Privacy policy

A private individual operating the Pinmate project. Full identity and correspondence address are disclosed on request via privacy [at] pinmate [dot] app — we reply within 14 days.

• Email address — for sign-up, transactional mail (verify, 2FA, reminders), and the newsletter (if you opt in).
• Display name (optional), bio, social handles, home location latitude/longitude — only if you fill them in your profile.
• Pins you create: title, description, category, time, location, social link.
• Newsletter consent metadata: timestamp, IP, user-agent — proof of consent under GDPR Art. 7.
• Session cookie (httpOnly), push subscription endpoint (only if you enable push).

• Run your account: sign-in, 2FA, password reset, password storage (argon2 hashed).
• Show your pins on the map for other users in your area to find and RSVP.
• Send the occasional newsletter — only if you've opted in via double opt-in.
• Detect abuse, rate-limit auth, and keep things working.

Account features: contract performance (GDPR Art. 6(1)(b)). Newsletter: consent (GDPR Art. 6(1)(a)). Security and fraud prevention: legitimate interest (GDPR Art. 6(1)(f)).

Account data: as long as your account exists, deleted within 30 days of account deletion. Newsletter records: until you unsubscribe, after which we keep a soft-deleted row to honour your unsubscribe choice. Server logs: rotated within 30 days.

• Request a copy of your data.
• Correct anything wrong (most fields editable in Settings).
• Delete your account and all associated data.
• Object to processing or withdraw consent any time — newsletter unsubscribe is one click.
• Receive a copy of your data in a structured, commonly-used format to move it elsewhere (GDPR Art. 20).
• Lodge a complaint with your data-protection authority (in Poland: UODO, https://uodo.gov.pl).

Pinmate is not directed at users under 16. Under GDPR Art. 8 the minimum age for consent to information-society services in Poland is 16. If you're under 16, please don't sign up without your parent or legal guardian's permission.

Pinmate uses the following processors: Elastic Email Inc. (transactional + newsletter sends — Canada, EU adequacy decision for PIPEDA-bound organisations), MapTiler AG (map tiles — Switzerland, EU adequacy decision), Cloudflare, Inc. (DNS, CDN, DDoS protection, email forwarding — USA, under SCCs and Data Privacy Framework), OVH SAS (VPS hosting — France, EU). After you opt in to analytics cookies: Google LLC (Tag Manager + Analytics 4 — USA, under SCCs and Data Privacy Framework). We don't sell or share data with anyone else.

For data-protection requests, write to privacy [at] pinmate [dot] app. For anything else: hello [at] pinmate [dot] app. We reply within 30 days as required by GDPR Art. 12.