Privacy Policy

Effective 23rd April 2026

Pintrekker ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website to discover, share, and interact with events, places, socials, and other users.

We are the data controller for the personal data we process. Our contact email for data protection enquiries is support@pintrekker.com.

We primarily operate under UK data protection law (UK GDPR and the Data Protection Act 2018). If you access our services from outside the UK, you do so at your own risk and are responsible for compliance with any local laws.

  1. Data We Collect

    Account Information

    We collect information you provide when creating an account, including:

    • Name and email address
    • Display name and tagline
    • Avatar image (stored securely in AWS S3; converted to WebP format)
    • Any linked social login IDs (e.g. Google)
    • Authentication tokens needed for account access
    • Passwords are securely hashed; plaintext passwords are never stored
    • Your location preference (town/city), used to personalise content recommendations
    • Your discoverability preference (whether you appear in people suggestions)

    We also collect account-related data, including your preferences, interactions within the site, and system-generated notifications.

    Age Verification

    During registration, we ask for your date of birth to verify that you are at least 16 years old. Your date of birth is used solely for this age check and is not stored in our systems. We do not retain, display, or process your date of birth after the verification is complete.

    Google Social Login

    We offer the option to create an account or log in using your Google account. If you choose to use this method, Google will ask your permission to share basic information with us. This information may include:

    • Your Google Account ID
    • Your name
    • Your email address
    • Your profile picture (if provided)

    We only use this information to create and manage your account on our website. It will be stored securely and associated with your user profile. We do not access your Google account password or any other private information.

    By choosing to log in with Google, you are authorising us to receive this data from Google in order to provide you with account access.

    User-Generated Content

    When you create content on our site — including Events, Places, Socials, reviews, comments, Collections, Trips, and messages — we collect the information you provide and associate it with your account. This includes:

    • Titles, descriptions, contact information, categories, amenities, and pricing
    • Location data: address, latitude/longitude, town/city, and country for each venue
    • Dates, times, and group sizes (for Events and Socials)
    • Ratings and review text
    • Comments on Socials
    • Collection names, descriptions, items, and visibility settings
    • Trip names, participant lists, and trip messages
    • Images (converted to WebP format) and file attachments (stored securely in AWS S3)

    You are responsible for ensuring that any content you submit is accurate, lawful, and does not infringe the rights of others. We do not verify or endorse user-generated content.

    Location Data

    When you create an Event or Place, we use Google Maps services to help you select and store location details, including latitude/longitude, address, town/city, and country. This information is required to display the listing on the map and in search results.

    We also use the Google Time Zone API to look up timezone information from venue coordinates. This is used to generate accurate calendar files (.ics) with proper timezone data.

    Your location preference (set in your account settings) is used alongside venue coordinates to compute proximity scores for personalised content recommendations.

    Engagement and Activity Data

    We collect data about how you interact with the platform, including:

    • Pins (favourites): which Events, Places, and Socials you have saved
    • RSVPs (attendance): which Events and Socials you have RSVPed to, including whether you have chosen to broadcast your attendance to friends
    • Visits (scrapbook): which Events and Places you have marked as visited, including timestamps
    • Shares: which items you have shared and with whom
    • Reviews and comments: your reviews and discussion comments
    • Pin milestones: when your listings reach engagement milestones (e.g. 10, 25, 50, 100 pins)
    • Feed activity: your last feed visit timestamp, used to calculate unread activity counts
    • Ownership claims: any ownership transfer requests you submit, including optional messages, and whether you have been flagged for claim abuse

    Social and Messaging Data

    • Friendship links: your friend connections, including pending requests
    • Private messages: messages exchanged between friends via our chat feature are stored securely in our systems so they can be delivered and accessed by your account. They are not end-to-end encrypted.
    • Trip messages: messages posted within Trips are visible to all trip participants and stored on our servers.
    • Message metadata: timestamps, read receipts, and typing indicators are processed in real time via Pusher (a third-party service).
    • Notifications: in-app and email notifications sent to you, including notification type, content, and read status.

    Invited Email Addresses

    When you invite a non-user to Pintrekker or share content with an email address not associated with an account, we collect that email address solely to deliver the invitation or share notification. Invited email addresses are retained until the invitation has been delivered. If the invited person does not create an account, their email address is not used for any other purpose.

    Moderation and Reporting Data

    If you submit a suggestion or report about a listing, we store the report details (including the type of issue, any message you provide, and your user ID) in order to process and resolve the report.

    Usage Data and Cookies

    • Google Analytics and Google Tag Manager collect anonymous usage data to help improve the website (with your consent)
    • Session cookies are used for login and account functionality

    For full details, see our Cookie Policy.

  2. How We Use Your Data and Our Lawful Basis

    Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out each purpose and its corresponding lawful basis:

    Purpose Lawful Basis
    Provide and manage your account, including registration, login, and profile management Contract performance (necessary to provide the service you signed up for)
    Display and distribute your user-generated content (Events, Places, Socials, reviews, comments, Collections) Contract performance
    Enable social features: friend connections, messaging, trip collaboration, attendance, sharing, and notifications Contract performance
    Process location data for venue display, map functionality, and calendar file generation Contract performance
    Personalise content recommendations using taste profiling, proximity scoring, category affinity, and friend signals Legitimate interest (providing a relevant, personalised experience; you can object — see section 7)
    Compute people recommendations based on shared engagement patterns and friend-of-friend signals Legitimate interest (helping users discover relevant connections; you can object — see section 7)
    Send transactional emails (account verification, password reset, critical service updates) Contract performance
    Send engagement emails (attendance reminders, friend activity digests, milestone notifications, trip invitations) Legitimate interest (keeping you informed of relevant activity; you can unsubscribe at any time)
    Deliver invitation emails to non-users on your behalf Legitimate interest of the inviting user (you, the inviter, confirm the recipient would welcome the email)
    Process moderation reports and enforce community guidelines Legitimate interest (maintaining platform safety and trust)
    Analytics via Google Analytics and Google Tag Manager Consent (opt-in via cookie banner)
    Google Social Login Consent (you actively choose to use this method)

