PinFeed

Privacy Policy

Last updated: April 1, 2026

This Privacy Policy explains how LionByte Software SRL ("Company", "we", "us", or "our") collects, uses, and protects your personal data when you use PinFeed ("Service"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Romanian data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

LionByte Software SRL
Romania
Email: privacy@usepinfeed.com

2. Data We Collect

2.1 Account Information

When you create an account, we collect your email address and, if provided, your name. If you sign in through an OAuth provider (such as Google), we receive your basic profile information from that provider.

2.2 Feedback Data

When you use the Service, we store the feedback you create, including pins, comments, and annotations placed on web pages.

2.3 Payment Information

If you subscribe to a paid plan, payment information is collected and processed by Stripe, our third-party payment processor. We do not store your credit card number or full payment details on our servers. We receive only transaction confirmations and billing metadata (such as subscription status and invoice history) from Stripe.

2.4 Waitlist Data

If you join our waitlist, we collect your email address for the purpose of notifying you when the Service becomes available to you.

2.5 Technical Data

We may collect basic technical information such as browser type, device type, and IP address for security and service improvement purposes.

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Consent (Art. 6(1)(a)): When you join the waitlist or opt in to communications.
  • Performance of a contract (Art. 6(1)(b)): To provide the Service to you when you create an account and use our features.
  • Legitimate interest (Art. 6(1)(f)): For security, fraud prevention, service improvement, and basic analytics.
  • Legal obligation (Art. 6(1)(c)): To comply with applicable tax, accounting, or other legal requirements.

4. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To process payments and manage subscriptions
  • To send transactional notifications related to your account
  • To respond to your inquiries and support requests
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers, strictly as necessary to operate the Service:

  • Supabase — database hosting and authentication (your account and feedback data is stored on Supabase infrastructure)
  • Stripe — payment processing for subscriptions
  • Integration providers (GitHub, Jira, Linear) — only when you explicitly connect an integration, and only the data necessary to create issues on your behalf

Each third-party provider processes data under their own privacy policies and applicable data protection agreements.

6. International Data Transfers

Some of our service providers (such as Supabase and Stripe) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the European Commission, to protect your data in accordance with GDPR requirements.

7. Data Retention

We retain your personal data for as long as your account is active and as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, unless retention is required by law (e.g., for tax or accounting purposes). Waitlist email addresses are retained until you unsubscribe or we no longer need them for the original purpose.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@usepinfeed.com. We will respond within 30 days.

9. Cookies

We use only essential cookies necessary for the functioning of the Service, such as authentication session cookies. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required for strictly necessary cookies under GDPR, but we disclose their use here for transparency.

10. Children

The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS), row-level security on our database, and secure authentication mechanisms. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. We encourage you to review this policy periodically.

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucuresti, Romania
Website: www.dataprotection.ro

14. Contact

For any questions or requests regarding this Privacy Policy or your personal data, contact us at:

LionByte Software SRL
Email: privacy@usepinfeed.com