PushPin Privacy Policy

Effective date: May 11, 2026
Operator: ALENT Technologies LLC ("ALENT", "we", "us", "our")
Service: PushPin (the web application at pushpin.alent.net and any associated mobile applications and infrastructure)

1. Overview

This Privacy Policy explains what personal information we collect through PushPin, how we use it, who we share it with, and the choices you have. By using PushPin you agree to the practices described here and to our Terms of Service.

If you do not agree, do not use PushPin.

2. Who we are

PushPin is operated by ALENT Technologies LLC, a limited-liability company. Contact us at support@alent.net. For privacy-specific questions, use subject line beginning "Privacy Request".

3. Information we collect

3.1 Account information

Email address (required), display name (optional), password (only stored as a one-way bcrypt hash — we never see the plaintext), and account timestamps. If you sign in with Google or Facebook, we receive your email address and display name from that provider.

3.2 Content you upload

Photos, videos, locations, dates, ratings, comments, "nearby activity" links, slugs, and any other material you create — collectively, "Your Content".

We do not scan, analyze, or use Your Content to train artificial-intelligence models. We do not sell or rent Your Content. We do not display Your Content to other users except when you share a public pin URL or program an NFC tag with it.

3.2a Guest contributions

If a pin owner enables guest contributions, visitors to that pin's public page may submit photos and an optional name and note. Submissions are held for the owner's review and only become part of the pin if the owner approves them. By submitting, a contributor grants the same license described in our Terms and confirms they have the right to share the content. Don't submit anything you don't want the pin owner to keep.

3.3 Payment information

Payment is processed by Stripe, Inc. ALENT never sees your full card number, CVV, or any complete payment credential. We store only Stripe-issued identifiers (customer ID, subscription ID, status, period end). See Stripe's privacy policy for their handling.

3.4 Usage and technical data

Standard server logs (IP address, browser, OS, request times, referring URLs), basic crash diagnostics from the mobile apps, and your stored-byte count for quota enforcement.

Pin view analytics. When someone taps an NFC tag or opens a public pin link, we record a coarse, aggregate view event consisting only of the pin, a timestamp, and the viewer's country (derived from network metadata). We do not store the viewer's IP address or any identifier in these analytics, and we do not use them to track or profile visitors. The pin's owner can see the resulting aggregate counts.

3.5 Cookies

We use cookies for authentication, pin-unlock state, and CSRF protection. We do not use cookies for behavioral advertising or for tracking you across other websites. Disabling cookies will prevent you from staying signed in.

3.6 Location data

Photos you upload may contain GPS coordinates in EXIF metadata — we extract these to plot photos on the map. We don't read your device's live location unless you click "Use my location", which fires the browser geolocation API once for that specific action.

3.7 NFC tag contents

We only write a single URL containing a short unguessable pin identifier. No personally identifiable information is written to NFC tags themselves.

4. How we use information

To: (a) provide the Service; (b) bill subscriptions through Stripe; (c) send transactional email (verification, password reset, billing notices, security alerts) — we do not send marketing email today; (d) secure the Service against abuse and fraud; (e) diagnose bugs and plan capacity; and (f) comply with law.

EU/UK users: our legal bases are performance of our contract with you, our legitimate interests in operating and securing the Service, legal obligations, and your consent where we ask for it specifically.

5. How we share information

We do not sell personal information. We share it only with:

  • Service providers — Vercel (hosting), Neon (database), Cloudflare (storage + CDN), Stripe (payments), Resend (email), Mapbox (maps), and optionally Google / Facebook if you sign in with them. Each is bound by their own privacy terms.
  • Public viewers of your pins — anyone you choose to share a pin URL with (or anyone who taps a programmed NFC tag) can see that pin's content unless you enable password protection.
  • Authorities — when required by subpoena, court order, applicable law, or to protect the rights, property, or safety of ALENT, our users, or the public.
  • A successor entity in the event of a merger, acquisition, financing, reorganization, or sale of assets.
  • Anyone you explicitly consent to.

6. Data security

HTTPS/TLS in transit; encryption at rest by our storage and database providers; bcrypt-hashed passwords (cost 12 for accounts, 10 for pin passwords); HMAC-signed cookies; least-privilege production access. No system is perfectly secure, and you are responsible for keeping your account password secret and notifying us if you suspect unauthorized access.

7. Data retention

Account data is kept while your account is active. After deletion, content is removed from active systems within a reasonable period and from backups on the regular rotation. Billing records are retained for typically 7 years for tax/audit purposes. Verification/reset tokens self-expire (24 hours and 1 hour respectively).

8. Your rights and choices

Within the Service

Access your content and account by signing in. Correct, delete, or export your data from the dashboard. Disconnect Google / Facebook via your account on those providers.

California (CCPA / CPRA)

Right to know, access, delete, and not be discriminated against. We do not sell or share personal information for advertising purposes. To exercise these rights, email support@alent.net with subject "Privacy Request — California".

EEA, UK, Switzerland (GDPR / UK GDPR)

Rights to access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and to lodge a complaint with your supervisory authority. Email with subject "Privacy Request — GDPR".

Other US states

Analogous rights apply in Virginia, Colorado, Connecticut, Utah, and similar jurisdictions — same email contact with subject indicating your state.

9. Children's privacy

PushPin is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18.

10. International data transfers

PushPin is operated from the United States. By using PushPin, you consent to your information being transferred to, stored in, and processed in the US (and possibly other jurisdictions through our service providers). Where required, we rely on Standard Contractual Clauses for EU/UK transfers.

11. Third-party links and content

PushPin contains links to third-party sites; we are not responsible for their privacy practices.

12. Changes

We may update this Privacy Policy. The Effective date will be updated and material changes communicated by email or in-app notice at least 30 days in advance. Continued use after a change constitutes acceptance.

13. Contact us

Email support@alent.net — subject "Privacy Request".


The full canonical text of this Privacy Policy is maintained in our repository as PRIVACY-POLICY.md. By using the Service, you confirm that you have read, understood, and agree to the practices described above.