Privacy Policy

Atelier Pin (“we,” “us,” “our”) takes your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service at atelier-pin.com.

The data controller for the purposes of this Privacy Policy is:

Atelier Pin
Brandstrasse 31, 8952 Schlieren, Switzerland
Contact: info@atelier-pin.com

This Policy is compliant with the Swiss Federal Act on Data Protection (nDSG, in force September 2023) and, where applicable to EU residents, the General Data Protection Regulation (GDPR).

2.1 Account Data (collected at registration):

• Email address — required to create and manage your account
• Name — as provided during registration or via Google Sign-In
• Google account identifier — if you use Google Sign-In (we do not receive your Google password)
• Profile information — as optionally provided by you

2.2 Subscription and Billing Data:

• Subscription tier and status
• Subscription start date, renewal dates, and cancellation date
• Payment method details — processed and stored exclusively by Stripe; Atelier Pin does not store your full payment card details
• Billing history and invoice records
• Subscription changes and upgrade/downgrade history

2.3 Usage Data (collected automatically):

• Number of content items generated per session and cumulatively
• Content generation failures and error logs (for service improvement)
• Last login date and time
• Feature usage patterns (which tools and templates are used)
• IP address and approximate geographic location
• Browser type and device information

2.4 Content Data:

• Images and videos you upload to the Service
• Website URLs you enter for the Scraping Feature
• Text, titles, and descriptions you input or that are generated
• Generated content files created during your sessions

2.5 Pinterest Connection Data (only if you connect Pinterest):

• Pinterest user ID and username
• The list of boards on your Pinterest account (so you can choose where to publish)
• OAuth access and refresh tokens — stored encrypted, used only to publish on your behalf
• Records of pins published or queued through Atelier Pin and their status

Pinterest data is used solely to operate the publishing feature. It is never sold, shared with third parties, or used for advertising profiling. You can disconnect Pinterest at any time from Settings → Connected accounts; tokens are revoked immediately and Pinterest data we held for you is deleted within 24 hours.

2.6 Newsletter Data (optional):

• Email address — collected separately and only with your explicit opt-in consent via your dashboard
• Newsletter subscription status and date of consent

2.7 Communication Data:

• Emails and messages you send to info@atelier-pin.com
• Support requests and their content

We process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the Service you have subscribed to (account data, billing data, usage data for service operation)
• Legitimate interests — processing necessary for fraud prevention, security, service improvement, and error monitoring (usage logs, error logs)
• Legal obligation — processing required by applicable Swiss law, including financial record-keeping
• Consent — newsletter communications, where you have given explicit opt-in consent that you may withdraw at any time

We use your data exclusively for the following purposes:

• Creating and managing your account
• Providing and operating the Service
• Processing subscription payments and managing billing
• Sending transactional emails (password resets, payment confirmations, subscription notifications) via notify.atelier-pin.com
• Sending newsletters and marketing communications — only where you have explicitly opted in
• Monitoring and improving Service performance and reliability
• Detecting and preventing fraud, abuse, and security incidents
• Complying with legal obligations
• Responding to your support requests and communications

We do not sell your personal data to third parties. We do not use your data for advertising profiling. We do not share your data with third parties except as described in Article 5.

We share limited personal data with the following trusted third-party service providers solely for the purpose of operating the Service:

• Stripe Inc. — payment processing. Stripe processes your payment data under their own privacy policy. Atelier Pin does not store full card details. Stripe is certified PCI DSS Level 1.
• Supabase Inc. — database and authentication infrastructure. Your account and usage data is stored on Supabase servers.
• Google LLC — Google Sign-In authentication (optional). If you use Google Sign-In, limited profile data is shared with Google under their privacy policy.
• Pinterest Inc. — Pinterest API integration (optional, only if you connect a Pinterest account). When you connect, we exchange OAuth tokens with Pinterest and send the pin content you have chosen to publish. See Pinterest's privacy policy at pinterest.com/policy/privacy-policy for how Pinterest itself processes the data we send and the data on your Pinterest account.
• Email service provider — transactional email delivery via notify.atelier-pin.com.

