Privacy Policy

Last updated: May 1, 2026

This policy describes the personal data PinThis ("we", the "Service") collects through your use of the Service, why we collect it, and the rights you have. By using PinThis you agree to this policy.

1. Data We Collect

Account information

E-mail address — for sign-up, sign-in and service communication
Username + display name — used in your profile URL and visible to other users
Password digest — hashed with bcrypt; we never store the plaintext password

If you sign in with Google

Your Google account identifier (the opaque sub claim)
The display name and profile picture URL you have provided to Google
Your e-mail address (treated as verified)

We do not request your password or any data outside this scope from Google.

Service usage

The social-media links you pin, plus the categories, tags and notes you add
A session identifier (HttpOnly cookie)
The IP address and User-Agent of incoming requests (security logs)

2. How We Use Data

Create and manage your account
Deliver the Service (storing, displaying and sharing pins)
Detect abuse, fraud and technical issues
Comply with legal obligations

We do not sell your personal data and we do not use it for advertising profiling.

3. Third Parties

Google LLC — authentication when you choose "Continue with Google". Their privacy policy: policies.google.com/privacy
Cloudflare, Inc. — CDN, DDoS protection and TLS termination
Social-media sources (Instagram, etc.) — original owners of the content you pin. PinThis only stores a preview to redirect users to the original source

We do not share your personal data with any other third party except where required by law (court order, prosecutor's request).

4. Cookies

pt_sess — session cookie (HttpOnly, Secure, SameSite=Lax). Cleared on logout or session expiry
pinthis_theme, pinthis_brand — theme/colour preferences (browser-only; never sent to the server)

We do not use advertising or analytics cookies.

5. Data Retention

Your data is retained while your account is active. If you delete your account, all of your personal data and pins are permanently removed within 30 days. Records subject to legal retention obligations (e.g. invoices, security logs) are kept for the legally required minimum.

6. Your Rights

Under Turkish data-protection law (KVKK Article 11) and equivalent regulations such as the EU GDPR you may:

Learn whether your data is being processed
Request information about the processing
Ask for your data to be corrected, erased or destroyed
Be informed of any third parties to which your data has been transferred
Claim compensation if unlawful processing has caused you harm

7. Security

Passwords are hashed with bcrypt. All traffic is carried over HTTPS (TLS 1.2+). Database credentials are stored in an encrypted vault. No transmission over the internet can be 100% secure, but we apply reasonable industry practices.

8. Children

PinThis is not directed to children under 13. If we learn that a user is under 13 we will close the account and delete the related data.

9. Changes

We may update this policy from time to time. We will notify you by e-mail of material changes. The latest version is always published on this page.

10. Contact

Questions and data-protection requests: [email protected]