Privacy Policy
Last Updated: July 8, 2025
Pinvia LLC (“Pinvia”, “Company”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the “Platform”).
By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please refrain from using the Platform.
1. Scope and Applicability
This Privacy Policy governs the data practices of Pinvia LLC (“Pinvia,” “Company,” “we,” “us,” or “our”) in connection with your access to and use of our mobile application, website, backend services, and any associated digital tools, hardware integrations, or communications (collectively, the “Platform”).
This Policy applies to all individuals and entities interacting with the Platform, including but not limited to:
● Registered users, including personal and business accounts
● Guest users who access features without creating an account
● Website visitors, subscribers, and users of browser-based features
● Business partners, affiliates, and sponsors with promotional access
● Vendors, service providers, and other operational collaborators
● Beta testers, program participants, and internal users
● Individuals captured via hardware or passive sensors (e.g., foot traffic sensors or cameras for event engagement analytics)
This Policy governs both personally identifiable information (PII) and non-personal data, whether collected directly by Pinvia or through third-party services acting on our behalf.
It covers all data collected via:
● Manual entry (e.g., sign-up, event submissions)
● Device signals (e.g., location tracking, traffic counters)
● In-app behavior (e.g., saves, shares, clicks, user preferences)
● Offline interactions tied to digital identifiers (e.g., QR scans, sensors)
● API integrations and third-party analytics tools
This Privacy Policy is applicable across all geographies, and is intended to comply with privacy regulations in the jurisdictions where we operate, including but not limited to the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and other relevant state, national, or international frameworks.
2. Information We Collect
We collect both personal and non-personal information from and about users, business partners, and devices interacting with the Platform. Data is collected in three primary ways:
a. Information You Provide to Us (Direct Input)
● Account Data: Name, email address, password, date of birth (used for age verification), phone number (if applicable), username or handle, and profile photos or avatars.
● Business Profile Data: Business name, logo, contact information, descriptions, open hours, category, service offerings, location details, and sponsorship tier (if applicable).
● Event and Promotion Submissions: Titles, descriptions, dates, media files, promotional assets, category tags, and business associations.
● Customer Support & Feedback: Communications, complaints, bug reports, surveys, helpdesk tickets, and interactions with our support team.
● Consent and Contractual Acknowledgements: Acceptance of our Terms of Service, Privacy Policy, sponsorship agreements, and any revenue-sharing or partnership contracts.
b. Information We Automatically Collect (Passive Collection)
● Device and Technical Metadata: Device model, operating system, IP address, app version, mobile carrier, hardware settings, crash logs, and screen resolution.
● Location Data: Geo-location coordinates via GPS or device sensors (only if location permissions are granted by the user).
● Behavioral and Usage Analytics: Clickstream data, screen flow, scroll depth, time on screen, save behavior, filter selections, error messages, crash reports, and real-time in-app interactions.
● App Performance Data: Load times, responsiveness metrics, server interaction logs, caching status, and latency events.
● Cookies and Tracking Technologies: Used for session continuity, user authentication, fraud prevention, A/B testing, performance analytics, and behavioral retargeting.
c. Information from Third Parties
● Social Media Logins & OAuth Providers: (If enabled) We may receive profile name, user ID, email, and profile photo when you sign in using services like Google, Apple, Meta (Facebook/Instagram), or others.
● Ad Networks and Attribution Platforms: Advertising ID, campaign source, click-through rate, install date, time to purchase, and return-on-ad-spend (ROAS) metrics.
● Payment Processors: While we do not store payment card numbers, we may receive transaction confirmation, purchase history, billing contact information, and refund status from partners like Apple Pay, Stripe, or Square.
● Hardware and Sensor Partners (e.g., foot traffic sensors): Aggregated data about visits, dwell time, anonymized entry/exit counts, or motion activity within sponsored locations.
