← Back to PinSnap

Privacy Policy

Last updated: March 2026

1. Who We Are

PinSnap is a product of VRPM Ltd, registered in England and Wales. VRPM Ltd is the data controller responsible for your personal data and is registered with the Information Commissioner's Office (ICO), registration number ZC108160. PinSnap (“we”, “us”, “our”) is a photo annotation tool that lets teams place pins, notes, and drawings on images. Our service is accessible via the PinSnap iOS app and the web dashboard at pinsnap.ai.

2. Information We Collect

  • Account information: email address and display name when you sign up.
  • Photos and images: images you upload to galleries, stored securely in cloud storage.
  • Annotations: pins, notes, drawings, and their positions on images.
  • Location metadata: GPS coordinates embedded in photos (EXIF data) if present — used to display a map alongside the photo. We do not track your device location independently.
  • Organisation and project data: names, membership roles, and invite records within your workspace.
  • Usage data: basic server logs (IP address, request timestamps) for security and reliability purposes.
  • Analytics: we use Vercel Analytics, a privacy-friendly, cookieless analytics service, to understand page views and visitor patterns. No personally identifiable information is collected by this service.
  • Payment data: if you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details — Stripe handles this directly under their own privacy policy.

3. How We Use Your Information

  • To provide, operate, and improve the PinSnap service.
  • To authenticate you and keep your account secure.
  • To send transactional emails (share link notifications, organisation invitations). We do not send marketing emails without your consent.
  • To sync your data across devices via our backend.

4. Sharing Your Information

We do not sell, rent, or trade your personal data. Information is shared only in these circumstances:

  • Within your organisation: members of your organisation can see galleries and pins you create within shared projects.
  • Share links: if you generate a public share link, anyone with that link can view the linked gallery or image (optionally protected by a password you set).
  • Service providers: we use Supabase (database and authentication), Resend (transactional email), Stripe (payment processing), and Vercel (hosting and analytics). These providers process data on our behalf under their own privacy policies.
  • Legal obligations: if required by law or to protect the rights and safety of users.

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following bases:

  • Contract performance: processing your account data, content, and payment information is necessary to provide the Service you have signed up for.
  • Legitimate interest: server logs and analytics are processed to maintain security, prevent abuse, and improve the Service.
  • Legal obligation: we may process data where required by law (e.g. tax records, law enforcement requests).

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: you can request a copy of all personal data we hold about you (a Subject Access Request).
  • Right to rectification: you can ask us to correct inaccurate data.
  • Right to erasure: you can request deletion of your data (see section 8 below).
  • Right to data portability: you can request your data in a commonly used, machine-readable format.
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
  • Right to object: you can object to processing based on legitimate interest.
  • Right to complain: you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email us at info@pinsnap.ai. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, your personal data, images, pins, and annotations are permanently deleted from our systems. Deletion is irreversible.

8. Deleting Your Account

You can delete your account at any time from within the PinSnap iOS app:

  1. Open the app and navigate to your gallery view.
  2. Tap the person icon (top-right).
  3. Select Delete Account and confirm.

Alternatively, you can request account deletion by emailing info@pinsnap.ai. We will process your request within 30 days.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security on our database, and Supabase authentication. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.

10. Children's Privacy

PinSnap is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. International Data Transfers

Some of our service providers (Supabase, Vercel, Stripe) may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as the provider's compliance with equivalent data protection standards or standard contractual clauses.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. Continued use of PinSnap after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this privacy policy or your data, please contact us at info@pinsnap.ai.