Pinch

Privacy Notice

Last updated: 16.07.2025

At Pinch, we are committed to protecting your personal data and ensuring transparency in how your data is processed. This Privacy Notice outlines how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679, including the updates from the 2025 GDPR Reform.

If you have any questions, or would like to exercise your data subject rights, you can reach out to our Privacy Team by emailing: [email protected]

1. What Data Does Pinch Process?

We process the following types of personal data:

  • Data you provide: name, email address, postal address, gender, preferences, and feedback submitted through our app or surveys.
  • Automatically collected data: device type, operating system, IP address, location (if permitted), and usage logs.
  • Derived data: behavioural data from app usage used for service personalisation.
  • AI-generated insights: profiles or recommendations created through AI analysis of behaviour or preferences.

We collect data directly from you and, where necessary, from third parties fully compliant with the GDPR.

2. Legal Bases for Processing (Article 6 GDPR)

We process your personal data only when there is a valid legal basis, including:

  • Consent (Art. 6(1)(a)): For newsletters, push notifications, and non-essential cookies.
  • Contract performance (Art. 6(1)(b)): To provide and maintain our services.
  • Legal obligation (Art. 6(1)(c)): For compliance with legal duties.
  • Legitimate interest (Art. 6(1)(f)): For security, app optimisation, limited analytics, and fraud detection — with a balance of your privacy rights considered.

You can withdraw your consent at any time by contacting our Privacy Team.

3. What Does Pinch Use My Data For?

Your personal data may be processed for the following purposes:

  • To register and manage your account
  • To deliver personalised app experiences
  • To enhance app functionality through analytics
  • For development and testing of AI/ML models (in compliance with GDPR principles, data minimisation, and fairness)
  • For market and product research
  • To ensure app security and debugging
  • To comply with legal and regulatory obligations

4. Personalised Services

We tailor our services using collected data and AI personalization to improve your user experience. This includes:

  • Content and feature recommendations
  • User journey improvements
  • Notifications and in-app suggestions based on usage patterns

We do not employ fully automated decision-making with legal or similarly significant effects without human intervention (Art. 22 GDPR).

5. Pinch App Access

When you use the app:

  • We collect device information for compatibility and troubleshooting
  • We analyse user journeys to identify and resolve friction points
  • Crash logs and analytics help improve app stability and usability

You’ll be notified when significant changes to tracking or analytics are introduced and be given a choice to opt in or out.

6. Social Media Fan Pages

Pinch owns and operates accounts on Facebook and Instagram. Information collected on these platforms is primarily controlled by Meta Platforms. We receive aggregated, anonymised analytics to understand audience demographics and content engagement.

For detailed information, refer to the respective social network’s privacy settings and policies.

7. Email and Push Recommendations

You may receive personalised communications from us (e.g. offers, surveys, or reminders) based on your usage history. These recommendations may occur even if you are not subscribed to a newsletter, but only where legally permitted or consented to.

You can opt out of such communication at any time via your account settings or by contacting us.

8. Advertising

Pinch does not sell, share, or use your data for third-party advertising.

9. Will My Data Be Shared?

We do not sell or forward your personal data to third parties.

We only share data with:

  • Processors (e.g. cloud services, app infrastructure providers) under strict Data Processing Agreements (DPAs) compliant with Art. 28 GDPR
  • Authorities, when legally obliged to do so (e.g., law enforcement requests)
  • Partners involved strictly in supporting or enhancing the app’s features under data minimisation principles and explicit contractual protection

10. Your Data Protection Rights (Arts. 15–22 GDPR)

Under the GDPR, you have the right to:

  • Access your data (Art. 15)
  • Correct your data (Art. 16)
  • Delete your data (“right to be forgotten”) (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Not to be subject to automatic decisions (Art. 22), unless permitted by law or with your consent
  • Lodge a complaint with a supervisory authority (Art. 77)

To exercise any of your rights, email us at [email protected]

11. Data Retention – When Will My Data Be Deleted?

We only store your data:

  • As long as necessary to fulfil the purposes outlined in this privacy notice
  • While your account is active, or as legally required (e.g. for tax or legal defence)
  • Based on retention limits established during data collection and aligned with Art. 5(1)(e) GDPR

You may request deletion at any time by contacting us.

12. How Is My Data Protected?

We apply industry-standard encryption and security practices in storing and transmitting data.

  • SSL encryption secures communication
  • Secure infrastructure (multi-region backups, role-based access control)
  • Regular audits and user authentication standards
  • AI/ML processes are subject to fairness and explainability reviews per GDPR 2025 AI guidance

13. Changes to this Privacy Notice

We may update this Privacy Notice as we evolve our services or adapt to new regulatory requirements. Updates will be communicated via app notification or email when material changes occur.

We recommend reviewing this page periodically.

14. Contact Information

Data Controller:
Pinch Technologies Pvt Ltd
Email: [email protected]
Privacy Requests: [email protected]

Supervisory Authority:
You can contact your local data protection authority or the relevant supervisory body in your EU member state.

Note: This Privacy Notice has been updated in line with the 2025 GDPR Reforms, including transparency requirements, AI processing disclosures, and reinforced data subject rights.