Privacy Policy
Last Updated: May 9, 2026
The short version: PinVault collects what's needed to run the app — your collection data, photos you upload, trade messages, and scans you take. We don't sell your data. We don't track you across apps or websites. We don't collect your location. Pin photos you take get sent to AI to identify and authenticate, then the photo is discarded.
This Privacy Policy explains what PinVault collects, how we use it, and what choices you have. PinVault is operated by DataForge Systems LLC ("DataForge Systems," "we," "us"), an Alabama LLC.
Who We Are
DataForge Systems LLC builds software for specific audiences who need tools that respect them. PinVault is our app for Disney pin collectors. We're a small company in Huntsville, Alabama — not a data broker, not an ad-funded platform.
What We Collect
Account information
When you sign up, you use Sign in with Apple. This gives us:
- A unique identifier from Apple (so we know it's you on return visits)
- The email address you choose to share with us through Apple — either your real Apple email or a private relay address Apple generates for you
- The name you provide (you can change this, and you can use a handle instead of your real name)
Your collection
Information you enter about pins you own, including:
- Which pins are in your collection (linked to our reference catalog) or details about pins you add manually
- Condition, acquisition date, where you got it, what you paid, your notes
- Photos you upload of your pins
- Whether each pin is in your "available for trade" list
Your wishlist
Pins you've marked as wanted, plus optional notes and maximum prices.
Trade activity
When you propose, accept, or complete a trade with another user, we store:
- The pins involved and any cash equalizer amount
- Messages between you and the other user
- Shipping addresses (only revealed to the other party once a trade is accepted)
- Tracking numbers, completion confirmations, and post-trade feedback
Scans
When you take a photo to identify or authenticate a pin:
- The photo is uploaded to our servers
- It's sent to Anthropic (our AI provider) for processing
- The result (which pin it matched, confidence score, etc.) is returned to you and saved to your account if you confirm the match
- The original scan photo is discarded after processing — it isn't kept long-term unless you choose to save it as a photo of your specific copy
Market value lookups
When you check the market value of a pin, we send the pin's identifying information (name, series, etc.) to eBay's API and return recent listing data to you. We don't send your identity to eBay.
Usage information
To enforce subscription tier limits and prevent abuse, we count things like:
- How many scans you've performed this month
- How many market lookups you've performed this month
- How many catalog submissions you've made
These counts reset monthly and aren't used for tracking or analytics.
Crash and diagnostic data
If PinVault crashes or hits an error, we may receive Apple-provided crash logs. These contain technical information (what version, what device, what stack trace) and don't contain your collection data, photos, or messages.
What We Do NOT Collect
- Your location. PinVault doesn't request or collect location data.
- Your contacts, calendar, or photo library. The only photos we see are the ones you specifically upload to the app. We don't scan or index your camera roll.
- Your browsing or in-app behavior beyond usage counters. We don't track which screens you spend the most time on, what you tap, or what features you ignore.
- Your data for advertising. PinVault has no ads. We don't share anything with ad networks.
- Cross-app or cross-site tracking. No third-party trackers, pixels, or analytics SDKs from advertising companies.
- Sensitive personal information like government IDs, social security numbers, biometrics, or payment card numbers (Apple handles all payment information; we don't see card data).
How We Use Your Information
We use the data we collect to:
- Run the app: show you your collection, process scans, match trades, deliver messages
- Improve identification and authentication models over time (in aggregate; not by reading your individual data)
- Enforce subscription limits and prevent abuse
- Communicate with you about your account, subscription, or important changes
- Detect and prevent fraud, security issues, or violations of our Terms
- Comply with legal obligations
How We Share Your Information
We share your information only when needed:
- With other users, when you choose to. Other PinVault users see whatever your privacy settings let them see — public collection items, trade-ready listings, your handle, and any photos you've shared. You control these settings in the app.
- With service providers who help us run PinVault — listed below in "Third-Party Services." These providers process data on our behalf under contractual privacy obligations.
- With law enforcement, when legally required. If we receive a valid legal process (subpoena, warrant), we comply within applicable legal limits. We push back on overbroad requests where we can.
- In a business transfer. If DataForge Systems is acquired, merged, or reorganized, your data may transfer to the successor entity. We'll notify you if that changes how your data is handled.
We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
Third-Party Services
PinVault relies on the following third-party services to operate. Each handles data according to its own privacy policy:
- Apple — Sign in with Apple, payments, push notifications, crash diagnostics. Apple Privacy Policy
- Anthropic — AI processing for pin identification and authentication scans. Photos are sent for processing and not retained for training. Anthropic Privacy Policy
- Supabase — Backend hosting and database storage. Supabase Privacy Policy
- eBay — Market value lookup API. Pin metadata (not your identity) is sent to find recent listings. eBay Privacy Policy
- Pin & Pop — Reference catalog data provider. We receive pin data from them; we don't send your data to them. pinandpop.com
Data Retention
We keep your data for as long as your account is active. When you delete your account (Settings → Account → Delete Account), we permanently remove your personal data within 30 days, with a few exceptions:
- Data we're required to retain by law (for example, certain financial records related to subscriptions)
- Data that has been incorporated into shared catalog content (canonical pin photos, completed trade history seen by the other party) — this content remains but is no longer linked to your identity
- Backups, which roll over according to our standard retention schedule (typically 90 days)
Your Choices and Rights
Access, correction, deletion
You can view, edit, and delete most of your data directly in the app. For a complete copy of your data, or to request deletion outside the app, email us at privacy@dataforgesystems.io. We'll respond within 30 days.
Account deletion
You can delete your account at any time from Settings → Account → Delete Account in the app. This removes your data per the retention policy above.
Privacy settings
You control who can see your collection, your wishlist, and your trade-ready listings — public, friends-only, or private. These settings are in the app under Settings → Privacy.
Communications
Account-related emails (security alerts, important changes) are not optional. Marketing emails (if any) include an unsubscribe link.
Regional Rights
If you're in the European Economic Area, United Kingdom, or Switzerland
You have rights under the General Data Protection Regulation (GDPR) and similar laws, including the rights to access, rectify, erase, restrict processing of, and port your personal data, and to object to processing. The legal basis for our processing is performance of our contract with you (running the app you signed up for), our legitimate interests (security, fraud prevention, improving the service), and consent where applicable. To exercise your rights, contact privacy@dataforgesystems.io.
If you're a California resident
You have rights under the California Consumer Privacy Act (CCPA / CPRA), including the rights to know, delete, correct, and opt out of "sales" or "sharing" of your personal information. We don't sell or share your personal information for cross-context behavioral advertising.
Security
We use industry-standard security practices to protect your data — encryption in transit (HTTPS/TLS), encryption at rest where supported by our infrastructure, role-based access controls on our backend, and the principle of least privilege for our team's access to data.
No system is perfectly secure. If we discover a security incident affecting your data, we'll notify you and applicable authorities as required by law.
Children
PinVault is not directed at children under 13. We don't knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@dataforgesystems.io and we'll delete it.
For users between 13 and 18, parental supervision is encouraged, and certain features (like trades involving payment) may be restricted by Apple's Family Sharing settings.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last Updated" date at the top and provide additional notice through the app or by email at least 30 days before the changes take effect.
Contact
For privacy questions or to exercise your rights:
Email: privacy@dataforgesystems.io
For other questions:
Email: support@dataforgesystems.io
Mailing address:
DataForge Systems LLC
Huntsville, Alabama, USA
This Privacy Policy is governed by the laws of the State of Alabama, United States.