Privacy Policy — Pinchanted

Section 01

Overview

This Privacy Policy explains how Pinchanted ("we", "us", or "our") collects, uses, and shares your information when you use the Pinchanted mobile application and website (collectively, the "Service").

By using Pinchanted, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data with care and transparency.

Section 02

Information We Collect

We collect the following types of information when you use Pinchanted:

Account information — your display name and profile picture, and the email address provided by your sign-in provider
Authentication data — sign-in is handled through Google or Apple; we receive a secure token to establish your session and do not collect or store any password
Date of birth — collected once when you create your account, used only to confirm you are 18 or older
Collection data — pins you've added, wishlists, trade history, and pin images you upload
Subscription status — managed through the Apple App Store and Google Play via RevenueCat
Device and usage data — IP address, device type, operating system, and app usage patterns
Shipping address — collected when you participate in trades, used solely to facilitate delivery
Push notification tokens — to deliver real-time trade and activity updates to your device

Section 03

AI Processing

When you use the AI Pin Identification feature, the image you photograph is sent to OpenAI's API for analysis. This allows us to generate a description of the pin, match it against our reference database, and return details such as name, series, edition, and release date.

Images sent for AI processing are used solely for pin identification purposes and are not used to train AI models. OpenAI's data handling is governed by their privacy policy and API data-usage terms.

Section 04

How We Use Data

We use the information we collect to:

Operate and deliver the Pinchanted app and its features
Authenticate users and maintain secure sessions
Process and manage subscription payments
Send push notifications for trades, marketplace activity, and account updates
Identify Disney pins using AI analysis
Improve app features and user experience
Respond to support requests and inquiries

Section 05

Third-Party Services

Pinchanted uses the following third-party services to operate:

Supabase

Database, authentication & storage

OpenAI

AI pin identification

Google / Apple Sign-In

Account sign-in

RevenueCat

Subscription management

Apple App Store

iOS payments & distribution

Google Play

Android payments & distribution

Firebase (Google)

Push notifications (Android)

Expo

Push notifications (iOS)

IONOS

Email delivery

Section 06

Data Storage

Shipping addresses are collected solely to facilitate pin trades between collectors and are shared only with the other party in a confirmed trade. They are not used for any other purpose and are deleted upon account deletion or within 90 days of trade completion.

Your data is stored securely on Supabase infrastructure. Data may be stored in Canada, the United States, or other jurisdictions where our service providers operate. We take reasonable steps to ensure your data is protected regardless of where it is stored.

Pin images you upload are stored in Supabase Storage. We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us.

Section 07

Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your account and personal data
Withdraw consent for data processing where applicable
Lodge a complaint with a relevant data protection authority

To exercise any of these rights, please contact us at the address below. We will respond to requests within 30 days.

Section 08

Security

We take the security of your data seriously. Pinchanted uses the following measures to protect your information:

TLS/HTTPS encryption for all data in transit
Sign-in handled by Google and Apple — we never see or store your password
Session token expiration and rotation
Row-level security policies on our database
Regular security reviews of our infrastructure

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

Section 09

Children's Privacy

Pinchanted is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact us and we will promptly delete it.

Section 10

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us:

✉

Privacy inquiries

support@pinchanted.ca