Privacy policy.
How Pinnix handles your data. UK GDPR compliant. Plain English, no legal sludge.
What we collect, in plain terms
Pinnix collects only what's needed to run the service:
- Your email address, so you can sign in and we can talk to you.
- Your name, if you give it to us.
- The tasks, plans and brain dumps you create, because that's the product.
- Usage signals, when you opened the app, what you completed, what you pushed, so Pinnix can learn your focus patterns and improve.
- Payment information, once paid plans launch. Handled by our payment processor; we never see or store card details on our servers.
We don't collect anything we don't need, and we don't sell your data. The only cross-site tracking is the optional Google Analytics and Google Ads cookies on the marketing pages, which you can decline and which never run on the signed-in app.
Why we collect it
To run Pinnix. To plan your day, learn your patterns, send the occasional service email, and bill you if you're paying. That's it.
Where it's stored
Pinnix data is stored on servers in the EU (Hetzner Online, Falkenstein, Germany). Data is encrypted in transit (TLS) and at rest. We don't transfer your personal data outside the UK/EU.
Who we share it with
A short list of essential providers, used only to deliver the service:
- Hosting: Hetzner Online (Falkenstein, Germany (EU)).
- Email delivery: Stableserver (UK SMTP relay, transactional email only).
- AI task breakdown: Anthropic (Claude API), on the commercial no-training contract. The title and description of the task you ask Pinnix to break down are sent to the model; they are not retained or used to train it.
- Marketing-site analytics and advertising (optional): Google Analytics 4 and Google Ads (Google LLC, USA). Only loaded on the marketing pages (pinnix.co.uk and the public pages around it) and only if you accept on the cookie banner. Never loaded on the signed-in app. Analytics IP addresses are anonymised. Google Ads is used to measure advert performance and for remarketing (showing Pinnix adverts to people who have visited before). The transfer to the US relies on the UK-US Data Bridge under the EU-US Data Privacy Framework, in which Google self-certifies.
That's the entire list. No analytics or advertising runs on the signed-in app, and nothing tracking-related runs anywhere until you opt in. When paid plans launch, our payment processor will be added to this list and you'll see it here before any card is ever charged. If we ever change a sub-processor, we'll update this page.
How long we keep it
For as long as your account is active, plus 30 days after cancellation to give you time to export anything you want. Then it's deleted.
Your rights under UK GDPR
- Access, request a copy of everything we hold on you.
- Export, download your tasks and plans in a standard format, anytime.
- Rectification, correct anything that's wrong.
- Deletion, close your account and have your data removed.
- Object, to specific uses of your data, where applicable.
Email hello@pinnix.co.uk and we'll handle any request within 30 days, usually faster.
Cookies
Pinnix uses essential cookies to keep you signed in. On the marketing pages, we also offer optional Google Analytics and Google Ads cookies that only load if you accept on the banner. None run on the signed-in app. Full breakdown on the cookie policy page.
Children
Pinnix is not intended for users under 16. We don't knowingly collect data from children.
Updates to this policy
If we change anything material, we'll tell you by email and update the date at the top. Older versions are available on request.
Contact
For any data request, complaint or question: hello@pinnix.co.uk. If you're not happy with our response, you can complain to the UK ICO (ico.org.uk).
Pinnix Ltd, a company registered in England and Wales (No. 16150227).
