← Back to PNK

Privacy Policy

Last updated: March 26, 2026

1. Our Commitment to Your Privacy

PNK is a social photo-sharing app built on a simple idea: your captures stay hidden until the daily 6 PM reveal. We believe privacy should be just as simple. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have over it.

PNK has no advertising, no data selling, and no paid features. We collect only what is necessary to provide and secure the Service. By creating an account and using PNK, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use PNK.

2. Who We Are

PNK is the operator and data controller for the personal data processed through the PNK mobile application ("the Service"). For the purposes of the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, PNK is the controller of your personal data.

PNK
Email: support@pnk.app

3. Data We Collect

3.1 Data You Provide Directly

• Account information: Your name, email address (provided via Apple Sign In), date of birth, phone number, and username. Your date of birth is collected to verify you are at least 18 years old.
• Profile information: Your avatar photo, which you upload during onboarding.
• User content: Photos and videos ("Captures") you take through the app.
• Contacts: With your explicit permission, we access your phone contacts to help you find friends who are already on PNK. Contact data is used solely for friend matching. Phone numbers are normalized to the international E.164 format for matching purposes.
• Reports and communications: Content you share when you report another user or contact our support team.

3.2 Data Collected Automatically

• Device information: Device model, operating system version, and unique device identifiers.
• Push notification tokens: Device tokens required to send you push notifications via the Apple Push Notification service (APNs).
• IP address: Your IP address is collected when you connect to the Service. It is used for security purposes (fraud detection, abuse prevention) and to determine your approximate geographic location for service availability.
• Usage data: How you interact with the Service, including features used, actions taken (such as capturing a photo, adding a friend, or blocking a user), and timestamps of those actions.

3.3 Data from Third-Party Sources

• Apple Sign In: When you sign in with Apple, we receive your name and email address (or a private relay email address if you choose to hide your email). We do not receive your Apple ID password.

3.4 Data We Do Not Collect

PNK is a native mobile application. We do not use cookies or web tracking technologies. We do not collect browsing history, we do not use advertising identifiers, and we do not build advertising profiles. We do not collect precise geolocation data (GPS). We do not collect financial or payment information since PNK has no paid features.

4. How We Use Your Data

We process your personal data based on the following legal grounds and for the following purposes:

4.1 Performance of the Contract (Article 6(1)(b) GDPR)

• Account creation and management: To create and maintain your account, authenticate your identity, and verify your age.
• Core service delivery: To store your Captures, execute the daily 6 PM reveal, manage your friend list, and display content to your friends.
• Friend discovery: To match your contacts with existing PNK users so you can find friends on the platform.
• Notifications: To send you push notifications about reveals, friend requests, and account activity.

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

• Safety and moderation: To review reported content, enforce our Terms of Service, and protect the safety and security of our users.
• Service improvement: To analyze aggregated, anonymized usage patterns to improve the Service and develop new features.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.

4.3 Legal Obligation (Article 6(1)(c) GDPR)

• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Mandatory data retention: To retain certain data as required by law (for example, connection logs as required under French law).

4.4 Consent (Article 6(1)(a) GDPR)

• Contact access: We access your phone contacts only with your explicit, opt-in permission. You can revoke this permission at any time in your device settings.

5. How Long We Keep Your Data

We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Active account data: Retained for the duration of your account. This includes your profile information, Captures, friend list, and usage data.
• Deleted account data: When you delete your account, all your data is permanently deleted from our servers (CASCADE delete). This includes your profile, all Captures, friend connections, and any content you uploaded. Deletion is irreversible.
• Contact data: Phone numbers from your contacts are processed for friend matching and are not stored permanently in association with your account. If you revoke contact permission, we stop accessing your contacts.
• Security and legal logs: Certain logs (such as connection logs, IP addresses, and moderation records) may be retained for up to one (1) year after account deletion, as required by French law (Loi pour la Confiance dans l'Economie Numerique) or to protect our legal interests.
• Reports and moderation records: Reports you file or that are filed against you may be retained for up to one (1) year after the resolution of the report, for safety and legal compliance purposes.

