Privacy Policy

Pinned Travel - iOS App

Meridian Bridge Group LLC

Effective Date: March 19, 2026

Last Updated: March 22, 2026

This Privacy Policy describes how Meridian Bridge Group LLC ("we," "us," or "our") collects, uses, and shares information when you use the Pinned Travel mobile application ("Pinned Travel" or the "App"). Pinned Travel is a travel planning app that helps you extract and organize geographic locations from social media content.

We are committed to protecting your privacy. This policy is written in plain language so you can understand exactly what data we collect, why we collect it, and what choices you have. This policy is designed to comply with applicable United States privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) and similar state laws. This policy is governed by the laws of the State of Georgia. European and Canadian privacy laws are currently out of scope at this time.

1. Information We Collect

1a. Information You Provide

Data	When Collected	Purpose
Email address	When you create an account	Authentication and account recovery
Password	When you create an account	Authentication (securely hashed. we never store or see your plaintext password)
Trip and collection names	When you organize saved locations	Organizing your saved places
Social media post URLs	When you paste a link into the App	Extracting location data from the post
Packing list items	When you add items to a trip packing list	Trip planning feature
Creator profile (display name, bio, social links)	If you opt into the marketplace as a creator	Public-facing creator identity for travel guide marketplace (optional feature)

1b. Information We Generate or Derive

Data	How Generated	Purpose
User ID	Automatically assigned at signup	Associates your data with your account
Location coordinates and place names	Extracted from the social media posts you submit	Core app functionality, pinning locations to your map
Platform identifier	Auto-detected from the URL you paste (e.g., TikTok, Instagram)	Routing the extraction request correctly

1c. Information Collected Automatically

Data	How Collected	Purpose
App usage events	Analytics SDK (behavioral events such as "trip created" or "link extracted")	Understanding how the App is used so we can improve it

Our analytics operates in "identified only" mode, meaning we do not create anonymous tracking profiles. Analytics events are only associated with your account after you sign in.

1d. Information Stored Locally on Your Device

If you use Pinned Travel before creating an account, your extraction results are stored locally on your device as temporary data. This data is migrated to your account when you sign up, or deleted when you uninstall the App. This local data never leaves your device until you create an account.

1e. Information We Do NOT Collect

We want to be explicit about what Pinned Travel does not access:

Device GPS location
- Pinned Travel does not track your physical location. Locations in the App come from social media posts, not your device.
Contacts or address book
Camera or photo library
Health, fitness, or biometric data
Advertising identifier (IDFA)
- We do not collect or use Apple's Identifier for Advertisers.
Browsing history or cookies
Financial or payment card information
- All purchases are handled entirely by Apple through the App Store. We never see or store your payment details.
Phone number, physical address, or government-issued identifiers

2. Why We Collect Your Information

We collect personal information for the following specific, identified purposes:

Providing the App's core functionality
- Extracting locations from social media posts, displaying them on maps, and letting you organize them into trips and collections.
Authentication and account management
- Creating and securing your account, enabling sign-in across devices, and processing account deletion requests.
Product analytics and improvement
- Understanding usage patterns so we can improve the App. Analytics events track actions (e.g., "a trip was created"), not personal content.
Payment processing
- Verifying in-app purchases through Apple's StoreKit framework. We store only transaction identifiers, not payment card details.
Map display
- When you search for a place name, we use Apple Maps to convert it to coordinates.
AI-powered location extraction
- When you paste a social media link, the publicly available content of that post (captions, hashtags, tagged locations) is processed by an AI service to identify the locations mentioned. Only public post content is processed, never your private data.

