Privacy Policy

Last updated: September 18, 2025

1. Introduction

Welcome to Pinitto! This policy explains what information we collect, how we use it, and what your rights are. We are committed to protecting your privacy and being transparent about how we manage your data.

The company responsible for your information is Mnemoly Community S.R.L., located at Spl. Peneș Curcanu, Nr. 4-5, Timișoara, Timiș County, Romania.

2. What information do we collect

We only collect the information necessary to provide you with our service.

  • When you create an account: We collect your email address and a hashed password.
  • When you use Pinitto: We collect the content you generate, such as the discussions you start, comments, announcements, and details about the items you list for borrowing. We also optionally collect your display name and phone number if you choose to provide them. We also collect basic technical information, like your IP address, to keep the service secure and functional. From your IP address, we can infer a generic location (like city and country).
  • When you become a paying customer: When you purchase a subscription, you will complete the transaction through our reseller, Paddle.com. Paddle will directly collect your billing and payment information. Pinitto does not receive or store your full credit card details.

3. How and why we use your information

We use your information for a few key reasons, all related to providing and improving our service:

  • To run the Pinitto platform: Your email and password are used to secure your account. The content you create is used to populate your community space.
  • To communicate with you: We use your email to send important service notifications, updates, and the weekly community summary.
  • To improve our service: We may analyze aggregated and anonymized data to understand how Pinitto is used and where we can make improvements.
  • For billing and account administration: To manage your subscription and send invoices.

4. Who we share your information with

We do not sell your data. We only share it with a few trusted third-party services (sub-processors) that help us run Pinitto. These include:

  • Amazon Web Services (AWS): We use AWS for our hosting infrastructure, including servers (Lambda), databases (RDS, DynamoDB), and file storage (S3). All your data is securely stored in their data centers in Frankfurt, Germany. We also use the AWS Simple Email Service (SES) to send you important emails.
  • Paddle: We use Paddle as our Merchant of Record. This means they handle all payments and the checkout process for subscriptions. When you upgrade, your payment and billing information is provided directly to Paddle, and the transaction is subject to their privacy policy.
  • Cloudflare: We use Cloudflare's Turnstile service to protect our registration and contact pages from spam and bots. The legal basis for this processing is our legitimate interest in ensuring the security of our platform (Art. 6(1)(f) GDPR). To provide this service, Cloudflare processes technical data such as your IP address, user-agent header, and browser information. This data is transferred to Cloudflare, Inc., a US-based company. The transfer is secured by Cloudflare's certification under the EU-U.S. Data Privacy Framework. You can verify their certification on the Data Privacy Framework list. For more details, you can review Cloudflare's Privacy Policy and the Turnstile Privacy Policy.

5. How long we keep your information

We keep your personal information as long as your account is active. When you delete your account, we immediately begin the process of permanently deleting your personal information from our active systems. Certain information may be retained for longer if required by law.

6. Your rights over your information (GDPR)

As a user in the EU, you have the following rights under GDPR:

  • The right to access a copy of your personal data.
  • The right to correct any incorrect information.
  • The right to erasure ("right to be forgotten").
  • The right to restrict data processing.

You can exercise most of these rights directly from your account settings. For any other requests, please contact us via our contact page.

7. How to contact us

If you have questions about this Privacy Policy, please contact us via our contact page.