Pinvale

Privacy Policy

Last updated: May 3, 2026

1. Information We Collect

  • Account info: name, email, hashed password.
  • Subscription info: Stripe customer ID, subscription status, billing dates. We never see or store full card numbers — payment data is handled directly by Stripe.
  • App data: the leads, notes, events, tasks, and related content you create or upload.
  • Usage data: IP address, browser type, request logs. We use this for security, debugging, and rate-limiting only.

2. How We Use It

We use your information to operate the Service, process payments, provide support, and communicate about your account (e.g., billing receipts, product updates, lifecycle notifications). We do not sell your information to third parties.

3. Subprocessors

We use the following service providers to operate Pinvale:

  • Supabase — database and authentication hosting (US).
  • Cloudflare — application hosting and edge delivery.
  • Stripe — payment processing and subscription management.
  • LocationIQ — geocoding addresses for the map view.
  • Anthropic — AI-assisted CSV column mapping. We send column headers and a few sample rows when you import a CSV; we do not send your full CSV or any unrelated data.

4. Cookies and Tracking

We use a small number of strictly necessary cookies for authentication and session management. We do not use analytics, advertising, or third-party tracking cookies.

5. Data Retention

While your subscription is active, we retain your data indefinitely. After cancellation or non-payment, your data is preserved for 90 days (during which you can reactivate and recover full access). After 90 days, your account and all associated data are permanently deleted from our active systems. Backups are rotated within 30 days of that deletion.

If you click "Delete my account" in Settings, your data is permanently deleted immediately, with no 90-day retention.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (right to be forgotten).
  • Export your data in a portable format.
  • Object to or restrict certain processing.

You can exercise the access, correction, and export rights directly from the Settings page. To exercise other rights or for assistance, email freddie@mesquitedev.com; we will respond within 30 days.

7. Security

We use industry-standard security practices: TLS in transit, encrypted storage at rest (Supabase), row-level security policies that prevent cross-account access, and rate-limited APIs. No system is perfect; if we discover a security incident affecting you, we will notify you in accordance with applicable law.

8. Children

Pinvale is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

9. International Users

Pinvale is operated from the United States. If you access the Service from outside the US, you consent to the transfer and processing of your data in the US.

10. Changes

We may update this policy. If we make material changes, we will notify you by email or in-app notice. The "Last updated" date at the top reflects the current version.

11. Contact

Privacy questions? Email freddie@mesquitedev.com.