Legal
Privacy Policy
How PinBridge collects, uses, shares, and protects personal data and customer data.
Effective Date: March 2, 2026
Last Updated: March 2, 2026
Controller: Amendorg LLC, Sheridan, Wyoming, USA
Contacts: privacy@pinbridge.io, security@pinbridge.io, legal@pinbridge.io
PinBridge is a global SaaS product operated by Amendorg LLC. This Privacy Policy applies to the PinBridge website, product, APIs, billing workflows, and support interactions. If you are using PinBridge for a business, Amendorg LLC generally acts as the controller for account, billing, security, and website data, and may act as a processor or service provider for customer data that you choose to place in the Service.
1. Data We Collect
We collect the following categories of personal data and account data:
- Mandatory account data: name and email address.
- Optional business and billing profile data: company name, company website, phone number, tax ID, and full address.
- Security and technical data: IP address, device and browser metadata, request metadata, authentication events, and diagnostic logs.
- Payment and billing data: billing contact details, subscription status, invoice metadata, and transaction records from our payment processor. PinBridge does not store full payment card numbers.
- Product data processed in the Service: generated pins, boards, Pinterest accounts, webhooks, API keys, scheduling and status metadata, and related operational records.
- Pinterest OAuth credentials: access and refresh tokens needed to connect Pinterest accounts. These tokens are encrypted at rest before storage.
- Support and correspondence data: information you send to us through support, privacy, legal, security, or other role inboxes.
2. How We Use Data
We use personal data and customer data to:
- Create and manage accounts, authenticate users, and provide the Service.
- Connect Pinterest accounts and operate publishing, scheduling, webhook, and API features.
- Process payments, manage subscriptions, prevent fraud, and handle billing disputes.
- Monitor reliability, investigate incidents, prevent abuse, and secure the platform.
- Respond to support requests, privacy requests, legal requests, and security reports.
- Measure website usage and improve the marketing site and documentation.
- Comply with legal obligations, accounting requirements, and lawful requests.
3. Legal Bases for Processing
Where GDPR or similar laws apply, our legal bases are:
- Contract: to provide the Service, create accounts, authenticate users, connect Pinterest, process subscriptions, and deliver requested support.
- Legitimate interests: to secure the Service, detect abuse, maintain logs, debug issues, improve reliability, defend legal claims, and manage our business operations.
- Consent: for non-essential website analytics technologies where consent is required by law.
- Legal obligation: to retain records required for tax, accounting, sanctions, law enforcement, or other compliance obligations.
4. Cookies, Local Storage, and Analytics
PinBridge uses essential browser storage and similar technologies for sign-in state, theme preference, and basic site functionality. We also use a non-essential website analytics tool on the public site to understand traffic and usage patterns.
The website now presents an analytics choice before non-essential analytics is loaded. You can decline analytics in the banner, block cookies through your browser, or contact privacy@pinbridge.io if you need help changing your preference. Product functionality does not require accepting non-essential analytics cookies.
5. Sharing and Subprocessors
We disclose data to service providers only as needed to operate PinBridge, process payments, deliver communications, or secure the Service. We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
| Category | Purpose | Data Categories |
|---|---|---|
| Hosting and infrastructure | Application hosting, storage, networking, and backups | Application infrastructure, stored customer data, logs, and backups processed in the normal operation of the Service. |
| Transactional email delivery | Account, billing, and service emails | Recipient email address, message content, and delivery metadata needed for transactional email. |
| Mailbox hosting and inbound email | Role inboxes and inbound communications | Inbound messages sent to PinBridge role inboxes and related mail routing metadata. |
| Billing and payment processing | Subscription billing, invoicing, and payment operations | Billing contact details, payment status, invoice metadata, and transaction records. Full payment card data is handled by the payment processor. |
| Website analytics | Traffic measurement and site improvement | Website usage events, device or browser metadata, and analytics cookies where enabled. |
| Error monitoring | Application diagnostics and incident investigation | Planned only. If enabled, error and diagnostic metadata may be processed for monitoring. |
| AI feature providers | Future AI-powered features | Not currently used in production. If introduced later, this policy will be updated before use. |
We may also disclose data to advisors, auditors, acquirers, courts, regulators, or law enforcement where legally required or reasonably necessary to protect rights, safety, and the Service. Current subprocessor details may be provided through security or legal review channels where appropriate.
6. International Transfers
PinBridge is offered globally. Your data may be processed in countries other than your own, including the United States and other locations where our providers operate. Where required, we may rely on recognized transfer mechanisms under applicable law, including contractual measures and provider commitments, but we do not make claims about any single transfer framework unless we have specifically implemented it.
7. Retention
We retain data based on the category of data and the purpose for which it was collected:
- Account and profile data: retained until account deletion or as long as needed to maintain the account relationship.
- Customer data in the Service, including pins, boards, Pinterest account records, webhooks, and API keys: retained until deleted by the customer, removed through product workflows, or deleted as part of account closure.
- OAuth tokens: retained until the connected account is removed, credentials are rotated, or the related workspace or account is deleted.
- Billing and tax records: retained as needed for accounting, tax, fraud prevention, and dispute handling.
- Operational and security logs: retained for a short period needed for security, troubleshooting, and abuse prevention. Retention periods are being formalized as plan-based controls and are not yet exposed in-product.
8. Deletion Requests
To request account deletion or a privacy review, email privacy@pinbridge.io from the account email address. We may need to verify identity before acting on the request.
When an account deletion request is completed, we generally delete or de-identify:
- Account profile data and connected workspace records that are no longer needed.
- Stored Pinterest connections, encrypted tokens, API keys, pins, boards, and webhooks linked to the account.
- Support materials that are no longer needed for legal, security, or operational reasons.
We may retain limited information after deletion where required to:
- Meet legal, tax, accounting, or dispute-resolution obligations.
- Maintain security records, fraud-prevention history, and abuse-prevention controls.
- Preserve backup and disaster-recovery copies until they cycle out in the ordinary course.
9. Security
PinBridge uses administrative, technical, and organizational safeguards designed to protect data. Current controls include TLS in transit, encrypted-at-rest storage for Pinterest OAuth tokens, workspace-scoped access controls, and access boundaries described on the Security page. In the current API implementation, Pinterest OAuth tokens are encrypted with Fernet before being written to the database, using a master key supplied through environment configuration. We do not currently claim SOC 2, ISO 27001, or similar certification.
If we confirm a reportable security incident affecting customer data, our incident-response goal is to notify affected customers in less than 24 hours after confirmation, subject to the needs of investigation and applicable law.
10. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or request portability of certain personal data, and to appeal a denied request where applicable. California residents may also have rights relating to disclosure, deletion, correction, and non-discrimination. To exercise a right, contact privacy@pinbridge.io.
11. Children
PinBridge is not intended for children under 13. We align our minimum age requirement with Pinterest's minimum age requirement. If you believe a child under 13 has provided data to PinBridge, contact privacy@pinbridge.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make a material change, we will update the Last Updated date on this page and may provide additional notice by email, in-app, or on the website where appropriate.
13. Contact Us
Privacy requests: privacy@pinbridge.io
Security reports: security@pinbridge.io
Legal and contract matters: legal@pinbridge.io