User Content: If you post content, comments, or other materials on or through the Service, we collect the information you provide. This may include text, photos, or other media. Please note that any information you choose to make public in comments may be viewed by other users.
All collected data is handled in accordance with applicable laws and for legitimate business purposes, including improving the Platform, ensuring safety, enabling core functionality, and supporting monetization or sponsorship efforts.
3. How We Use Your Information
We use the information we collect — directly and automatically — for a variety of lawful and legitimate business purposes, including but not limited to:
a. Platform Operations and Account Management
● To create, verify, and manage user or business accounts and maintain accurate records.
● To enable authentication, authorization, and security monitoring.
● To detect, investigate, and prevent fraudulent activity, account misuse, or unauthorized access.
b. Personalization and Content Discovery
● To customize the Platform experience based on your location, preferences, saved content, and usage patterns.
● To recommend local events, promotions, or businesses relevant to your interests and behavior.
● To tailor push notifications and in-app alerts, including updates, reminders, or offers.
c. Analytics and Product Improvement
● To monitor usage trends, feature adoption, and engagement metrics (e.g., which tabs users frequent most).
● To evaluate system performance, identify bugs or bottlenecks, and enhance app stability and reliability.
● To conduct A/B tests and user experience research to refine platform design and features.
d. Sponsorships, Partnerships, and Marketing
● To support sponsored content placement, revenue-sharing arrangements, and event performance tracking.
● To provide sponsors or business partners with aggregated analytics reports, without disclosing personal identifiers.
● To manage marketing campaigns, retargeting, and ad effectiveness tracking (when applicable).
e. Communications and Support
● To respond to user support requests, bug reports, or inquiries submitted via email, in-app messages, or other channels.
● To deliver administrative messages, policy updates, and service announcements.
● To facilitate feedback loops and conduct voluntary surveys or interviews for product research.
f. Legal, Regulatory, and Safety Purposes
● To comply with applicable laws, subpoenas, legal processes, or government requests.
● To enforce our Terms of Service, community guidelines, or partnership agreements.
● To protect the rights, safety, or property of users, business partners, the public, and the Company.
We process your data only where there is a valid legal basis to do so — including contract performance, consent, legitimate interest, or compliance with legal obligations.
We use user-generated content to display within the app and to enhance user engagement. We may also analyze aggregated user content to improve our services.
4. Legal Bases for Processing
Pinvia LLC processes your personal information in accordance with applicable data protection laws. Depending on your location and the nature of your interaction with the Platform, we rely on one or more of the following legal bases to collect and use your data:
a. Consent
We may process your data where you have given explicit consent, such as:
● Accepting our Terms of Service and Privacy Policy
● Enabling location access for nearby event discovery
● Opting in to receive marketing communications or push notifications
● Authorizing data use through social login services or third-party integrations
You may withdraw your consent at any time by adjusting your device settings or contacting us directly, although this may limit certain functionalities of the Platform.
b. Contractual Necessity
We process your data as necessary to:
● Create, manage, and maintain your user account
● Provide core services, such as event display, account features, or payment functionality
● Fulfill our obligations under partnership, sponsorship, or revenue-sharing agreements
This includes taking steps at your request prior to entering into a contract (e.g., onboarding new business users).
c. Legitimate Interests
We may process data based on our legitimate business interests, provided they do not override your rights or freedoms. This includes:
● Ensuring platform security and fraud prevention
● Conducting product analytics, diagnostics, and A/B testing
● Promoting community engagement and feature optimization
● Enforcing our Terms of Service and preventing abuse
d. Legal Obligations
We may also process or retain personal data when necessary to:
● Comply with applicable laws, court orders, or government requests
● Respond to law enforcement, audits, or investigations
● Maintain records of transactions or consents in compliance with tax, consumer protection, or other regulatory frameworks
5. How We Share Information
We value your privacy and only share your information when necessary to operate our business, fulfill legal obligations, or provide core services and features. We do not sell your personal information.
