Privacy Policy

1. Introduction

Pintio ("the Service") is a store discovery and visit tracking platform committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and protect information through our mobile application, website, and admin dashboard.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Operator Information

2. Information We Collect

2.1 Account Information

When you create an account, we collect the following information:

Required:

• Email address
• Password (securely hashed and encrypted)
• Username
• Public ID (@username)

Optional:

• Profile photo
• Date of birth
• Gender
• Bio

2.2 Authentication Information

When you choose to authenticate using third-party login providers, we collect certain information from those services in accordance with your permissions.

• Email Authentication: Email address, one-time passcode (OTP)
• Google Sign-In: Name, email address, profile photo
• Apple Sign In: Name, email address (including private relay email, if selected)

We only collect the information necessary to create and maintain your account.

2.3 Location Data

We may collect and process location data to:

• Search and display nearby stores
• Provide route navigation
• Record visit history
• Show popular stores by region

Location data is used only with your explicit permission. You can disable location access at any time through your device settings.

We do not collect location data in the background.

2.4 Camera & Photo Library Access

With your permission, we may access your device camera and photo library to:

• Capture and upload receipt images for processing
• Set or update your profile photo
• Upload photos as part of reviews or visit records

Access is used only for the features you choose to use.

2.5 Receipt Data

When you use our receipt analysis feature, we collect and process:

• Receipt images
• Store name
• Purchase date and time
• Total amount
• Item or menu names
• Tax and tip information

Processing:

• Text extraction (OCR) may be performed using trusted third-party AI services.
• Structured data processing may be performed using AI-based text structuring services.
• Processing is securely handled through our backend infrastructure.

Receipt images are securely stored and retained for up to 30 days, after which they are automatically deleted.

Structured data derived from receipts may be retained to provide your visit history and app functionality.

3. Data Retention

We retain personal information only for as long as necessary to provide the Service and fulfill legal obligations.

Receipt images are retained for up to 30 days and are automatically deleted thereafter.

Account information is retained for as long as your account remains active. Upon account deletion, personal data will be deleted or anonymized within a reasonable period, unless required by law.

Certain transactional, security, or fraud-prevention logs may be retained for compliance purposes.

We may retain certain information where required to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legal rights.

4. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Create and manage accounts
• Enable cafe/store search and recommendations
• Process and analyze receipts
• Enable social features
• Improve functionality and user experience
• Detect fraud, abuse, or security issues

We may use cookies and similar technologies to improve user experience, analyze usage, and enhance security.

5. Third-Party Service Providers

We use trusted third-party providers to operate and improve Pintio. These providers may process data on our behalf and are bound by contractual confidentiality and security obligations.

Categories of providers include:

• Cloud infrastructure & storage (e.g., Supabase)
• Maps & location services (e.g., Mapbox)
• AI & OCR processing services (e.g., Google Vision API, OpenAI)
• Subscription & payment processing (e.g., RevenueCat, Stripe)
• Analytics & performance monitoring (e.g., Firebase, Mixpanel, Sentry)
• Push notification services (e.g., Expo)

Some providers may be located outside your country of residence, including the United States.

We implement appropriate safeguards for international data transfers.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption in transit (SSL/TLS)
• Encryption at rest (e.g., AES-256 where applicable)
• Secure password hashing (e.g., bcrypt)
• Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure.

7. Your Rights

Depending on your location and applicable privacy laws, you may have the following rights:

• Right to Access
• Right to Correction
• Right to Deletion
• Right to Data Portability
• Right to Restrict or Object to Processing
• Right to Withdraw Consent (where processing is based on consent)

You also have the right to lodge a complaint with your local data protection authority.

How to Exercise Your Rights

You may exercise your rights through:

• In-App: Settings > Privacy
• Email: support@pintio.app

We will respond to verified requests within 30 days, or as required by applicable law.

8. Children's Privacy

Pintio is not intended for children under the age of 16, or the minimum age required by applicable law in your jurisdiction.

We do not knowingly collect personal information from children below this age. If we become aware that such data has been provided, we will promptly delete the account and associated information.

If you believe a child has provided personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States, where our infrastructure providers operate.

Data protection laws in these countries may differ from those in your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards designed to protect your information, including:

• Standard Contractual Clauses (SCCs), where applicable
• Data Processing Agreements (DPAs)
• Technical and organizational security measures

By using Pintio, you acknowledge and agree that your information may be transferred and processed internationally in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will notify you through the Service or by email.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Contact Us

For privacy-related questions, requests, or complaints: