pinning.
Start free
— Legal

Privacy.

How we collect, store, and process your data. EU-Central hosted, DSGVO/GDPR-compliant.

Last updated · May 28, 2026

Summary

pinning treats your data as if your life depended on it — because your protocol might. We store everything in EU-Central (Frankfurt), encrypt it at rest and in transit, never sell it, never share it with advertisers, and let you export or delete all of it in two clicks.

TL;DR: We store only what we need to run the service. You own your data. We do not sell or share it. You can export or wipe it anytime from Settings → Data.

1. Who we are

Data controller in the sense of Art. 4 (7) GDPR / § 5 TMG is:

pinning UG (haftungsbeschränkt) i.G.
[Street, Postcode, Berlin]
Germany
Email: privacy@pinning.info

2. What we collect

Account data

  • Email address (for login and account-essential notifications)
  • Display name (chosen by you)
  • Hashed password (via Supabase Auth, scrypt)

Body metrics (optional)

  • Weight, height, birth year, gender, current goal
  • Used only inside your account to personalize calculations

Usage data

  • Cycles, cycle logs, reviews, calculator inputs
  • Image uploads (receipts, optional) — auto-deleted from CDN after OCR processing

Technical data

  • Anonymized aggregate analytics (page views, feature usage) via Plausible
  • Server logs (IP, user-agent) — retained 14 days for security

3. Legal basis (Art. 6 GDPR)

  • Contract performance (Art. 6 (1) (b)): account, cycles, billing
  • Legitimate interest (Art. 6 (1) (f)): security logs, aggregate analytics
  • Consent (Art. 6 (1) (a)): marketing emails, optional integrations

4. Processors we use

  • Supabase (database, auth, storage) — region: EU-Central (Frankfurt)
  • Vercel (frontend hosting) — region: Frankfurt
  • Stripe (payments) — required for subscription billing
  • Resend (transactional email)
  • Anthropic (image OCR for receipts and bloodwork — only if you opt in)
  • Plausible Analytics (privacy-friendly, no cookies, EU-hosted)

Each processor has a signed Data Processing Agreement (DPA) compliant with Art. 28 GDPR. We can provide copies on request.

5. International transfers

Stripe and Anthropic may transfer data to the US. Both are certified under the EU-US Data Privacy Framework. Where required, Standard Contractual Clauses (SCCs) apply.

6. Retention

  • Account data: until you delete your account
  • Cycle data: kept as long as account is active
  • Server logs: 14 days
  • Billing records: 10 years (German tax law: § 147 AO)

7. Your rights (Art. 15–22 GDPR)

You have the right to:

  • Access your data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (Art. 17) — available in-app under Settings → Data
  • Restrict processing (Art. 18)
  • Export your data (Art. 20) — available as JSON/CSV in-app
  • Object to processing (Art. 21)
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority (e.g. Berliner Beauftragte für Datenschutz)

To exercise any right: privacy@pinning.info

8. Security

  • TLS 1.3 in transit, AES-256 at rest
  • Row-Level Security on every database table
  • Encrypted backups, 30-day retention
  • 2FA available, required for staff access

9. Changes

We'll notify you by email at least 14 days before any material change to this policy. Continued use after the change date counts as acceptance.