Privacy Policy
Last updated: May 11, 2026
Table of Contents
- What You Need to Know in 60 Seconds
- Who We Are
- What Data We Collect and Why
- How We Protect Your Data
- Who We Share Data With
- Where Your Data Lives
- How Long We Keep Your Data
- Your Rights
- Cookies and Tracking
- Children’s Privacy
- Changes to This Policy
- Contact Us
What You Need to Know in 60 Seconds
- We can’t read your private files — unless you share them. Private Sia storage is encrypted on your device before it ever reaches us. Even if someone demanded we hand them over, we couldn’t. We literally don’t have the keys. But if you generate a share URL, that URL includes the information needed to decrypt the content, making it effectively as public as an IPFS pin.
- We collect only what we need to run the service: your name, email, payment info, and some usage stats. We don’t sell your data. We don’t train AI on it. We don’t mine it for ads.
- IPFS pins are public. Anything you pin to IPFS is content-addressed and may be copied by other nodes. Shared Sia objects are effectively public too — anyone with the share URL can retrieve the content. Private storage is different — those deletes are real.
- You can ask us to delete your account or export your data anytime. Just email privacy@pinner.xyz. We’ll respond within 30 days.
- We keep payment records for 7 years because tax laws require it. Everything else we delete as soon as we reasonably can.
- We don’t profile you or sell predictions about you. No behavioral scoring. No ad targeting. No secret algorithms. We do run automated fraud detection on payments (via Stripe Radar) and sanctions screening as required by US law — but we don’t build personality profiles or classify users by behavior.
- We scan public IPFS content against databases of known illegal material (CSAM, malware signatures). We do not and cannot scan encrypted private storage — it is architecturally unreadable by our systems.
- This service is for people 13 and older. If we find out we collected data from a child under 13, we delete it immediately.
Who We Are
Pinner is a privacy-focused cloud storage service operated by Hammer Technologies LLC, based in North Carolina, USA.
| Business name | Pinner |
| Operator | Hammer Technologies LLC |
| Address | {{YOUR_ADDRESS}} |
| privacy@pinner.xyz | |
| Governing law | North Carolina, USA |
We are the “data controller” for your personal data (name, email, payment info, etc.). That means we decide how and why your data is used, and we’re responsible for protecting it. We have not appointed a Data Protection Officer because we are not required to under GDPR Article 37 — our processing is neither large-scale nor involves special categories of data.
Important distinction: For your stored content (files, data, documents), you are the data controller and Pinner acts as a data processor. Your content is encrypted client-side before it reaches us. We cannot read it, modify it, or use it for any purpose beyond storing and retrieving it on your behalf. This is not a policy choice — it is enforced by the design of the system.
What Data We Collect and Why
We collect data for specific purposes. We don’t collect anything “just in case.”
Data Categories
| Data | What it is | Why we need it |
|---|---|---|
| Account data | First name, last name, email address | To create your account, send service updates, and reset your password |
| Payment data (card) | Confirmation token, last 4 digits of card number | To process subscription payments via Stripe |
| Payment data (crypto) | Wallet address, transaction hash | To confirm crypto payments and link them to your account |
| Usage data | Storage used, upload/download stats, API calls | To run the service, enforce limits, and bill you correctly |
| Analytics data | Page views, feature usage, session duration | To understand how people use Pinner so we can improve it |
| IP address | Your device’s internet address | To prevent abuse, block attacks, and protect the service |
| Support data | Emails, chat logs, bug reports | To help you when something goes wrong |
Legal Basis for Processing
We process your data based on one of three legal grounds:
| Purpose | Legal basis | Explanation |
|---|---|---|
| Providing the service (account, storage, access) | Contract performance | We need this data to fulfill our agreement with you |
| Processing payments | Contract performance | We need payment data to charge you for the service |
| Security and abuse prevention | Legitimate interest | We have a legitimate interest in keeping the service safe for everyone |
| Analytics and product improvement | Legitimate interest | We have a legitimate interest in understanding how the product is used |
| Marketing communications (if any) | Consent | Only with your explicit opt-in, which you can withdraw anytime |
What “legitimate interest” means: It means we use the data in ways you would reasonably expect, in ways that don’t override your rights, and only for purposes that benefit both you and us (like keeping the service secure and making it better).
