PinPin Social — Privacy Policy

Effective Date: April 10, 2026  |  Version: 2.0

This policy complies with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK).

1. Data Controller GDPR

2. Personal Data We Collect

2.1 Identity & Account Data

Data TypePurposeLegal Basis
Email addressAccount creation, login, verificationContract performance
Username / nicknameProfile display, social interactionContract performance
Profile photoProfile personalizationConsent
Bio textProfile personalizationConsent
Google account infoGoogle Sign-In (optional)Consent

2.2 Location Data

Data TypePurposeLegal Basis
GPS coordinatesShow nearby pins, calculate distancesConsent
Pin locationDisplay event location on mapContract performance

Important: Location permission is entirely optional. You can use the app without granting location access. Location is only accessed while the app is in use.

Pin visibility is controlled by the user:

2.3 Messaging & Chat Data

2.4 Purchase Data

Note: Credit card or banking information is never stored by PinPin. Payments are processed entirely through Google Play or Apple App Store.

2.5 Notification Data

2.6 Social Interaction Data

2.7 Technical & Usage Data

3. How We Use Your Data

4. Legal Basis for Processing GDPR Art. 6

PurposeLegal Basis
Account & service managementPerformance of contract (Art. 6/1-b)
Location usageConsent (Art. 6/1-a)
Sending notificationsLegitimate interest (Art. 6/1-f)
Security & fraud preventionLegitimate interest (Art. 6/1-f)
Purchase verificationPerformance of contract (Art. 6/1-b)
Legal obligationsLegal obligation (Art. 6/1-c)

5. Third-Party Service Providers & Data Sharing

ProviderPurposeLocation
Google FirebaseDatabase, authentication, storage, notificationsUS / EU
SendGrid (Twilio)Email verificationUS
MapTilerMap rendering and geocodingEU
Google Play / Apple App StorePurchase verificationUS
Google Sign-InOAuth login (optional)US

Your data is never sold to third parties.

6. International Data Transfers GDPR

Some service providers are located outside the EU/EEA (US). Transfers are conducted under the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC).

7. Data Retention

Data TypeRetention Period
Account dataWhile account is active + 30 days after deletion request
Chat messagesAuto-archived when event expires
Pin dataAuto-archived when pin expires (7-30 days)
Purchase recordsLegal retention period (6 years)
Error reports90 days

8. Data Security

9. Cookies & Local Storage

The web version stores session info and language preferences in local storage. No advertising cookies are used.

10. Children's Privacy

PinPin Social is not intended for children under 13. If we discover data belonging to a child under 13, it will be deleted promptly. Report: pinpinsocial@gmail.com

11. Your Rights GDPR Art. 15-22

RightDescription
Right of accessLearn what data is being processed
Right to rectificationRequest correction of inaccurate data
Right to erasure ("Right to be forgotten")Request deletion of your personal data
Right to restrict processingLimit how your data is processed
Right to data portabilityReceive your data in a structured format
Right to objectObject to processing based on legitimate interest
Right to withdraw consentWithdraw your consent at any time
Right to lodge a complaintContact relevant Data Protection Authority

Account Freeze & Deletion

12. Policy Changes

Significant changes will be announced via in-app notification and may require renewed consent.

13. Contact

Email: pinpinsocial@gmail.com

GDPR requests: Email with subject "GDPR Data Request"