  3. Automated Profiling

    Pintrekker uses automated profiling to personalise your experience. This includes:

    • Taste recommendations: We pre-compute personalised scores based on your engagement patterns (what you pin, RSVP to, review, and visit), your category preferences, and your location. These scores determine which Events and Places are shown to you on the homepage and landing pages.
    • People recommendations: We analyse shared engagement patterns (e.g. users who pinned the same events or places as you) and friend-of-friend connections to suggest people you might want to connect with.
    • Proximity scoring: Your location preference is used to boost nearby results in personalised feeds.

    This profiling does not produce legal effects or similarly significant effects on you. It is used solely to improve content relevance. You have the right to object to this profiling — see section 7.

  4. Third-Party Services

    We use third-party services that may collect or process data as part of their functionality:

    • AWS S3: stores avatars, images, and uploaded files. Data is stored in AWS data centres.
    • Pusher: provides real-time messaging delivery, typing indicators, and read receipts. Pusher processes message metadata (not message content at rest).
    • Google Maps: provides map display and location services. Essential for posting and discovering content. Google may process your IP address and interaction data when Maps is loaded.
    • Google Time Zone API: resolves timezone information from venue coordinates for calendar file generation.
    • Google Analytics / Tag Manager: collects anonymous usage data. Non-essential; requires your consent.
    • Google Social Login: enables authentication via your Google account. Non-essential; only used if you choose this login method.
    • Email provider: sends transactional and engagement emails (e.g. no-reply@pintrekker.com). Your email address is shared with our email provider for delivery purposes.

    Each third-party service operates under its own privacy policy. We have appropriate arrangements in place with these providers.

  5. Cookies

    For full details of the cookies we use, their purposes, and how to manage your preferences, see our Cookie Policy.

    • Essential cookies: required for login sessions, CSRF protection, and account functionality. No consent needed.
    • Analytics cookies: Google Analytics and Tag Manager track anonymous usage. Requires your consent before activation.
    • Third-party / functional cookies: social login and Google Maps. Google Maps cookies are essential; social login cookies require consent.

  6. Data Security

    We use reasonable measures to protect your personal data:

    • Passwords are hashed using industry-standard algorithms and securely stored
    • Files and avatars are stored securely in AWS S3
    • HTTPS is used for all connections
    • Images are processed (converted to WebP) and stored via a secure background job pipeline with temporary files cleaned up automatically
    • UUIDs are used for all primary keys to prevent enumeration attacks

  7. Your Rights

    Under UK GDPR, you have the following rights:

    • Right of access: You can request a copy of the personal data we hold about you.
    • Right to rectification: You can request correction of inaccurate data. You can also update most of your information directly via your account settings.
    • Right to erasure: You can delete your account via your account settings. This triggers our deletion pipeline which scrubs your personal information (see "Data Retention" below). You can also request deletion by contacting us.
    • Right to data portability: You can request your personal data in a structured, commonly used format. Contact us at support@pintrekker.com to make this request.
    • Right to object: You can object to processing based on legitimate interest, including personalised recommendations and people suggestions. Contact us and we will cease the relevant processing unless we have compelling legitimate grounds.
    • Right to restrict processing: In certain circumstances, you can request that we restrict processing of your data.
    • Right to withdraw consent: Where we process data based on consent (e.g. analytics cookies, social login), you can withdraw consent at any time via our Manage Cookies page or your account settings.

    To exercise any of these rights, contact us at support@pintrekker.com. We will respond within one month as required by UK GDPR.

    You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

  8. Data Retention

    • Active accounts: Your data is retained for as long as your account is active.
    • Deleted accounts: When you delete your account, your personal information (name, email, avatar) is scrubbed and replaced with placeholders. Your account record is then soft-deleted (retained without personally identifying information). This allows us to maintain the integrity of content that other users have engaged with (e.g. reviews, linked socials) while removing your identity.
    • Deleted content: Events, Places, and Socials that you delete are soft-deleted (marked as deleted but retained in our database). Content removed by our moderators is stored separately from user-deleted content.
    • Expired content: Events and Socials that have passed their final date are marked as expired and removed from public discovery, but retained for users who saved them.
    • Temporary uploads: Images and files in temporary storage are automatically cleaned up by a scheduled job after processing is complete.
    • Invited email addresses: Email addresses of non-users provided via the invite or share features are retained only until the invitation email has been delivered.
    • Moderation reports: Reports are retained as part of the listing's moderation history.
    • Chat messages: Messages are retained for as long as both users' accounts are active. If one user deletes their account, the messages remain accessible to the other user but the deleted user's identity is scrubbed.

  9. Age Restriction

    You must be at least 16 years old to create an account. By registering, you confirm you meet this age requirement. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

  10. International Transfers

    Some of our third-party services (including AWS and Google) may process data outside the UK. Where this occurs, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions to ensure your data is protected.

  11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. The latest version will be posted on this page with the "Effective Date." If we make significant changes to how we process your personal data, we will notify registered users by email or in-app notification.

  12. Contact

    If you have questions or concerns about this Privacy Policy or how we handle your data, contact us at support@pintrekker.com.

Terms of UsePrivacy PolicyCookie PolicyCommunity Guidelines