Where We Get Your Data
We collect data directly from you when you create an account, make a payment, or use the service. We do not purchase data from data brokers, and we do not collect data from third parties about you.
What You Must Provide vs. What’s Optional
| Data | Required? | What happens if you don’t provide it |
|---|---|---|
| Email address | Yes | You can’t create an account |
| Payment info | Yes | You can’t subscribe (we have no free tier) |
| Name | Yes | We need it for billing and account management |
| Analytics data | No | We collect it by default, but you can opt out via your browser or by contacting us |
| IP address | Yes (technical) | We log it automatically for security; you can’t use the service without connecting |
How We Protect Your Data
Zero-Knowledge Encryption for Private Storage
This is the most important thing to understand about Pinner:
Your private files are encrypted on your device before they are uploaded. The encryption keys stay on your device. We never see them. We literally cannot read your files. Not won’t — can’t. If law enforcement serves us a warrant, we hand over encrypted gibberish. That’s not defiance — it’s architecture. We cannot recover your files if you lose your password, because we never had the keys to begin with.
This is called zero-knowledge encryption — we can’t read your files, even if we wanted to.
What We Literally Cannot Access
These are not promises or policies we could change. They are facts about how the software works. No legal order, internal decision, or security breach on our end can change them:
- Your private file contents are encrypted before they leave your device. We receive only ciphertext. We cannot reverse it, read it, or produce the plaintext under any circumstances.
- Your encryption keys stay on your device. We never generate, transmit, receive, or store them. If you lose them, we cannot help you recover them — because we never had them.
- Your private file data doesn’t travel through our servers. Encrypted shards move directly between your device and Sia storage providers. Pinner’s indexer stores sealed object records — object IDs, encrypted master keys, slab layouts, and encrypted metadata — but cannot read any of it.
- Your private file names and structures are scrambled before they reach us. We store the encrypted result, but it’s gibberish to us. We cannot tell what you stored, what you named it, or what type of file it is.
- We can’t secretly change your private file records. Your client software signs all metadata with keys that live on your device. If anything gets modified in transit or storage, the signature breaks and your software rejects it.
- IPFS and shared Sia objects are different. IPFS content is public — we can see what CIDs you pin. Shared Sia objects are effectively public — if you generate a share URL, we can use that URL to verify your content. If privacy matters for certain data, don’t share it — use private storage only.
IPFS vs. Private Storage vs. Shared Sia Objects: Three Different Models
We offer three ways to store data. They have very different privacy properties:
| IPFS Pinning | Private Sia Storage | Shared Sia Objects | |
|---|---|---|---|
| What we see | CIDs, pin timestamps | Object IDs, encrypted master keys, slab layouts, encrypted metadata, timestamps | Same as private, plus share URLs include the ability to decrypt |
| Can we read contents? | Yes — IPFS is public by design | No — keys stay on your device | Yes, if we have the share URL |
| Is it encrypted? | No — content-addressed and public | Yes — client-side encryption | Yes on upload, but sharing provides the decryption key |
| Deletion | Unpinning removes from our nodes, other IPFS nodes may have copies | Deletes are genuine — encrypted shards are removed from storage providers | Same as private — unpin removes from indexer, shards orphaned |
Shared Sia objects: When you share a Sia object, you create a share URL that includes the information needed to download and decrypt the content. Share URLs are public links — anyone with the URL can retrieve the content. They are time-limited but cannot be restricted to specific users or revoked once shared. Once shared, the privacy properties are similar to IPFS — the content is publicly retrievable. If privacy matters for certain data, do not share it — use private storage only.
Important: When you pin something to IPFS, it gets a permanent content address. Other nodes on the IPFS network may copy and store that data independently. Unpinning from Pinner removes it from our infrastructure, but we cannot force other nodes to delete their copies. Private storage does not have this limitation.
