Privacy Policy

Last updated: February 2, 2025

1. Introduction

This Privacy Policy describes how Pinspoke ("Pinspoke," "we," "us," or "our") collects, uses, and protects your personal information when you use our website and services at pinspoke.com (the "Service").

Pinspoke is an Entrepreneur Individuel registered in France (SIREN: 901 177 626), based in Paris, France.

2. Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and applicable French data protection laws, Pinspoke is the data controller responsible for your personal data.

Business: Pinspoke

SIREN: 901 177 626

Location: Paris, France

Contact: contact@pinspoke.com

3. Information We Collect

We collect the following types of information:

Account Information

  • Name and email address
  • Authentication credentials
  • Profile information you provide

Expert Content

  • Videos, podcasts, documents, and other files you upload
  • Metadata associated with your content

Payment Information

  • Payment details are processed by Stripe and are not stored on our servers
  • We receive transaction records and payout information from Stripe

Usage Information

  • Questions asked and answered
  • Pages visited and features used
  • Device type, browser, and IP address

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service and fulfill our obligations to you.
  • Legitimate interests: Processing for fraud prevention, security, service improvement, and analytics, where these interests are not overridden by your rights.
  • Legal obligation: Processing required to comply with applicable laws and regulations.
  • Consent: Where you have given explicit consent for specific processing activities.

5. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service
  • Process payments and payouts
  • Index and process uploaded content to answer questions
  • Send transactional emails (account updates, payment confirmations)
  • Respond to support requests
  • Analyze usage to improve our Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal information to third parties.

6. How We Share Your Information

We may share your information with:

  • Service Providers: Third-party services that help us operate, including cloud hosting, AI processing, payment processing, email delivery, and analytics. These providers act as data processors under GDPR and are contractually bound to protect your data.
  • Authorized Users: When Audience members ask questions, they receive answers derived from Expert content.
  • Legal Requirements: When required by law, legal process, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards.

7. Third-Party Services

We use the following categories of third-party services:

  • Hosting: Cloud infrastructure providers (Vercel)
  • Payments: Stripe for payment processing
  • Analytics: Vercel Analytics to understand Service usage
  • AI Processing: Third-party AI services to index and process content
  • Email: Email service providers for transactional messages

These providers have their own privacy policies governing their use of your data. Where these providers are located outside the EEA, we ensure appropriate safeguards are in place (see International Data Transfers below).

8. Data Retention

We retain your information only as long as necessary for the purposes described in this policy:

  • Account data: Until you delete your account, plus 30 days for complete removal
  • Uploaded content: Until you delete it or your account
  • Payment records: As required for tax and legal compliance under French law (typically 10 years for accounting records)
  • Usage logs: Up to 12 months

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Secure cloud infrastructure
  • Access controls and authentication
  • Regular security monitoring

No system is completely secure. We cannot guarantee absolute security of your data, but we are committed to protecting it in accordance with industry standards and GDPR requirements.

10. Your Rights

Under the GDPR and French data protection law, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restrict processing: Limit how we use your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent

To exercise these rights, contact us at contact@pinspoke.com. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

12. International Data Transfers

Pinspoke is based in France within the European Economic Area (EEA). Some of our service providers may be located outside the EEA, including in the United States.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other lawful transfer mechanisms under GDPR

13. Cookies

We use essential cookies for authentication and Service functionality. We may use analytics cookies to understand how the Service is used.

In accordance with EU cookie regulations, we will request your consent before placing non-essential cookies. You can configure your browser to refuse cookies, though this may affect Service functionality.

14. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the current version.

16. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights:

Email: contact@pinspoke.com

Business: Pinspoke

SIREN: 901 177 626

Paris, France

Supervisory Authority: You may also contact the CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr