Privacy Policy

Data we collect

• Account data: your email address, optional name, and authentication tokens. Required to create and maintain your account.
• Payment data: processed entirely by Stripe. We never see, store, or touch your card numbers or bank details — only a tokenized customer reference that Stripe provides.
• Order content: the Google Sheet you submit (product titles, descriptions, URLs) and the pin assets we generate for you. Stored so we can deliver your order and re-deliver if needed.
• Usage data: page views, feature interactions, and IP address. Used for rate limiting, fraud prevention, and understanding which parts of the product work well.
• Communications: any emails you send to our support addresses, and your email marketing preferences.

Why we collect it

• Deliver the service: without your Sheet data and email, we cannot render pins or send you the ZIP and CSV.
• Process payments: Stripe requires a billing email and tokenized card reference to charge subscriptions and one-shot orders.
• Transactional email: order confirmations, preview links, delivery notifications, and account security emails.
• Marketing email: product updates, tips, and promotional offers — only if you opt in. You can unsubscribe in one click at any time.
• Prevent abuse: IP data helps us enforce rate limits and detect fraudulent orders.

Who we share your data with

We share only what each vendor needs to do their job. We do not sell your data, ever.

• Stripe — payment processing and billing. Subject to Stripe's Privacy Policy.
• Resend — transactional email delivery (order confirmations, previews, delivery).
• MailerLite — email marketing and newsletter list management. You are only added if you opt in.
• Anthropic (Claude API) — AI-powered pin copy generation. Your Sheet content is sent to Anthropic's API and subject to their usage policies. We do not use your data to train models; Anthropic's API terms prohibit this for API customers.
• Vercel — hosting and edge functions. Servers are US-based by default.
• Supabase — database and file storage for accounts, orders, and generated assets. Data stored in US-based AWS infrastructure.

We may disclose data if required by law, or to protect the rights and safety of our users or the public.

Data retention

• Account data and order history are retained while your account is active and for 12 months after account closure, to handle disputes and refund requests.
• Generated pin assets (ZIP files and CSVs) are stored for 90 days after delivery, then purged. Download your files promptly.
• Payment records are retained for 7 years as required by US financial regulations.
• You can request deletion of your account and associated data at any time — see Your Rights below.

Your rights

Regardless of where you are located, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to fix inaccurate data.
• Deletion: request that we delete your account and personal data. We will comply within 30 days, except where retention is required by law (e.g., billing records).
• Portability: request your data in a machine-readable format.
• Opt out of marketing: unsubscribe from any marketing email via the link in the footer, or by emailing us. Transactional emails (order confirmations, delivery) cannot be disabled while your account is active.

If you are in the EU or UK, you have additional rights under GDPR, including the right to lodge a complaint with your local supervisory authority. California residents have rights under CCPA, including the right to know what personal information we have collected and to opt out of sale (we don't sell data, so this is moot).

Cookies

We use essential cookies for authentication (session tokens) and a minimal analytics cookie to understand traffic sources. We do not use advertising cookies or third-party tracking pixels beyond what is listed in the "Who we share" section above.

Contact

Privacy questions, access requests, or deletion requests: privacy@donepins.com. We aim to respond within 5 business days.

Digital Empire LLC · Operated from the United States