PinFlow Back to app

Last updated: June 9, 2026

Privacy Policy

PinFlow (available at pinflow.agency) is a social publishing tool that helps you plan, queue, and publish content across supported social networks. This page explains what information we collect, how we use it, and what we don't do with it. We've written this in plain language — if something still isn't clear, just email us.

What we collect

When you connect a social account, the provider shares basic profile or page information with us through their official OAuth flow. Depending on the platform, this can include usernames, account IDs, page IDs, page names, and the access scopes needed to publish on your behalf. We only request and store the minimum data needed to identify the connected account and perform the publishing actions you authorize.

We also store the content you create inside PinFlow: images or videos you upload, titles, captions, descriptions, destination links, and the dates you schedule posts for. We need to hold onto this until your scheduled content is published — that's the whole point of the service.

Our servers keep standard logs — things like IP addresses and request timestamps — for debugging purposes. These aren't tied to your identity and we don't retain them long-term.

How we use your data

We use the information we collect solely to operate PinFlow: authenticating your account, scheduling your content, and publishing it to the social platforms you connect. That's it.

Data obtained through connected platform APIs is used exclusively for the purpose you authorized — publishing and managing scheduled content. We do not use that data for advertising, profiling, or any purpose beyond delivering the scheduling service you signed up for.

YouTube and Google API Services

If you connect a YouTube channel to PinFlow, we access and use Google user data only to let you view the connected channel, upload videos, set titles, descriptions, privacy settings, and manage scheduled publishing actions you explicitly request inside PinFlow.

PinFlow's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can also read Google's own privacy policy here: https://policies.google.com/privacy.

What we don't do with your data

We don't sell your data. We don't share it with third parties (other than the connected social platforms themselves, when publishing your content). We don't use it for ad targeting — ours or anyone else's. We don't track you across other websites. There are no analytics pixels or third-party scripts watching what you do in the app. Data obtained through connected platform APIs is never used to target advertising or for any purpose prohibited by those platforms' developer policies.

Your connected social accounts

PinFlow connects to supported platforms using each provider's official OAuth flow. We request only the permissions needed for account discovery, publishing, and limited account context. We do not request access to private messages or unrelated personal data unless a platform specifically requires a basic identity scope for the connection to work.

You can revoke PinFlow's access to any connected platform at any time through that platform's connected-app settings. Once revoked, we can no longer publish on your behalf for that account.

For Google and YouTube specifically, you can remove PinFlow access from your Google account permissions page: https://myaccount.google.com/permissions.

Your content

Everything you upload to PinFlow belongs to you. We store media files and post details on our server solely to publish them on the schedule you set. We don't claim ownership over your content and we don't use it for any other purpose.

If you delete scheduled content from PinFlow before it's been published, it's removed from our system. If content has already been published to a social platform, deleting it from PinFlow won't necessarily remove it from that platform — you'd need to manage that directly in the connected account unless we explicitly support remote deletion.

How long we keep your data

Your account data is retained until you request deletion. We do not keep connected-platform API data longer than necessary to deliver the service. Once content is published or deleted, the associated scheduling data is no longer actively used.

To delete your account and all associated data, email us at contact@pinflow.agency with the subject line "Account Deletion Request." We will process your request and confirm deletion within 30 days, and typically within 48 hours.

Data deletion and YouTube disconnect requests

If you want PinFlow to delete YouTube-related data stored in your account, you can do any of the following: disconnect the YouTube account inside PinFlow, revoke PinFlow access from your Google account permissions page, or email contact@pinflow.agency with a deletion request.

After a valid deletion request, we delete the stored connected-channel metadata, encrypted OAuth tokens, scheduled YouTube posts, and related PinFlow-side publishing records associated with your account, except where temporary retention is required for security logs, billing compliance, or fraud prevention.

Your rights (GDPR & CCPA)

Depending on where you live, you may have the right to access the personal data we hold about you, request a copy of it, ask us to correct inaccuracies, or ask us to delete it. You also have the right to object to or restrict certain types of processing, and to withdraw your consent at any time (which you can do by revoking connected-platform access and requesting account deletion).

If you're a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale — though we don't sell personal information, so the last right doesn't apply here.

To exercise any of these rights, email contact@pinflow.agency. We'll respond within 30 days.

Security

All traffic to PinFlow is encrypted over HTTPS. We use server-side sessions — only your user ID is stored in a signed browser cookie, not your social-platform tokens. Access tokens and refresh tokens for connected providers are encrypted at rest in our database using AES-128 symmetric encryption (Fernet) before being stored. We take reasonable technical precautions to protect your data — but no system is perfectly immune, so please let us know immediately if you notice anything suspicious.


Questions or concerns

If you have questions about this policy, want to exercise your data rights, or need to report a privacy concern, reach out at contact@pinflow.agency. We take these seriously and respond within 48 hours.

Changes to this policy

If we make significant changes to how we handle your data, we'll update the date at the top of this page. We won't bury changes in legalese — if something meaningful shifts, we'll say so plainly.