We collect only what is reasonably necessary for these purposes. We do not use your data for:

Advertising or ad targeting
Cross-app tracking
Selling or renting to third parties
Building profiles for purposes unrelated to the App
Automated decision-making that produces legal or similarly significant effects on you. Our AI is used only to extract location names from posts you submit, not to make decisions about you

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share data only with the service providers necessary to operate the App:

Service Category	What They Receive	Why
Cloud Infrastructure & Database Services	Account and app data	Hosting, authentication, and data storage
Product Analytics Services	User ID and app usage events	Product analytics and improvement
Apple	Transaction IDs and purchase amounts	In-app purchase processing
Apple Maps	Place name search queries	Converting place names to map coordinates
Social media data retrieval services (third-party APIs that fetch public post content on our behalf)	Social media post URLs	Retrieving publicly available post metadata
AI processing service	Public social media post text	Identifying locations mentioned in post content

Important details about third-party processing:

All third-party API calls are made from our servers, not directly from your device. Your authentication tokens are never exposed to third parties.
The content sent for AI-powered location extraction is the publicly available text of the social media post, not your personal account data or private content.
Our data is processed and stored in the United States. See Section 8 for information about data storage location.
We may disclose your information if required by law, regulation, legal process, or governmental request.
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy commitments in this policy.

4. Data Storage, Security, and Retention

Where Your Data Is Stored

Your account data is stored on secure cloud infrastructure hosted in the United States. Local device data (such as preferences and pre-signup extraction results) is stored on your device.

How We Protect Your Data

Encryption in transit
- All communication between the App and our servers uses HTTPS/TLS encryption.
Password security
- Passwords are hashed using industry-standard methods before storage. We never store or have access to your plaintext password.
Data isolation
- Database security policies ensure you can only access your own data. No user can read, modify, or delete another user's data.
Server-side secret management
- All sensitive credentials for third-party services are stored securely on our servers and are never included in the App.
Secure token storage
- Your session tokens are stored in the iOS Keychain, which provides platform-standard hardware-backed encryption.
Cascade deletion
- When you delete a trip, collection, or your account, all associated data is automatically and permanently removed.

Data Retention

We retain personal information only as long as necessary for the purposes described in this policy. The table below sets out our specific retention periods:

Category	Retention Period	Deletion Trigger
Account data (email, User ID)	Lifetime of account	Permanently deleted when you delete your account
Trips, collections, locations, packing lists	Until deleted by you	Deleted immediately on your request; cascade-deleted on account deletion
Social media post URLs	Until deleted by you	Deleted with associated content or on account deletion
Analytics events	Per our analytics provider's retention policy, which may extend beyond 30 days	Deletion requested via API on account deletion
Apple transaction IDs	Lifetime of account	Deleted on account deletion
Local device data (pre-signup)	Until account creation or app uninstall	Migrated to account on signup; deleted on uninstall
Backup systems	Up to 30 days after deletion	Purged from backups within 30 days of account deletion

Please allow up to 30 days for your data to be fully purged from all backup systems following account deletion.

5. Your Rights and Choices

Depending on where you live, you have various rights regarding your personal information. We honor these rights for all users regardless of location.

Account Deletion

You can delete your account and all associated data at any time:

Open Pinned Travel
Go to Settings
Tap Delete Account
Confirm the deletion

This permanently deletes your account and all data associated with it, including your profile, trips, collections, saved locations, links, and purchase records. This action is irreversible. Please allow up to 30 days for complete removal from backup systems.

Right to Know / Access

You have the right to know what personal information we hold about you, how we use it, and with whom we share it. To request a copy of your data, contact us at [email protected]. We will respond within 30 days (or such shorter period as required by applicable law).

Right to Correct

You have the right to request correction of inaccurate personal information. You can edit your trips, collections, locations, and packing list items directly in the App. To correct account information (such as your email address), or to request correction of other data, contact us at [email protected].

Right to Delete

You have the right to request deletion of your personal information. Use the in-app Delete Account feature (Settings > Delete Account) or contact us at [email protected]. We will process your request within 30 days.

Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, machine-readable format (such as JSON or CSV). To submit a portability request, contact us at [email protected]. We will respond within 30 days.

Right to Opt Out of Sale or Sharing

We do not sell your personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of. If this practice changes, we will update this policy and provide an opt-out mechanism before any such sharing begins.

