PinloTerms of Service

Privacy Policy

Last updated: 24 May 2025

1. Overview

Pinlo ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights under Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable laws. By using Pinlo, you consent to the practices described here.

2. Data We Collect

We collect the following categories of data:

Account Data

  • Name and email address (when you sign up)
  • Organisation name
  • Payment information (processed and stored by Stripe — we do not store card details)

WhatsApp & Customer Data

  • Incoming and outgoing WhatsApp messages routed through your connected number
  • Contact names and phone numbers of your customers as received via WhatsApp
  • Notes, tags, and pipeline data you add to contacts within Pinlo

Usage Data

  • Log data including IP address, browser type, and pages visited
  • Feature usage and interaction data to improve the Service

3. How We Use Your Data

  • To provide, operate, and maintain the Service
  • To process payments and manage subscriptions
  • To send transactional emails (account invites, billing receipts)
  • To respond to support requests
  • To monitor and improve service performance and security
  • To comply with legal obligations

We do not sell your personal data or your customers' data to third parties. We do not use your customers' WhatsApp messages for advertising or marketing purposes.

4. Third-Party Services

We share data with the following third parties only as necessary to provide the Service:

  • Supabase — database and authentication infrastructure. Data is stored in AWS ap-northeast-2 (Seoul).
  • Stripe — payment processing. Stripe stores payment card details on our behalf under PCI-DSS compliance.
  • Meta (WhatsApp Business Cloud API)— message delivery and receipt. Your use of WhatsApp through Pinlo is also subject to Meta's Privacy Policy and WhatsApp Business Policy.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Message and contact data is retained until you delete it or close your account. After account closure, we may retain data for up to 90 days before deletion, unless longer retention is required by law.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (TLS), access controls, and row-level security at the database level. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights (PDPA)

Under Singapore's PDPA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Withdraw consent to the collection, use, or disclosure of your personal data (note: this may affect your ability to use the Service)
  • Request deletion of your personal data, subject to legal retention obligations

To exercise any of these rights, contact us at hello@pinlo.app. We will respond within 10 business days.

8. Cookies

We use essential session cookies to keep you logged in and to maintain your authentication state. We do not use advertising or third-party tracking cookies.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at hello@pinlo.app.