Effective Date: April 10, 2026 | Version: 2.0
This policy complies with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK).
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, login, verification | Contract performance |
| Username / nickname | Profile display, social interaction | Contract performance |
| Profile photo | Profile personalization | Consent |
| Bio text | Profile personalization | Consent |
| Google account info | Google Sign-In (optional) | Consent |
| Data Type | Purpose | Legal Basis |
|---|---|---|
| GPS coordinates | Show nearby pins, calculate distances | Consent |
| Pin location | Display event location on map | Contract performance |
Important: Location permission is entirely optional. You can use the app without granting location access. Location is only accessed while the app is in use.
Pin visibility is controlled by the user:
Note: Credit card or banking information is never stored by PinPin. Payments are processed entirely through Google Play or Apple App Store.
| Purpose | Legal Basis |
|---|---|
| Account & service management | Performance of contract (Art. 6/1-b) |
| Location usage | Consent (Art. 6/1-a) |
| Sending notifications | Legitimate interest (Art. 6/1-f) |
| Security & fraud prevention | Legitimate interest (Art. 6/1-f) |
| Purchase verification | Performance of contract (Art. 6/1-b) |
| Legal obligations | Legal obligation (Art. 6/1-c) |
| Provider | Purpose | Location |
|---|---|---|
| Google Firebase | Database, authentication, storage, notifications | US / EU |
| SendGrid (Twilio) | Email verification | US |
| MapTiler | Map rendering and geocoding | EU |
| Google Play / Apple App Store | Purchase verification | US |
| Google Sign-In | OAuth login (optional) | US |
Your data is never sold to third parties.
Some service providers are located outside the EU/EEA (US). Transfers are conducted under the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC).
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 30 days after deletion request |
| Chat messages | Auto-archived when event expires |
| Pin data | Auto-archived when pin expires (7-30 days) |
| Purchase records | Legal retention period (6 years) |
| Error reports | 90 days |
The web version stores session info and language preferences in local storage. No advertising cookies are used.
PinPin Social is not intended for children under 13. If we discover data belonging to a child under 13, it will be deleted promptly. Report: pinpinsocial@gmail.com
| Right | Description |
|---|---|
| Right of access | Learn what data is being processed |
| Right to rectification | Request correction of inaccurate data |
| Right to erasure ("Right to be forgotten") | Request deletion of your personal data |
| Right to restrict processing | Limit how your data is processed |
| Right to data portability | Receive your data in a structured format |
| Right to object | Object to processing based on legitimate interest |
| Right to withdraw consent | Withdraw your consent at any time |
| Right to lodge a complaint | Contact relevant Data Protection Authority |
Significant changes will be announced via in-app notification and may require renewed consent.
Email: pinpinsocial@gmail.com
GDPR requests: Email with subject "GDPR Data Request"