GDPR Commitment

PinPic as your data processor

This page explains how PinPic complies with the EU General Data Protection Regulation (GDPR) and how you can execute a Data Processing Addendum (DPA) with us.

Effective: 11 Nov 2024 Data Controller: You Data Processor: PinPic, Inc.

Our role under GDPR

When you upload personal data into PinPic (for example, staff bios or patient instructions), you act as the Data Controller. PinPic acts as a Data Processor and only processes data based on your documented instructions.

Legal bases for processing

  • Contractual necessity: We process account data to deliver the service you purchased.
  • Legitimate interests: We use limited analytics to improve reliability and prevent abuse.
  • Consent: Where required by law, we request consent for optional marketing communications or non-essential cookies.

Your GDPR toolbox

DPA & SCCs

Request our standard Data Processing Addendum and Standard Contractual Clauses by emailing privacy@pinpic.app.

Subprocessors

We use subprocessors for infrastructure, payments, email delivery, and AI features. Contact privacy@pinpic.app for the current subprocessor list.

Data transfers

Customer content is stored on servers in Germany (EU). If data is transferred outside the EU/EEA for specific services, we use appropriate safeguards such as SCCs where required.

Data subject rights

We provide tools to help you honor access, correction, deletion, restriction, and portability requests. If you receive a request, you can:

  • Edit or delete content in your account, including projects and hotspots.
  • Delete your account from the dashboard (account access is disabled immediately).
  • Request access/export/deletion assistance by emailing privacy@pinpic.app.
  • Contact us for assistance; we respond within 30 days.

Security measures

See our Security Overview for details on the technical and organizational safeguards we currently maintain, including transport encryption, access controls, and abuse prevention controls.

Breach notification

In the unlikely event of a breach involving your data, we will notify you without undue delay, describe the nature of the breach, and outline mitigation steps so you can meet your own obligations.

Need a signed DPA?

Email privacy@pinpic.app with your company name and jurisdiction. We’ll countersign electronically.