Privacy Notice
Effective Date: Dec 1, 2025
1. Introduction
This Privacy Policy outlines how Pinapose collects, uses, and protects your personal information. We are committed to protecting your privacy and ensuring that your personal information is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2. Information We Collect
When you use Pinapose, we may collect the following types of personal information:
- Information you provide: This includes your username (aka nickname), email address, phone number and any other information you voluntarily provide when creating an account or using our services.
- Photo uploads: If you upload photos and comments to Pinapose, we will collect and store them both tagged with your nickname and phone number.
- Billing information: If you purchase our services, we collect billing details such as your name, address, VAT number (for businesses), and payment transaction data processed through our payment provider.
- Usage data: We may collect information about how you use Pinapose, such as your IP address, browser type, and the pages you visit.
3. How We Use Your Information
We may use your personal information for the following purposes:
- To allow event organizers to display to other guests and participants the uploaded photos and comments via a projector or video wall for creating a pleasant and interactive effect during the event.
- To allow the event organizer to creata and store a photo album of the event for their personal use.
- To provide and improve our services.
- To communicate with you about your account, our services, and updates.
- To personalize your experience on Pinapose.
- To comply with legal and regulatory requirements.
4. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected. We may also retain your information for a longer period if required by law or for legitimate business purposes.
When the event organizer archives the Pinapose, we will permanently delete all photos and comments you have uploaded for this event. We will also delete your account if it is not linked with other active Pinapose records.
5. Your Rights
Under the GDPR, you have certain rights regarding your personal information, including:
- Access: You have the right to request access to your personal information.
- Rectification: You have the right to request the rectification of inaccurate personal information.
- Erasure: You have the right to request the erasure of your personal information under certain circumstances.
- Restriction of processing: You have the right to request the restriction of processing of your personal information under certain circumstances.
- Data portability: You have the right to request the transfer of your personal information to another organization in a structured, commonly used, and machine-readable format.
- Object: You have the right to object to the processing of your personal information for certain purposes.
To exercise your rights, please contact us using the information provided in Section 8.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the internet or electronic storage is completely secure. Please be aware that there is always a risk of unauthorized access to your information.
7. Third-Party Services (Sub-processors)
We use trusted third-party service providers (sub-processors) to help us deliver our services. These providers process personal data on our behalf under strict contractual obligations that comply with GDPR requirements, including appropriate safeguards for international data transfers.
Our Sub-processors:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Firebase | Authentication, database, file storage | Account data, photos, event data | EU/US (auth) |
| Google Cloud Platform | Media processing, hosting | Photos, videos | EU |
| Stripe | Payment processing | Billing information, transaction data | EU/US |
| Amazon Web Services (AWS) | Transactional emails | Email address, name | EU |
| Cloud Services IKE | Electronic invoicing | Billing information | EU |
Data Protection Measures:
- Google (Firebase & Cloud Platform): Google is certified under the EU-US Data Privacy Framework and processes data in accordance with their Data Processing Terms. Our data is stored in EU regions except Firebase Authentication data.
- Stripe: Stripe acts as an independent data controller for payment data and is certified under the EU-US Data Privacy Framework. See Stripe's Privacy Policy.
- Amazon Web Services: AWS processes email delivery data under Standard Contractual Clauses (SCCs) and is certified under the EU-US Data Privacy Framework. See AWS GDPR Center.
- Cloud Services IKE: Cloud Services IKE processes billing data in accordance with GDPR and their Privacy Policy
International Transfers:
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework certifications
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Processing in EU data centers where possible
You may request a copy of the relevant safeguards by contacting us at the address provided in Section 8.
8. Contact Use
If you have any questions about this Privacy Policy or our practices, please contact us at:
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be effective immediately upon posting on this page. We encourage you to review this Privacy Policy periodically for any updates.