a. Service Providers
We may share your data with trusted third-party vendors who support our operations, including:
● Cloud hosting (e.g., Firebase, AWS)
● App performance and analytics (e.g., Mixpanel, Sentry, or Amplitude)
● Push notifications and messaging infrastructure
● Customer support and issue tracking tools
● Marketing automation platforms (for opt-in notifications only)
All service providers are contractually bound to confidentiality and data protection standards.
b. Business Partners
If you interact with sponsored content or business features (e.g., “Castro Spotlights”), we may share:
● Engagement data (e.g., views, saves, clicks) in aggregated or anonymized form
● Your public profile data (only with consent) for feature personalization or promotional attribution
We do not provide partners with your email, location, or direct identifiers without explicit permission.
c. Legal Disclosures
We may disclose personal data when required by law or when we believe disclosure is necessary to:
● Respond to legal processes, subpoenas, or regulatory requests
● Investigate potential violations of our Terms of Service or suspected fraud
● Prevent, detect, or respond to security threats, harm, or illegal activity
● Protect the rights, safety, or property of Pinvia, our users, or the public
d. Corporate Transactions
In the event of a merger, acquisition, financing, corporate reorganization, bankruptcy, or sale of company assets, your information may be transferred to the acquiring or surviving entity. We will ensure that such parties are bound by privacy protections no less stringent than those described here.
e. With Your Explicit Consent
We may share information when you opt in to:
● Receive updates or event alerts from third-party businesses
● Collaborate with local venues or sponsors
● Participate in sweepstakes, surveys, or referral programs
You can control these permissions through your in-app settings.
f. De-Identified and Aggregated Data
We may share insights derived from anonymized or aggregated user behavior (e.g., event trends, neighborhood engagement patterns) for business development or product research. This data cannot be used to identify individuals.
6. Data Retention
We retain your information only as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, including:
a. Active Account Use
We retain all data associated with your account for the duration your account remains active.
● User-generated content (e.g., events, saves, profile information) is stored until you delete your account or request removal.
● Business submissions (e.g., promotions, sponsorship assets) remain until removed by you or as dictated by internal archival policies.
b. Account Deletion and Grace Period
Upon account deletion, we initiate a secure deletion process that includes:
● A 30-day grace period in which you may reverse deletion by reactivating your account.
● After the grace period, data is securely deleted or anonymized unless required to be retained by law.
c. Legal and Regulatory Obligations
Some data may be retained beyond account deletion to:
● Comply with legal, regulatory, or tax obligations
● Enforce our Terms of Service
● Address pending investigations or dispute resolution
Examples include:
● Financial records (retained for 7 years in accordance with tax laws)
● Consent logs or sponsorship contracts (retained for audit purposes)
d. Security and Abuse Prevention
We may retain certain identifiers (e.g., device fingerprints or banned account hashes) as part of our platform integrity systems to:
● Prevent re-registration after abuse or fraud
● Monitor reoccurrence of previously flagged activity
These records are minimized, access-controlled, and regularly reviewed.
e. Anonymized or Aggregated Data
Data that has been de-identified and cannot reasonably be linked back to you (e.g., event attendance heatmaps, platform activity trends) may be retained indefinitely for analytics, research, or service improvement.
We may retain user-generated content as necessary to provide the Service. You may request deletion of your content by contacting us at info.pinvia@gmail.com.
7. Your Rights & Choices
We respect your privacy and provide you with clear control over your data. Depending on your jurisdiction, you may have one or more of the following rights:
a. California Residents (CCPA/CPRA)
If you are a resident of California, you have the right to:
● Access: Request a copy of the personal information we hold about you.
● Delete: Request deletion of your personal data, subject to certain exemptions.
● Correct: Request correction of inaccurate personal data.
● Limit Use: Restrict the use of sensitive personal information.
● Opt-Out: Request to opt-out of the sale or sharing of personal information (Note: We do not sell personal data).
