PinloPinlo Privacy Policy
Last updated: June 13, 2026
Pinlo (operated by Koncrate, “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Pinlo mobile application on iOS and Android (the “Service”).
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
1. Who we are
- Service name: Pinlo
- Contact email: aperio@koncrate.com
- Eligible users: Individuals aged 13 or older (or the minimum age required in your jurisdiction, if higher)
2. Information we collect
2.1 Information you provide
| Category | Examples | Purpose |
|---|---|---|
| Account data | Identifiers from Google or Apple sign-in (such as email and OAuth IDs), username, display name, profile photo | Create and manage your account, authenticate you |
| Profile data | Public or private account settings, bio, and other optional profile fields | Profile pages and social features |
| Trip content | Trip titles, date ranges, cover and representative photos, photo notes, pin colors, visibility settings | Build travel records, map display, cloud sync |
| Location data | GPS coordinates from photo EXIF, or map locations you select manually | Show pins and routes on the map |
| Social activity | Follow relationships, comments, likes, reports and report reasons | Explore, interaction, and safety |
| Support and reports | Details you provide when contacting us or submitting a report | Respond to requests, handle violations |
Important: Pinlo only uploads photos you explicitly select (up to 1 cover plus 9 representative photos per trip). Photos in the same date range that you do not select are not uploaded to our servers.
2.2 Device permissions and automatically collected data
With your permission, we may access:
- Photo library: Read photos and metadata (including capture time and location) within the date range you choose, so you can pick representative images. We do not request photo library access on cold start; we ask only when you use “Load photos” or similar actions.
- Location: Used for map positioning and pin display when photos include GPS data or when you place a pin manually.
- Push notifications (if you opt in): Account and interaction-related notifications.
We may also automatically collect:
- Device type, operating system version, app version, and language settings
- Usage data (such as feature usage and error logs)
- Account-linked user identifiers after sign-in (for sync and diagnostics)
2.3 Analytics and crash reporting
We use Firebase Analytics to understand how features are used and Firebase Crashlytics to collect crash and error reports to improve stability. This data may include app version, platform, and your account identifier when you are signed in.
2.4 Advertising (if enabled)
The Service may display ads through Google AdMob. AdMob and its partners may use device identifiers and related data under their own privacy policies to deliver and measure ads. You can limit personalized advertising through your device’s ad tracking settings.
3. How we use your information
We use the information above to:
- Provide, operate, and improve the Service (maps, trip records, cloud sync, share cards, and related features)
- Enable social features (Explore, follows, comments, visibility controls)
- Verify identity, prevent abuse, and enforce rate limits
- Handle reports, blocks, and account security
- Analyze usage, fix bugs, and improve performance
- Comply with legal obligations and protect our rights
- Contact you for support or important service notices
We do not sell your personal information.
4. Sharing and third parties
We may share necessary information with:
| Third party | Purpose |
|---|---|
| Supabase | Authentication, database, cloud storage |
| Google (sign-in, Maps, Analytics, AdMob) | Authentication, map display, analytics, advertising |
| Apple (Sign in with Apple) | iOS authentication |
| Cloudflare (where applicable) | File storage and delivery |
Each third party has its own privacy policy. We encourage you to review them separately.
Other users: If your account is public, or a trip is set to “public” or “followers only,” other Pinlo users may see your profile, trips, and representative photos according to your visibility settings. You can set your account to private or mark individual trips as “only me.”
Legal requirements: We may disclose information when required by law, court order, or a lawful request from public authorities.
5. Data retention
- We retain your data while your account is active to provide the Service.
- After you delete content or your account, we delete or anonymize related data within a reasonable period, though backups may take additional time to clear fully.
- We may retain records required by law (such as report handling records) for as long as legally required.
6. Your rights and choices
Depending on your location, you may have the right to:
- Access and correct your personal information (editable in-app on your profile and trips)
- Delete your account in App Settings; we will delete your cloud photos, trip data, and account
- Control visibility at the account level (public/private) and trip level (public, followers, or only me)
- Block users so you cannot see each other
- Revoke permissions for photos, location, or push notifications in device settings (some features may stop working)
- Limit ad tracking in iOS or Android system settings
For help exercising these rights, email aperio@koncrate.com.
7. Children’s privacy
The Service is not directed to children under 13. You must confirm you are at least 13 when registering. If we learn that an underage user has created an account, we will delete it. If you are a parent or guardian and believe your child has provided personal information, please contact us.
8. Security
We use reasonable technical and organizational measures to protect your data (such as encryption in transit and access controls). However, no method of transmission over the Internet is completely secure. Please keep your sign-in methods secure.
9. International transfers
Your data may be processed and stored on servers outside your country or region (for example, data centers operated by Supabase, Google, or Cloudflare). By using the Service, you consent to such cross-border transfers.
10. Changes to this policy
We may update this Privacy Policy from time to time. For material changes, we will notify you in the app or on this page and update the “Last updated” date. Continued use after changes means you accept the revised policy.
11. Contact us
Questions about this Privacy Policy: