
Privacy Policy
Effective Date: July 18, 2026
1. Introduction
PinLeads ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web-based scraping service at https://pinleads.org (the "Service").
By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
- Account Information: Name, email address, and authentication credentials when you create an account
- Payment Information: Billing address and payment method details (processed securely through Stripe; we do not store full credit card numbers)
- Communication Data: Records of correspondence when you contact us for support or inquiries
2.2 Usage Information
We automatically collect information about your use of the Service:
- Scraping Data: URLs you submit for scraping, search queries, and results generated
- Export History: Records of CSV exports and data downloads
- Log Data: IP address, browser type, operating system, device information, and timestamps
- Usage Patterns: Features accessed, time spent on the Service, and click-through data
2.3 Cookies and Similar Technologies
We use cookies and similar tracking technologies to maintain your session, remember preferences, and analyze usage patterns. You can control cookies through your browser settings, but disabling cookies may limit functionality.
3. How We Use Your Information
We use your information for the following purposes:
- To provide, maintain, and improve the Service
- To process payments and manage subscriptions
- To authenticate users and secure accounts
- To send service-related notifications (account alerts, billing notices, security warnings)
- To respond to inquiries and provide customer support
- To detect, prevent, and address fraud, abuse, or technical issues
- To analyze usage patterns and improve user experience
- To comply with legal obligations
Marketing Communications: With your consent, we may send promotional emails about new features or special offers. You can opt out of marketing communications at any time by clicking the unsubscribe link or contacting us.
4. How We Share Your Information
We do not sell your personal information. We may share information only in the following circumstances:
- Service Providers: Third-party vendors who help us operate the Service, including:
- Stripe (payment processing)
- Firebase (authentication and database services)
- Hosting and cloud infrastructure providers
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets (we will notify you of any such transfer)
- Protection of Rights: To protect our rights, property, safety, or the rights of others
5. Third-Party Integrations
PinLeads offers optional integrations with third-party services. When you connect these integrations, we share data as described below:
5.1 HubSpot Integration
If you connect your HubSpot account (available on Pro and Business plans), we will:
- Data Sent to HubSpot: Lead name, email address, phone number, website URL, company name, and physical address from your scraping results
- OAuth Tokens: Access and refresh tokens are encrypted at rest using AES-256-GCM encryption and stored securely in our database
- Token Storage: Tokens are never logged or transmitted in plaintext
- Revocation: You can disconnect HubSpot at any time from your Account settings, which immediately revokes our access and deletes stored tokens
- HubSpot's Privacy Policy: Data sent to HubSpot is governed by HubSpot's Privacy Policy
5.2 Zapier Webhooks
If you configure a Zapier webhook URL (available on Pro and Business plans), we will send lead data to your specified webhook endpoint. You are responsible for the security and privacy practices of any third-party services you connect via Zapier.
6. Data Security
We implement appropriate technical and organizational security measures to protect your information:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication using Firebase Authentication
- Regular security audits and vulnerability assessments
- Access controls and role-based permissions
- Secure payment processing through PCI-compliant providers
Important Notice: While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:
- Account information: Retained while your account is active
- Scraping results: Retained for 30 days, then automatically deleted
- Payment records: Retained for 7 years for tax and accounting purposes
- Usage logs: Retained for 12 months for security and analytics
When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
8. Your Privacy Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Request transfer of your data to another service
- Objection: Object to certain processing of your information
- Restriction: Request limitation on how we use your information
To exercise these rights, please contact us using the information provided in Section 11. We will respond within 30 days.
9. Children's Privacy
The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information when transferred internationally, including standard contractual clauses and adequacy decisions.
By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.
11. Chrome Extension
The PinLeads Chrome Extension is an optional companion to our web service. It runs in the Chrome browser and lets you extract business contact information directly from Google Maps without leaving the page. This section explains what data the extension accesses, how it's used, and what permissions it requires.
11.1 Permissions Used
The extension requests the following Chrome permissions, each scoped to a specific function:
- storage: Stores your authentication token and extension preferences locally on your device. No personal data is sent to third parties.
- activeTab: Reads the URL and DOM of the currently active Google Maps tab when you trigger an extraction. It does not run in the background or track your browsing.
- scripting: Injects a small script into the active Google Maps tab to read publicly visible business listings (name, address, phone, website, etc.) when you initiate an extraction.
- sidePanel: Powers the extension's side panel UI inside Chrome.
- Host permissions for Google Maps: Allows the extension to read public business data on Google Maps.
- Host permissions for pinleads.org: Allows the extension to communicate with your PinLeads account so jobs and results are saved to your dashboard.
11.2 What Data the Extension Collects
The extension only handles two kinds of data:
- Public business information from Google Maps: Business names, addresses, phone numbers, websites, and (where listed) emails and social profiles. This is the same information any visitor to Google Maps can see.
- Your PinLeads authentication token: Captured when you sign in on
pinleads.orgso the extension can save jobs and results to your account. This token is stored locally and is never shared with third parties.
The extension does not collect browsing history, track your activity across other websites, read content from sites other than Google Maps and pinleads.org, or transmit data to anyone besides PinLeads itself.
11.3 How Extension Data Is Used
Business data extracted through the extension is sent to your PinLeads account and treated exactly like data collected through the web app: stored under your account, used only to populate your dashboard and exports, and subject to the same retention rules described in Section 6. The authentication token is used solely to identify your account when communicating with the PinLeads API.
11.4 Uninstalling the Extension
You can remove the extension at any time through Chrome's extension settings. Uninstalling removes all locally stored data, including your authentication token. Data already saved to your PinLeads account remains until you delete it from the dashboard or close your account.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will notify you by email or through a prominent notice on the Service.
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please visit our Support Center to submit a ticket.
Business Name: PinLeads
Website: https://pinleads.org
California Residents: California residents may have additional rights under the California Consumer Privacy Act (CCPA). Please contact us for more information.
EU/UK Residents: If you are located in the European Union or United Kingdom, you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data is contractual necessity and legitimate interests.