose.
• Google Gemini: To power our "Discoveries" feature, content from your "Pins" is sent for analysis to Google's Gemini AI API (based in the USA) through our secure processing workflow. We only send the necessary content for analysis and never share your personal account information in this process.
• Google Places API: When a place is identified from your content, we use the Google Places API (based in the USA) to retrieve enriched location data such as addresses, coordinates, ratings, and photos.
• Mapbox: We use Mapbox (based in the USA) to render interactive maps within the app. When you view the map, Mapbox may receive your viewport coordinates and IP address to load the appropriate map tiles.
• Vercel: We use Vercel (based in the USA) to host our website and to collect website analytics and performance metrics on our landing page only. No personal data from the mobile app is shared with Vercel.

6. International Data Transfers

Your core data (Pins and Discoveries) is stored within the European Union via our Supabase infrastructure. However, some of our service providers operate outside the European Economic Area (EEA), primarily in the United States (RevenueCat, Sentry, Expo, Google, Mapbox, and Vercel). When your data is transferred to these services, we ensure it is protected to the same high standards as in Europe, using safeguards such as Standard Contractual Clauses (SCCs) and, where applicable, reliance on the EU-U.S. Data Privacy Framework (DPF) for certified recipients, as required by GDPR.

7. Your Data Protection Rights under GDPR

You have comprehensive rights over your personal data. You can exercise them at any time by contacting us at hello@pinio-app.com.

• Right to Access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16 GDPR): You can ask us to correct any inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You can request the deletion of your personal data from our systems. You can also delete your account directly within the app's settings.
• Right to Restriction of Processing (Art. 18 GDPR): You can ask us to limit how we use your data.
• Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format to transfer it elsewhere.
• Right to Object (Art. 21 GDPR): You can object to our processing of your data when we are relying on a legitimate interest.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to file a complaint with your local data protection authority if you believe our processing violates data protection laws. The competent supervisory authority for our business is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany.

We will respond to your request within 30 days of receipt. If your request is complex, we may extend this period by up to 60 days, in which case we will inform you of the extension.

8. Data Retention

We keep your personal data only for as long as it is necessary to provide you with the Pinio service or to comply with our legal obligations. Specifically:

• Account data (email, profile): Retained for the duration of your account. Deleted within 30 days of account deletion.
• Content data (Pins and Discoveries): Retained for the duration of your account. Deleted within 30 days of account deletion.
• Crash and performance data: Retained for 90 days, then automatically purged.
• Support correspondence: Retained for 12 months after the issue is resolved, then deleted.
• Website analytics data: Retained by Vercel in accordance with their data retention policies (typically up to 12 months in aggregated form).

Backup copies of your data may persist for up to 30 additional days after deletion from our active systems.

9. Automated Processing

Pinio uses artificial intelligence (Google Gemini) to analyze the content you save and generate "Discoveries" such as places, recipes, products, and events. This processing is fully automated. While we strive for accuracy, AI-generated results may not always be complete or correct. You are always in control: you can review, edit, or delete any AI-generated Discovery at any time. This automated processing does not produce legal effects or similarly significant decisions concerning you.

10. Children's Privacy

Pinio is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have, we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date.

12. Android Waitlist

If you sign up for our Android waitlist on our website, we collect your email address for the sole purpose of sending you a one-time notification when Pinio becomes available on Android. Your email is stored securely with our email service provider, Resend (based in the USA), in a dedicated audience list. We process this data based on your explicit consent (Art. 6(1)(a) GDPR). You can withdraw your consent and request deletion of your email at any time by contacting us at hello@pinio-app.com. Your waitlist email will be deleted after the Android launch notification is sent.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please do not hesitate to contact us at: hello@pinio-app.com.