Technical Security Measures
- TLS encryption for all data in transit (between your device and our servers)
- Encryption at rest for all data we store
- Zero-knowledge encryption for private storage files (as described above)
- Access controls — only a small number of authorized team members can access production systems, and only when necessary
- Regular security reviews of our infrastructure and code
What We DON’T Do
- We do NOT mine your data for advertising
- We do NOT train AI models on your content
- We do NOT sell your personal information to third parties
- We do NOT use automated decision-making or profiling to make decisions about you
Who We Share Data With
We don’t sell your data. We share it only with the specific service providers we need to run Pinner, and only what’s necessary.
| Recipient | What they receive | Why |
|---|---|---|
| Stripe | Card payment tokens, billing info | To process card payments. Stripe handles the full card number; we only see a confirmation token and the last 4 digits. |
| PostHog | Product usage events, feature interactions, session replay | To understand how people use Pinner so we can improve it |
| Sia network hosts | Encrypted shards | To store your private files across a decentralized network. These hosts store encrypted fragments — they cannot read your data. |
| Pinner’s indexer (indexd) | Sealed object records — identifiers, encrypted keys, encrypted metadata, signatures, timestamps | To track where your encrypted data lives, coordinate repairs, and manage storage contracts. The indexer never sees plaintext data or metadata. |
| Pinner’s storage subsystem | A subset of the same identifiers the indexer holds, linked to your account | For technical and operational reasons. This is a partial copy of what the indexer already stores. |
| Cloud hosting provider | Account data, metadata, encrypted files | To host our application and databases. (Provider TBD.) |
About Sia Network Hosts
Your encrypted private files are split into shards and distributed across independent hosts on the Sia network. These hosts are not employees or contractors of Pinner. They are independent participants in the Sia decentralized storage network. They store encrypted fragments of your data. Because of the zero-knowledge encryption, they cannot read or reconstruct your files. Pinner does not control these hosts, but we manage the encryption and distribution process.
Pinner’s indexer stores sealed object records — identifiers, encrypted keys, encrypted metadata, signatures, and timestamps. The indexer coordinates repairs and tracks where your data lives, but it never sees plaintext.
Our storage subsystem also keeps a copy of some of these identifiers, linked to your account. This partial duplicate exists for technical and operational reasons.
About Crypto Payments
For cryptocurrency payments, we collect only your wallet address and the transaction hash. We do NOT collect or require identity documents, proof of address, or any identity verification information for crypto payments. We do NOT know your real-world identity from a wallet address alone.
About Card Payments
For card payments, Stripe collects your billing information and handles the full card number. We receive only a confirmation token and the last 4 digits of your card. We never see your full card number, CVV, or expiration date.
Where Your Data Lives
Our servers and databases are located in the United States.
For Users in the European Union
If you are in the EU, your personal data is transferred from the EU to the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives protection equivalent to EU standards. These are legal contracts that require us and any US-based service providers to protect your data to the same level as if it stayed in the EU.
We may also rely on the EU-US Data Privacy Framework where applicable, though our primary mechanism for international transfers is Standard Contractual Clauses.
How Long We Keep Your Data
We keep data only as long as we have a legitimate reason. Here are the specific timeframes:
| Data type | Retention period | Why |
|---|---|---|
| Account data (name, email, profile) | As long as your account is active + 30 days | To run the service while you’re a customer, then allow for reactivation or error correction |
| Payment records (card) | 7 years | Tax and legal compliance requirements |
| Payment records (crypto) | 7 years | Tax and legal compliance requirements |
| Analytics data | 26 months | To identify long-term usage trends and improve the product |
| IP addresses | Duration of account activity + 90 days after last activity | Security, abuse prevention, and download attribution |
| Support emails and chat logs | 2 years | To reference past issues and provide consistent support |
| Deleted account data | 30 days after deletion | To allow for accidental deletion recovery, then permanently erased |
IP addresses: We record IP addresses associated with account activity, uploads, downloads, and storage changes. We use them to prevent abuse, attribute downloads, and protect the service. We do not use IP addresses to track you across the web, build a profile of you, or sell them to anyone.
