Last updated 2026-05-02

Privacy Policy

[Your Legal Entity Name — e.g. Pinzly Inc.]("we," "us," or "our") operates the Pinzly mobile application and related services ("Pinzly," the "App", or "Service"). This Privacy Policy describes how we collect, use, disclose, store, and safeguard information — including approximate or precise location with your permission where applicable — before you download or use Pinzly.

Summary

Pinzly helps users discover spots, nightlife, hikes, events, pop-ups and other experiences based on relevance, community activity, editorial choices, availability, and, where you allow it, proximity. We aim to minimize data collection while delivering a dependable experience on iOS and Android.

Who we are & how to reach us

• Privacy contact: privacy@pinzly.io
• Postal / legal entity: add your mailing address on this page when you finalize [Your Legal Entity Name — e.g. Pinzly Inc.].

Information we may collect

The specifics depend on the features shipped in each build and the permissions you grant — including whether you create an account. Categories below represent common mobile app scenarios; revise them after your counsel reviews actual SDKs, logging, backends, and data flows.

Identifiers & account information

• Authentication identifiers issued by identity providers you choose (Apple, Google, email magic links — not passwords when SSO is used).
• Profile fields you voluntarily add (display name, photo, biography, bookmarks, RSVP / check-ins) when those features exist.

Location-related information

Pinzly is built around what is happening around you. With permission, we may derive location signals (approximate locality from network-derived signals or more precise latitude / longitude from GPS sensors) so we can personalize nearby suggestions. You may withdraw location authorization in OS settings at any time; some features rely on it and may be limited afterward.

Device, diagnostics & analytics (may contain identifiers or usage data)

• Crash/error diagnostics supplied by trusted mobile SDK vendors, including app version, timestamps, aggregated performance metrics.
• Product analytics capturing coarse interaction patterns (sessions, taps, onboarding funnels). Where jurisdictions require suppression or opt-outs, we configure vendors accordingly once counsel confirms classifications.

Purchase & billing data

Paid features (if launched) rely on Apple App Store transactions and/or Google Play Billing. We do not receive complete payment card PANs from those storefronts — but we may receive entitlement status, SKU identifiers, refunds, receipts, audit signals.

Sensitive categories

We generally do not request health diagnoses, biometric templates tied to authentication, passports, ethnicity, philosophical beliefs, etc. Avoid entering unusually sensitive information into free-text fields.

How we use information

• Authenticate accounts, prevent abuse, secure sessions.
• Personalize discovery (ranking relevance, locality features, trending lists).
• Operate infrastructure, troubleshoot incidents, prioritize fixes.
• Comply with law, cooperate with lawful requests.

How we share information

We do not sell personal information for monetary consideration beyond standard mobile advertising jargon without additional disclosure. Typical recipients include processors / subprocessors strictly necessary to operate the Service (examples: cloud databases, CDN, observability/logging, attribution partners, email delivery). Maintain an up-to-date subprocessor appendix with counsel.

Retention

We retain data only as long as needed for the purposes above, troubleshooting, or legal/regulatory mandates. Deleted accounts purge active profile payloads where technically feasible although immutable audit logs/backups might persist on delay schedules.

California & comparable US notices

Residents of jurisdictions like California may have rights relating to access, deletion, correction, portability, and opt-outs for certain sharing. Describe the specific categories ("sold/shared") after your DPIA aligns with factual marketing stack.

• Submit requests via privacy@pinzly.io with identifiers we can authenticate.

European Economic Area / UK considerations

Depending on applicability, lawful bases include contract performance, legitimate interests balanced against risks, consent for optional cookies/ trackers, compliance duties. Individuals may escalate complaints to supervisory authorities.

Children

Pinzly is not aimed at children under 13 (adjust age per local statutes). Guardians spotting unauthorized child data — email privacy@pinzly.io.

International transfers

Data may be processed in the United States and other regions where service providers maintain facilities. When cross-border transfers require safeguards, we implement appropriate mechanisms (e.g., Standard Contractual Clauses) consistent with counsel guidance.

Your choices & rights

• Location: toggle permissions in Settings; background access ceases instantly when revoked.
• Marketing: marketing communications (if launched) honor unsubscribes; transactional notices may continue until account closure.
• Deletion: use in-app tooling when available — otherwise email privacy@pinzly.io. Retention carve-outs remain for lawful holds.

Security

We encrypt data in transit, restrict production access via least-privilege tooling, audit providers, rotate credentials — yet no method eliminates all risk. Report vulnerabilities via privacy@pinzly.io.

Changes to this policy

Meaningful updates revise this URL, refresh the revision date atop the policy, and optionally ship in-app summaries for major shifts. Continued usage after an update constitutes acknowledgement except where heightened consent regimes apply.

This document is scaffold text for storefront compliance — obtain qualified legal review before labeling App Privacy details.