Privacy Policy

From Merchants

• Account information: name, email address, business name, store URL
• Billing information: payment method details (processed by our payment processor)
• Store data: platform type, transaction volume, product categories
• Usage data: how you interact with the Pinyata dashboard and widget settings

From Customers (via Merchant Stores)

• Condition selections: which conditions a customer chooses
• Transaction reference: order ID and purchase amount (for rebate calculation)
• Payout information: email address or payment details for rebate delivery
• Behavioral data: condition category preferences, selection patterns

Automatically Collected

• Device and browser information
• IP address (for fraud prevention and geolocation)
• Cookies and similar tracking technologies
• Log data: access times, pages viewed, referring URLs

• To provide, operate, and improve the Service
• To process transactions, calculate rebates, and issue payouts
• To communicate with you about your account, updates, and support
• To analyze usage patterns and optimize the widget experience
• To detect and prevent fraud, abuse, and unauthorized access
• To comply with legal obligations and enforce our Terms of Service
• To provide merchants with aggregated, anonymized analytics about customer engagement

We do not sell your personal information. We may share information with:

• Payment processors: To process merchant billing and customer payouts (e.g., Stripe, PayPal)
• Event data providers: We consume public data from licensed event data sources but do not share user data with them
• Service providers: Hosting, analytics, email delivery, and customer support tools that process data on our behalf
• Legal compliance: When required by law, subpoena, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets

We retain merchant account data for as long as your account is active, plus 3 years after termination for legal and audit purposes. Customer condition selection data is retained for 2 years after condition resolution. Transaction records are retained for 7 years as required for financial compliance.

You may request deletion of your data at any time by contacting us at privacy@pinyata.co. We will process deletion requests within 30 days, subject to legal retention requirements.

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, regular security audits, and monitoring. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

California Residents (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights.

EU/EEA Residents (GDPR)

If you are located in the EU or EEA, you have the right to: access your personal data; rectify inaccurate data; request erasure; restrict processing; data portability; and object to processing. To exercise these rights, contact privacy@pinyata.co. Our legal basis for processing is legitimate interest (providing the Service) and contract performance (fulfilling our Terms of Service).

We use essential cookies to operate the Service (session management, security tokens) and analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

Your information may be transferred to and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates the most recent revision.

For privacy-related questions or to exercise your data rights, contact us at: privacy@pinyata.co

Pinyata, Inc.
New York, NY