Privacy

The data controller for PIN is Harshit Singh (the developer of PIN), reachable at founder@catchandpin.app. PIN is operated from India and serves users globally.

When you sign up for early access on this site we store your email address, the platform you picked (iOS or Android), the page that referred you, your user-agent string, and a one-way hash of your IP (not the raw IP). We use these to send you your download link, prevent abuse of the signup form, and understand which channels people are arriving from.

Your account: when you sign up, we store your email address, name (if you provide one), and a Clerk-managed authentication identity. Passwords are never stored in plain text — they live with Clerk, our authentication provider.

Your saves: every pin you create — its URL, title, extracted text or article body, your note, image (if any), and the collections you put it in — is stored on infrastructure we operate. Pins are scoped to your account. No other PIN user can see what you've saved unless you make a collection public (see below).

Usage data: we record anonymous product analytics (which screens you visited, which features you used) to understand what's working. No personal content from your pins is sent to the analytics system.

When you ask PIN a question in the Ask tab, your message and the relevant pin content the agent retrieves are sent to a third-party AI provider (currently OpenAI, with Anthropic and NVIDIA as alternative providers). The provider returns a response, which we stream back to you and store as part of the conversation history in your account.

The AI provider only sees what the agent needs to answer your current question — typically a handful of pins, plus your message. They do not see your full library at once.

We have agreements with these providers that they do not use your data to train their models, but you should be aware that some content from your pins (the pins relevant to whatever you ask about) leaves our servers and is processed by them. If this is a concern, you can simply not use the Ask tab — the rest of PIN works without any AI processing.

When you save a URL, PIN's server makes a request to that URL to fetch the page's metadata (title, description, preview image) and a clean readable copy of the article. This means the third-party site sees one request from our server when you save it. We do not pass any information about you to the destination — just a normal page fetch from a generic user-agent.

If you choose to share a collection publicly, PIN generates a shareable link. Anyone with that link can view the pins inside that specific collection without a PIN account. Your other pins, other collections, account, and notes remain private. You can revoke a public link at any time from the collection settings.

Public collections do not appear in search engines unless you distribute the link broadly. We don't advertise public collections to anyone.

PIN is built on top of several infrastructure providers. Each sees a narrow slice of data needed to perform its function. The list below is current as of the date at the top of this page; if we add, remove, or change providers in a way that affects how your data is handled, we'll update this list and email registered users.

• Clerk — authentication. Handles your email, password, sign-in sessions.
• Neon Postgres (US-East) — database. Stores your pins, collections, conversations.
• Vercel — hosts our backend and serves our marketing site. Sees request logs.
• Vercel Blob — image storage for screenshots and photos you save.
• OpenAI, Anthropic, NVIDIA — AI providers for the Ask tab (see “AI features” above).
• Tavily — web search API used by the AI agent when you ask it to find new content.
• PostHog — anonymous product analytics. Receives screen events, not pin content.
• Sentry — error tracking. Receives crash reports, may incidentally capture parts of your UI state if a crash happens. We do not feed pin content to it intentionally.
• Resend — transactional email. Receives your email address to deliver download links and product updates.
• Upstash Redis — rate limiting. Sees your user ID and request counts, not content.

Pin data is stored primarily in the United States (Neon's AWS us-east-1 region). If you sign up from outside the US, your data is transferred there for storage and processing. We retain your pin data for as long as your account exists. When you delete your account, all pins, collections, conversations, and personally identifying data are removed from our active systems within 30 days, and from backups within 90 days.

Marketing site: we use minimal cookies — a session cookie if you sign up, and PostHog analytics cookies. No advertising cookies, no third-party trackers beyond PostHog.

Mobile app: the app stores your authentication token, a local snapshot of your pins (for offline support), and a small queue of pending changes in MMKV (an on-device key-value store). Nothing leaves the device until you save a pin or open the app.

We email you the download link, occasional product updates during early access, and any account-related notifications (security, deletion confirmations). Every product email has an opt-out, and replying with “unsubscribe” removes you from the non-critical list. We never sell or share your email.

You can, at any time:

• Access — see what we've stored about you by opening the app.
• Export — download a JSON file of every pin, note, and collection from Account → Export my data.
• Correct — edit any pin, note, or your profile inside the app.
• Delete — delete your account from Account → Delete account. This is irreversible.
• Object or restrict processing — email us if you want to opt out of analytics, AI processing, or any specific use of your data while keeping the account open.

If you're in the EU/UK and want to exercise GDPR rights, email us and we'll respond within 30 days. If you're in India, your rights under the DPDP Act are honored on the same timeline.

PIN is not designed for children under 13. If you're under 13, please don't sign up. If we learn we have data on someone under 13, we'll delete it.

We use industry-standard practices: HTTPS for all network calls, encryption at rest on managed-database storage, and short-lived session tokens. No system is perfectly secure though, and PIN is built by a solo founder, not a hardened security organization. If you store something on PIN that you would not be okay losing or having exposed, please reconsider.

If we make material changes to this privacy policy, we'll email registered users and update the “Last updated” date at the top. Minor wording or formatting changes won't trigger a notification.

Questions? Concerns? Want to exercise a right? Email founder@catchandpin.app. You'll hear back from a real person.