Privacy Policy

We collect the following information:

• Account information: First name, phone number, 4-digit PIN (stored as a hashed password — we never see your actual PIN)
• Venue information: Venue name, location, industry type, team member details
• Menu files: PDFs, images, and documents you upload for distribution
• Usage data: Page views, feature usage, device type, session recordings (anonymised)
• Analytics data: Public menu view counts, device types, referrers

• To provide and improve the Service
• To authenticate your identity via SMS verification
• To serve your menu files at permanent URLs
• To provide analytics on menu views
• To send stale menu alerts and change notifications
• To process payments and manage subscriptions
• To understand how the product is used and improve it

We use the following third-party services:

• Supabase — Database, authentication, and file storage (hosted in Australia/US)
• Stripe — Payment processing. We never store your card details — Stripe handles all payment data.
• Twilio — SMS verification codes for account creation and login
• PostHog — Product analytics, session recordings, and feature flags. Data is anonymised where possible.
• Resend — Email notifications for menu changes, stale alerts, and customer opt-in updates
• Vercel — Application hosting

• Account data is retained for as long as your account is active
• Menu files are never deleted — they are archived in version history for accountability
• Analytics data is retained for 12 months
• If you close your account, we retain data for 30 days before permanent deletion
• Temporary uploads from unauthenticated users are automatically deleted after 24 hours

We do not sell your data. We do not share your data with third parties except as necessary to provide the Service (see Third-Party Services above). We may disclose data if required by law.

When you publish a menu, it becomes accessible via a public URL. Anyone with the link can view the menu file. View counts and device type data are collected anonymously. Public menu viewers are not tracked by name or account.

We use essential cookies for authentication session management. PostHog may set analytics cookies. We do not use advertising cookies.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your data
• Opt out of analytics tracking

To exercise any of these rights, email hello@getpinned.app.

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, row-level security on database tables, and access controls. However, no method of transmission over the internet is 100% secure.

The Service is not intended for users under 18 years of age. We do not knowingly collect data from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification.

Questions about privacy? Email us at hello@getpinned.app.