All service providers are contractually bound to process your data only for the purposes of providing their services to Atelier Pin and to maintain appropriate security measures.

Some providers are located outside Switzerland and the EU. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with nDSG and GDPR requirements.

We retain your personal data for the following periods:

• Account data — retained for the duration of your account and deleted within 90 days of account deletion request
• Billing and payment records — retained for 10 years as required by Swiss accounting and tax law
• Pinterest OAuth tokens and connection data — deleted immediately when you disconnect, and within 24 hours in any case; tokens are also automatically purged after three consecutive refresh failures
• Usage logs and error logs — retained for 12 months then anonymised or deleted
• Content data (uploaded images, videos, generated content) — retained while your account is active; deleted within 90 days of account deletion
• Newsletter consent records — retained until you withdraw consent plus 3 years for compliance purposes
• Support communications — retained for 3 years

Under the Swiss nDSG and, where applicable, the EU GDPR, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you
• Right to rectification — you may request correction of inaccurate data
• Right to erasure — you may request deletion of your personal data, subject to legal retention obligations
• Right to data portability — you may request your data in a structured, machine-readable format
• Right to object — you may object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent (e.g. newsletter), you may withdraw consent at any time without affecting prior processing
• Right to disconnect Pinterest — if you have connected Pinterest, you may disconnect it at any time from Settings → Connected accounts. We revoke access tokens immediately and delete the Pinterest data we held for you within 24 hours.
• Right to lodge a complaint — you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or if you are an EU resident, with your local data protection authority

To exercise any of these rights, contact us at info@atelier-pin.com. We will respond within 30 days.

Atelier Pin uses minimal cookies and tracking technologies strictly necessary for the operation of the Service:

• Session cookies — required for authentication and keeping you logged in
• Functional cookies — required for Service functionality such as remembering your preferences

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies that profile you for advertising purposes.

If we add analytics tools in the future, this policy will be updated and you will be notified.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure, encrypted data storage via Supabase infrastructure
• Access controls limiting data access to authorised systems only
• Regular security monitoring

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority as required by law.

We send marketing and newsletter communications only to users who have explicitly opted in via the newsletter subscription option in their account dashboard.

You may unsubscribe at any time by clicking the unsubscribe link in any newsletter email or by changing your preferences in your dashboard. Unsubscribing from newsletters does not affect delivery of transactional emails related to your account.

We do not send unsolicited marketing emails. We do not share your email address with third parties for marketing purposes.

Atelier Pin offers an optional Pinterest integration that lets you publish generated pins to your own Pinterest account. The integration is fully opt-in: it is only active if you choose to connect Pinterest under Settings → Connected accounts.

11.1 Scopes we request. When you connect Pinterest, we request the following OAuth scopes:

• boards:read — to list your Pinterest boards so you can choose where to publish.
• pins:read — to read the status of pins previously published through Atelier Pin.
• pins:write — to publish pins on your behalf, only at the time you scheduled or when you press Publish now.
• user_accounts:read — to display your Pinterest username inside Atelier Pin so you can confirm the connected account.

11.2 How we use Pinterest data. Pinterest data is used exclusively to operate the publishing feature you have asked for. We do not sell, rent, or share Pinterest data with third parties. We do not use Pinterest data for advertising profiling. We do not analyse the content of pins on your account beyond what is strictly necessary to publish them.

11.3 Publishing is always under your control. No pin is ever published without your explicit action. Every scheduled pin remains visible, editable, and cancellable in your Schedule view until the scheduled time, and is published only at that exact time or when you press Publish now.

11.4 Disconnecting and revocation. You can disconnect Pinterest at any time from Settings → Connected accounts. On disconnect, we revoke the access tokens with Pinterest immediately and delete the Pinterest data we held for you within 24 hours. You can also revoke Atelier Pin's access directly from your Pinterest account settings at any time.

11.5 Token security. Pinterest OAuth tokens are stored encrypted at rest. Tokens are automatically purged after three consecutive refresh failures.