● Non-Discrimination: Receive equal service and price even if you exercise your privacy rights.
To submit a request, email us at info.pinvia@gmail.com with the subject “California Privacy Request.”
b. EEA, UK, and Other GDPR-Aligned Jurisdictions
If you are located in the European Economic Area, United Kingdom, or other jurisdictions governed by the General Data Protection Regulation (GDPR), you may:
● Access your data at any time.
● Rectify inaccuracies in your personal information.
● Erase your data (“right to be forgotten”).
● Restrict or object to our processing of your data.
● Port your data to another service provider.
● Withdraw consent for any processing based on consent (e.g., location services).
● Lodge a complaint with your local Data Protection Authority.
You can exercise these rights by contacting us at info.pinvia@gmail.com.
c. General User Choices (All Regions)
Regardless of where you reside, you may:
● Manage notifications within app settings.
● Disable location tracking through your device settings.
● Opt out of analytics tracking via in-app privacy controls (where available).
● Delete your account through your profile or by contacting support.
d. Verification Process
For privacy and security:
● We may request additional information to verify your identity before processing any privacy-related request.
● If you are an authorized agent submitting a request on someone’s behalf, we may require proof of authorization.
e. Response Timeline
We aim to respond to all verified privacy requests within:
● 10 business days to acknowledge receipt.
● 45 days to fully respond, extendable by an additional 45 days if reasonably necessary.
8. Children’s Privacy
The Pinvia Platform is strictly intended for individuals aged 18 and older. We do not knowingly collect, solicit, or store personal information from anyone under the age of 18. If you are not yet 18 years old, you are prohibited from creating an account, using the Platform, or submitting any personal data.
a. Age Verification Safeguards
● During account registration, users must confirm their birthdate to verify they are at least 18 years of age.
● Users found to have falsified age information will have their accounts permanently terminated.
● Additional ID verification or manual review may be conducted in edge cases or flagged accounts.
b. Actions Upon Discovery
If we discover or are notified that a user under the age of 18 has submitted personal data:
● The associated account will be immediately suspended and deleted.
● All identifiable information linked to the account will be permanently erased from our systems in accordance with applicable data protection laws.
● We may notify the appropriate guardian, authority, or regulatory agency if required by law.
c. Responsibility of Guardians
Parents or legal guardians who believe that their child has accessed the Platform in violation of these Terms should contact us immediately at info.pinvia@gmail.com. We will take swift steps to investigate and remediate any unauthorized access.
d. Jurisdictional Compliance
This policy complies with:
● The Children’s Online Privacy Protection Act (COPPA) in the United States
● Relevant provisions under the General Data Protection Regulation (GDPR) for minors in the EU/UK
● Applicable international privacy frameworks concerning child data protection
9. Data Security
At Pinvia, we implement a multi-layered security framework designed to safeguard your information from unauthorized access, misuse, alteration, or disclosure. While we adhere to leading industry practices, no system can be guaranteed 100% secure. By using the Platform, you acknowledge and accept these inherent risks.
a. Technical Safeguards
We utilize best-in-class encryption and infrastructure protections, including:
● TLS/SSL Encryption for all data transmissions across the Platform
● Encrypted data storage at rest and in transit, leveraging trusted cloud providers (e.g., AWS, Firebase)
● Firewall protection, DDoS mitigation, and endpoint security across our systems
● Routine penetration testing and vulnerability assessments by third-party security firms
b. Organizational Controls
● Role-Based Access Controls (RBAC): Only authorized personnel can access sensitive user data, based on job necessity and security clearance.
● Audit Logging: All access to sensitive systems is logged and monitored for anomalies or unauthorized behavior.
● Background Checks: Key personnel undergo vetting prior to access to administrative systems.
c. Breach Detection & Response
In the event of a suspected data breach:
● We will initiate our Incident Response Plan immediately.
