Privacy Policy

1. Information We Collect

1.1 Information from Pinterest OAuth

When you sign in with Pinterest, we request the following permissions (scopes):

• user_accounts:read — Your Pinterest username, profile image, account type, and follower count.
• boards:read & boards:write — The names and details of your Pinterest boards, and the ability to create or update boards on your behalf.
• pins:read & pins:write — The ability to read your existing pins and create or update pins on your behalf.

We store your Pinterest username, profile image URL, and follower count. We also store your OAuth access token and refresh token in encrypted form (see Section 4).

1.2 Account Information

We store your email address if provided by Pinterest during authentication. We also store a unique user ID generated by our system, your timezone preference, and account creation date.

1.3 User Profile Information

You may optionally provide personal brand information to improve AI caption quality. This includes:

• An “About You” text description (up to 1,000 characters)
• Your content interests (selected from predefined Pinterest categories)
• Favorite Pinterest creators (usernames you enter)
• Preferred content structure types (e.g., how-to, listicle, infographic)

All of these fields are optional. You can update or delete this information at any time from the User Info page.

1.4 Pin and Scheduling Data

When you create pins through PinGrow, we store the pin draft data (title, description, hashtags, destination URL, board selection), uploaded images, scheduling timestamps, and publishing status.

1.5 Analytics Data

We collect performance metrics for your published pins from the Pinterest API, including impressions, saves (repins), and outbound clicks. Analytics data is retained for up to 90 days from collection.

1.6 Cookies and Session Data

We use a session cookie to keep you signed in. Our session is managed via a JSON Web Token (JWT) stored in a secure, HTTP-only cookie. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

2. How We Use Your Information

• Authentication & access: To sign you in and maintain your session via Pinterest OAuth.
• Pin creation & scheduling: To create, schedule, and publish pins to your Pinterest boards on your behalf.
• AI caption generation: Your user profile information, board list, and uploaded images are sent to our AI provider to generate pin titles, descriptions, and hashtags tailored to your brand voice. See Section 3 for details.
• Board sync: To fetch and display your Pinterest boards for pin assignment and board suggestions.
• Analytics: To fetch and display pin performance metrics so you can track your Pinterest growth.
• Token management: To securely store and automatically refresh your Pinterest access token before it expires, so you stay connected without manual re-authorization.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

3. Third-Party Services

3.1 Pinterest API

PinGrow integrates with the Pinterest API v5 to authenticate you, read your boards and pins, create and publish pins, and fetch analytics. Your use of Pinterest is also governed by Pinterest's Privacy Policy and Terms of Service.

3.2 Google Gemini AI

We use Google's Gemini AI model to generate pin captions. When you request AI-generated content, the following data may be sent to Google's API:

• Your topic or prompt text
• Uploaded images (for image-based caption generation)
• Your user profile information (if provided) for voice/style matching
• Your board names (for board suggestion context)

We do not send your Pinterest access tokens, email, or password to Google. Google's use of data sent to their API is governed by Google's Privacy Policy.

4. Data Security

We take reasonable measures to protect your information:

• Token encryption: Your Pinterest OAuth access token and refresh token are encrypted at rest using AES-256-GCM encryption before being stored in our database.
• Session security: Sessions are managed via signed, HTTP-only JWTs. Cookies are not accessible to client-side JavaScript.
• HTTPS: All data in transit is encrypted via HTTPS.
• Secure API routes: All API endpoints require authentication. Cron jobs are secured with a secret token.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Account data: Retained as long as your account is active. When you delete your account, all associated data is permanently deleted from our database.
• Pin drafts: Retained until you delete them or delete your account.
• Analytics data: Collected and retained for up to 90 days from the date of collection.
• Uploaded images: Stored while associated pin drafts exist. Deleted when the pin draft is removed or your account is deleted.

6. Your Rights and Choices

You have the following rights regarding your data:

• Access: You can view your profile information, boards, pin drafts, and analytics at any time within the app.
• Update: You can update your user profile information, timezone, and other settings at any time.
• Delete: You can delete individual pin drafts. To delete your entire account and all associated data, contact us (see Section 10).
• Revoke Pinterest access: You can revoke PinGrow's access to your Pinterest account at any time through your Pinterest security settings. This will prevent PinGrow from accessing your Pinterest data going forward.
• Sign out: You can sign out at any time, which ends your session. Your data is retained until you request deletion.

7. Children's Privacy

PinGrow is not intended for use by anyone under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

8. International Data Transfers

Your data may be processed and stored in countries other than your own. By using PinGrow, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, want to request account deletion, or need to exercise your data rights, please contact us at:

support@pingrow.app