Your Rights
You have rights over your personal data. Here’s what they are and how to exercise them.
For all of these, contact us at privacy@pinner.xyz. We will respond within 30 days. We may need to verify your identity before acting on your request.
| Right | What it means | How to exercise it |
|---|---|---|
| Access | You can ask us what data we have about you | Email privacy@pinner.xyz with the subject “Data Access Request” |
| Rectification | You can ask us to correct inaccurate data | Email privacy@pinner.xyz with the subject “Data Correction Request” and tell us what needs fixing |
| Erasure (“right to be forgotten”) | You can ask us to delete your data | Email privacy@pinner.xyz with the subject “Delete My Account” or use the account deletion option in your settings |
| Restriction | You can ask us to stop processing your data in certain circumstances | Email privacy@pinner.xyz with the subject “Restrict Processing Request” and explain why |
| Portability | You can ask for a copy of your data in a machine-readable format | Email privacy@pinner.xyz with the subject “Data Portability Request” |
| Objection | You can object to our processing based on legitimate interests | Email privacy@pinner.xyz with the subject “Objection to Processing” |
| Withdraw consent | If you gave consent for something, you can take it back anytime | Email privacy@pinner.xyz with the subject “Withdraw Consent” |
Limitations
We may not be able to delete data if we are legally required to keep it (for example, payment records for tax purposes). If this applies to your request, we will tell you.
Right to Lodge a Complaint
If you believe we have mishandled your data, you have the right to complain to:
- In the US: The North Carolina Attorney General’s Office
- In the EU: The data protection supervisory authority in your country of residence
We hope you’ll contact us first at privacy@pinner.xyz so we can try to resolve any issue directly.
California Residents (CCPA/CPRA)
If you are a California resident and the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies to Pinner, you have additional rights including:
- The right to know what personal information we collect, use, share, or sell
- The right to delete your personal information (with certain exceptions)
- The right to opt out of the sale of your personal information (note: we do not sell personal information)
- The right to non-discrimination for exercising your privacy rights
To exercise these rights, email privacy@pinner.xyz with the subject “California Privacy Rights Request.”
Opt-Out Preference Signals
We honor the Global Privacy Control (GPC) browser signal. If you have GPC enabled in your browser, we will treat it as a request to opt out of any sale or sharing of personal information. (Note: we do not sell or share personal information for advertising purposes regardless.)
Cookies and Tracking
We use cookies and similar technologies for two purposes:
- Essential cookies — These keep you logged in and make the service work. We can’t turn these off.
- Analytics cookies — These help us understand how people use Pinner. We use PostHog for this. We do NOT use advertising cookies or tracking for ads.
You can block analytics cookies through your browser settings or by using a tracking blocker. This won’t break the service, but it does make it harder for us to improve.
For more details, see our Cookie Policy (if available) or contact us at privacy@pinner.xyz.
Children’s Privacy
Pinner is not directed at children under 13, and we do not knowingly collect personal information from children under 13. Our service requires a payment method, which generally means it is used by adults.
If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe we might have information from a child under 13, please contact us at privacy@pinner.xyz.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. We will also update the “Last updated” date at the top of this page.
Minor changes (like clarifying language or fixing typos) may be made without notice, but we will still update the date.
We encourage you to review this policy periodically. Your continued use of Pinner after changes means you accept the updated policy.
Contact Us
If you have questions, concerns, or requests about this Privacy Policy or how we handle your data, contact us:
| Privacy questions | privacy@pinner.xyz |
| Report abuse | abuse@pinner.xyz |
| Operator | Hammer Technologies LLC |
| Address | {{YOUR_ADDRESS}} |
We read every email. We’re a small team, but we take privacy seriously and we’ll get back to you as soon as we can.
Related Documents
This Privacy Policy is effective as of May 11, 2026.