Right to Limit Use of Sensitive Personal Information

We do not collect sensitive personal information as defined under applicable law (such as precise geolocation, racial or ethnic origin, health data, financial account information, or genetic data). The location data in the App is extracted from social media posts you submit. It reflects places mentioned in public posts, not your physical whereabouts. There is no sensitive personal information processing to limit.

Right to Appeal

If we decline to take action on your privacy request, you have the right to appeal our decision. To initiate an appeal, please contact us at [email protected] with "Privacy Appeal" in the subject line. We will respond to your appeal within 45 days. If your appeal is denied, you may contact your state's Attorney General to lodge a complaint.

Analytics Opt-Out

You may request that we stop collecting analytics data for your account by contacting us at [email protected]. We will process your request and confirm when complete. We are working to add an in-app opt-out toggle to a future release of the App.

Global Privacy Control and Do Not Track Signals

We recognize and honor Global Privacy Control (GPC) signals. If your browser or device transmits a GPC signal, we will treat it as a valid request to opt-out of the "sharing" of your information for cross-context behavioral advertising for that specific session. Because we do not track users across third-party websites, we do not currently respond to "Do Not Track" browser headers.

How to Submit a Request

To exercise any of the rights described in this section, you may:

Email us at [email protected] (available to all users)
Use the in-app Delete Account feature for deletion requests (Settings > Delete Account)

Using an Authorized Agent

You may designate an authorized agent to submit a privacy request on your behalf. To protect your information, we will require the agent to provide signed permission from you and may ask you to verify your identity directly with us or confirm that you provided the agent permission to submit the request.

We will verify your identity before processing your request. We will respond within 30 days of receiving a verifiable request. We will not discriminate against you for exercising any of these rights.

6. California Residents: Additional Disclosures

This section applies to California residents and supplements the information above. It is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").

Notice at Collection

At or before the time of collection, California residents have the right to receive notice of our practices. We collect the categories of personal information listed in Section 6(a) for the business purposes described in Section 2. We do not "sell" or "share" your personal information as those terms are defined under the CCPA. We retain your data only for as long as necessary, as detailed in our Retention Table in Section 4.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers
- email address, User ID (UUID)
Internet or other electronic network activity
- app usage events (behavioral analytics)
Commercial information
- Apple transaction IDs and purchase amounts
Geolocation data (limited)
- place names and coordinates extracted from social media posts you submit (not your device's physical location)
Other information you voluntarily provide
- trip names, collection names, packing list items, social media post URLs, and (if you use the marketplace) creator profile data

Sources of Personal Information

We collect personal information directly from you (through your use of the App), automatically (through our analytics SDK), and indirectly (location data extracted from social media posts you submit to us).

Purposes for Collection and Use

Please refer to Section 2 of this policy for a full description of the purposes for which we collect and use each category of personal information.

Categories of Third Parties with Whom We Share Personal Information

Please refer to Section 3 of this policy. We share personal information with: cloud infrastructure and database providers, analytics providers, payment processors, and AI and social media data service providers. We do not sell personal information and do not share it for cross-context behavioral advertising.

Your CCPA Rights

As a California resident, you have the right to:

Know what personal information we collect, use, disclose, and sell about you
Access the specific pieces of personal information we have collected about you
Delete personal information we have collected about you (with certain exceptions)
Correct inaccurate personal information we maintain about you
Opt out of the sale or sharing of your personal information (we do not sell or share)
Limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information as defined under CCPA)
Not be discriminated against for exercising any of these rights

To exercise your CCPA rights, contact us at [email protected] or use the in-app deletion feature. We will not discriminate against you for exercising your privacy rights.

7. Children's Privacy

Pinned Travel is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete that information.

8. Data Storage Location

Your account data is processed and stored in the United States. By using the App, you acknowledge that your data will be stored and processed in the United States.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy, your data, or your privacy rights, contact us at:

Meridian Bridge Group LLC
Email: [email protected]
Website: pinnedtravel.com