Privacy Policy
Last updated: 2026-05-05 · Effective date: 2026-05-05
Pinterin (“Pinterin”, “we”, “us”) operates the Pinterin mobile application and brewery portal at pinterin.com. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over your data. By using Pinterin you agree to the practices described here.
1. Who we are & how to contact us
The data controller is the operator of the Pinterin service. For any privacy question, data access request, or deletion request, contact us at privacy@pinterin.com.
2. Data we collect
We collect only the data we need to run the product and to comply with the law. The categories below cover everything Pinterin processes today.
2.1 Account & profile data
- Email address, name, and (if you sign in with Apple or Google) the identifier and email returned by those providers.
- Profile preferences — your guided taste profile, favourite breweries, and saved beers.
- Authentication metadata — session tokens, sign-in timestamps, the IP address used to sign in (kept only for fraud prevention).
2.2 Camera images (beer-label scans)
When you tap “Scan” the app uses your device camera to capture a photo of a beer label. The image is sent to our backend, converted to a numerical embedding (a list of numbers, not the picture) by Google Vertex AI, and matched against our beer catalogue. We store the embedding so future scans of the same beer get more accurate; we do not store the raw image after processing unless you explicitly tap “save scan”.
2.3 Approximate location
With your permission we read your device’s coarse location to route you to listings that ship to your country. If you deny the permission the app falls back to a worldwide listing view; nothing breaks. We never track precise GPS, never log your location to any analytics tool, and never share it with third parties other than the routing logic on our servers.
2.4 Marketplace & payment data
- Order history — which beers you bought, in what quantities, and the shipping address you provided for each order.
- Payment data is collected and processed by Stripe, Inc. via their PaymentSheet SDK. We never see, store, or transmit your card number, CVC, or expiry. Stripe returns to us only a tokenised reference and the last four digits of the card for display.
2.5 Analytics & crash reporting
To improve the app we use PostHog for product analytics (which screens are used, which buttons are tapped) and Sentry for crash reporting. Both run with IP-address truncation enabled. PostHog session replay is disabled. You can opt out of analytics in Profile → Privacy → Analytics; crash reporting can be opted out in the same place.
2.6 Push notifications
If you enable notifications we register an Expo Push token tied to your device. We use it to notify you about order updates and (only with your opt-in) brewery digests. You can revoke the token at any time from your OS settings or inside the app.
3. How we use your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the core service (auth, search, scan, marketplace) | Performance of contract |
| Process payments & comply with tax / accounting obligations | Performance of contract / Legal obligation |
| Improve recommendations using your taste profile and confirmed scans | Legitimate interest, with opt-out in app |
| Send transactional emails (receipts, order updates) | Performance of contract |
| Send marketing emails or pushes | Consent — only when you opt in |
| Detect fraud and abuse | Legitimate interest |
4. Who we share data with
We share the minimum amount of data required with the following sub-processors. They are bound by data-processing agreements and may not use your data for their own purposes.
| Processor | What it processes | Where |
|---|---|---|
| Supabase | Account, profile, orders, scans (encrypted at rest) | EU / US (depending on project region) |
| Stripe | Card details, payment processing | US / EU |
| Google Cloud (Vertex AI) | Image embeddings for beer-label recognition | US / EU |
| OpenAI | Text embeddings for pairing search and explanations | US |
| PostHog | Anonymised product-usage events (opt-out available) | US (US Cloud) |
| Sentry | Crash reports and error stack traces | EU (de.sentry.io) |
| Apple / Google | Push-notification delivery, sign-in | Per their policies |
5. International data transfers
Some of our processors are located outside the European Economic Area. For those transfers we rely on the European Commission’s Standard Contractual Clauses or, where applicable, an adequacy decision (e.g. the EU–US Data Privacy Framework).
6. How long we keep your data
- Account data — until you delete your account, then purged within 30 days (except where retention is required by law, e.g. invoices).
- Order & tax records — kept for the legally required retention period (typically 6–10 years depending on your jurisdiction).
- Beer-label embeddings — kept for as long as the beer remains in our catalogue; no personal identifiers attached.
- Analytics events — 12 months, then aggregated and anonymised.
- Crash reports — 90 days.
7. Your rights
Depending on where you live (GDPR, CCPA, UK GDPR, etc.) you have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your account and have your personal data erased;
- export your data in a portable format;
- object to or restrict processing for marketing or legitimate-interest purposes;
- lodge a complaint with your local data-protection authority.
You can exercise most of these rights from Profile → Privacy in the app. For anything else, email privacy@pinterin.com and we will respond within 30 days.
8. Children
Pinterin is an 18+ alcohol-related service and is not directed at anyone under the age of majority in their country. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account immediately.
9. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted to a small set of authorised engineers and is logged. We follow the principle of least privilege and regularly review access.
10. Changes to this policy
We may update this policy from time to time. Material changes are announced in-app at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the latest version.
11. Permissions used by the Android app
The mobile app declares the following Android permissions:
android.permission.CAMERA— beer-label scanning. Used only when you open the scanner; never accessed in the background.android.permission.ACCESS_COARSE_LOCATION— country routing for marketplace listings. Optional; you can deny it.android.permission.POST_NOTIFICATIONS— order updates and (opt-in) brewery digests.android.permission.INTERNET/ACCESS_NETWORK_STATE— required for the app to talk to our backend.