Privacy Policy .

This Privacy Policy explains how PINNIQAL, Inc. ("PINNIQAL", "we", "us") collects, uses, and shares information when you use our platform (the "Service"). It applies to customers, end users, and visitors to our marketing site.

We collect three categories of data: Account data: name, email, company, password hash, billing details processed by Stripe. Workspace data: contacts and companies you add or that Pip discovers and enriches, the email sequences and campaigns you create, sending-domain and inbox configuration, message and reply records, and other content you create or upload. This is yours; we process it on your behalf. Technical data: IP address, browser, timestamps, and product events used for fraud prevention, billing accuracy, and product analytics. We use first-party analytics; we do not load third-party adtech pixels on the marketing site.

To deliver the Service, process payments, send transactional email about your account, debug, prevent abuse, and improve the product. We will never sell your data. We do not use your workspace data to train AI models that are then shared with other customers.

Subprocessors strictly necessary to run the Service: Stripe (payments), Anthropic (AI orchestration / Pip), contact-enrichment providers (e.g. Apollo, Hunter), Cloudflare (CDN + WAF), AWS (compute + storage in us-east-1 and us-west-2). We sign DPAs with all subprocessors and pass through their commitments to you. Full list available at pinniqal.com/legal/subprocessors.

Account data is retained while your workspace is active and for 90 days after cancellation, after which it's permanently deleted. You can request deletion at any time via support@pinniqal.com — we honor verified requests within 30 days. Backups are retained for an additional 35 days for disaster recovery.

Depending on your jurisdiction (GDPR, CCPA, etc.) you have the right to access, correct, export, and delete your data. Email privacy@pinniqal.com — we respond within 30 days. We don't charge for routine requests.

All data in transit is TLS 1.3. At rest we use AES-256 on storage volumes plus per-tenant encryption keys for sensitive fields (SMTP passwords, API keys). We run SOC 2 Type II controls — report available under NDA. Vulnerability reports: security@pinniqal.com.

The Service is not directed to users under 16. We do not knowingly collect data from children.

We'll email all account owners at least 30 days before any material change. The current version always lives at this URL with the updated date at the top.

Questions: privacy@pinniqal.com. Postal: PINNIQAL, Inc., 4127 N. Central Expwy, Suite 2200, Dallas, TX 75204, USA.