6. Who We Share Your Data With

We do not sell your personal data. We do not share your data with advertisers. We share your data only with the following categories of recipients, and only to the extent necessary:

6.1 Your Friends on PNK

Your Captures, username, name, and avatar are visible to users you have mutually accepted as friends. Blocked users cannot see any of your information.

6.2 Service Providers (Data Processors)

We use the following third-party service providers to operate PNK. These providers process your data on our behalf and under our instructions, pursuant to data processing agreements:

• Google Cloud Platform (Google LLC): Cloud hosting, data storage, and computing infrastructure. Your data (including Captures, account data, and database records) is stored on Google Cloud servers. Data is stored in the us-central1 region (Council Bluffs, Iowa, United States).
• Vonage (Vonage Holdings Corp.): SMS delivery for phone number verification during account creation.
• Apple Inc.: Apple Sign In for authentication, and Apple Push Notification service (APNs) for delivering push notifications to your device.

6.3 Legal and Safety Disclosures

We may disclose your personal data if we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or enforceable governmental request.
• Protect the rights, property, or safety of PNK, our users, or the public.
• Detect, prevent, or address fraud, security issues, or technical problems.
• Enforce our Terms of Service.

6.4 Business Transfers

If PNK is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

7. International Data Transfers

PNK is operated from France, but your data is stored on Google Cloud servers in the United States (us-central1 region). Our service providers may also process your data in the United States or other countries outside the European Economic Area (EEA) and the United Kingdom.

When your data is transferred outside the EEA or UK, we ensure it is protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): As adopted by the European Commission, included in our data processing agreements with service providers.
• EU-US Data Privacy Framework: Where applicable, our service providers (including Google) may be certified under the EU-US Data Privacy Framework.

You can request a copy of the safeguards in place by contacting us at support@pnk.app.

8. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption in transit: All data transmitted between the app and our servers is encrypted using TLS (Transport Layer Security).
• Secure infrastructure: Our servers are hosted on Google Cloud Platform, which provides enterprise-grade physical and network security.
• Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• Authentication security: We use Apple Sign In and SMS verification, avoiding password storage entirely.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users and relevant authorities in the event of a data breach, as required by applicable law.

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of where you live, you can:

• Delete your account: At any time from the app settings. This permanently deletes all your data.
• Block users: Prevent specific users from seeing your content or interacting with you.
• Control notifications: Manage push notification preferences in your device settings.
• Revoke contact access: Remove PNK's access to your phone contacts at any time via your device settings.

9.2 Rights Under the GDPR (EU and UK Residents)

If you reside in the European Union or the United Kingdom, you have the following rights under the GDPR and UK Data Protection Act:

• Right of access (Article 15): Request a copy of the personal data we hold about you.
• Right to rectification (Article 16): Request correction of inaccurate personal data.
• Right to erasure (Article 17): Request deletion of your personal data. You can exercise this right directly by deleting your account in the app.
• Right to restriction of processing (Article 18): Request that we limit the processing of your data in certain circumstances.
• Right to data portability (Article 20): Request a copy of your data in a structured, commonly used, machine-readable format.
• Right to object (Article 21): Object to the processing of your data based on legitimate interests.
• Right to withdraw consent (Article 7(3)): Withdraw consent at any time where processing is based on consent (for example, contact access).

To exercise these rights, contact us at support@pnk.app. We will respond within thirty (30) days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertes (CNIL) at www.cnil.fr.

9.3 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share your data.
• Right to delete: You may request deletion of your personal information. You can do this directly by deleting your account in the app.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: PNK does not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, contact us at support@pnk.app. We will verify your identity before processing your request.

9.4 Do Not Track

PNK is a native mobile application and does not respond to "Do Not Track" browser signals. However, as noted above, we do not use web tracking technologies or build advertising profiles.

10. Children's Privacy

PNK is only available to users who are at least 18 years old. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take immediate steps to delete that data and terminate the associated account. If you believe a minor has created an account on PNK, please contact us at support@pnk.app.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service itself. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you through the app or via email at least thirty (30) days before the changes take effect.

Your continued use of PNK after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and delete your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, contact us at:

PNK
Email: support@pnk.app

For EU/UK data protection inquiries, you may also contact your local data protection authority.