● Affected users will be notified in accordance with applicable data breach notification laws.
● We will coordinate with legal counsel and regulators if necessary to ensure compliance and remediation.
d. User Responsibilities
While we take data security seriously, users also play a vital role in maintaining a secure environment. You agree to:
● Use a strong, unique password for your account
● Keep login credentials confidential
● Promptly report suspicious activity to info.pinvia@gmail.com
e. Compliance Standards
We actively monitor our practices to ensure ongoing compliance with applicable standards, including:
● California Consumer Privacy Act (CCPA)
● General Data Protection Regulation (GDPR)
● National Institute of Standards and Technology (NIST) security controls
10. Cross-Border Data Transfers
Pinvia is a U.S.-based company. By accessing or using the Platform from outside the United States, you acknowledge and expressly consent to the collection, transfer, processing, and storage of your personal information in the United States and other jurisdictions where we or our service providers operate.
a. U.S. Hosting and Processing
Your information will be processed and stored primarily in the United States, where data protection laws may differ from those in your country of residence. These transfers are necessary to provide our services and maintain Platform functionality.
b. Legal Basis for Transfers
Where required by law (e.g., under the General Data Protection Regulation [GDPR]), we rely on appropriate legal mechanisms for international data transfers, such as:
● Standard Contractual Clauses (SCCs) approved by the European Commission
● Data Processing Agreements (DPAs) with third-party vendors
● Explicit consent for specific processing activities
c. Security Safeguards
We maintain robust security, privacy, and contractual protections to ensure that your data receives a comparable level of protection regardless of where it is processed. These include encryption, access controls, and vendor oversight procedures.
d. User Acknowledgment
By using the Platform, you consent to:
● The cross-border transfer of your data to the U.S.
● Our continued efforts to comply with applicable international data protection regulations
● Understanding that privacy rights may differ depending on your jurisdiction
11. Third-Party Links & Services
The Platform may contain links to or integrations with third-party websites, applications, APIs, social platforms, payment processors, or other services (“Third-Party Services”). These services are not operated or controlled by Pinvia, and this Privacy Policy does not apply to them.
a. No Endorsement or Responsibility
Inclusion of a link or integration does not imply endorsement of that service. We are not responsible for the content, privacy policies, data practices, or terms of any Third-Party Services.
b. Independent Data Practices
Any data you provide to or through Third-Party Services is governed by their respective privacy policies and terms of use. We strongly encourage you to review those policies before engaging, especially when:
● Submitting personal data
● Making payments
● Connecting social media accounts
c. Embedded Services & SDKs
Some third-party tools (e.g., analytics SDKs, single sign-on providers, ad networks) may be embedded into our Platform. These may collect data automatically under their own policies. While we evaluate and monitor third-party partners for security and compliance, we do not control their independent data collection.
d. Liability Limitation
Pinvia disclaims all liability arising from your interactions with Third-Party Services. Your use of any third-party offering is at your own risk.
12. Changes to This Privacy Policy
We reserve the right to amend or update this Privacy Policy at any time, in our sole discretion, to reflect changes in legal requirements, operational practices, technologies, or user feedback.
a. Notification of Material Changes
If we make material changes to the way we collect, use, or share personal information, we will:
● Post a prominent notice within the Platform or on our website
● Notify registered users via email or in-app alert, where appropriate
● Indicate the effective date of the revised policy at the top of the page
b. Your Responsibility to Review
We encourage you to review this Privacy Policy periodically. Continued access to or use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy.
c. Regulatory Compliance
Where legally required (e.g., under GDPR, CCPA, or other applicable data protection laws), we will obtain your explicit consent before applying changes to the processing of your data.
13. Contact Information
If you have questions, concerns, or complaints regarding this Privacy Policy or our data practices, you may contact us through any of the following official channels:
Pinvia LLC
701 Del Monte Drive
Hollister, CA 95023
Email: info.pinvia@gmail.com