Pinhour

Privacy Policy

Last updated: May 25, 2026

1. Data Controller

This Privacy Policy explains how personal data is processed on the pinhour.com platform ("Pinhour"). The platform is operated by Dekoratif Dokunuslar (sole proprietor, Türkiye), which acts as the data controller under applicable law (KVKK in Türkiye, GDPR for EU visitors). Contact: contact@pinhour.com

2. Data We Collect

There are two types of users; each has a different processing relationship with us:

2.1. Subscriber (venue operator)

  • Name, email, optional phone
  • Account password (hashed, only used for authentication)
  • Venue and room data
  • Billing data (via Paddle; we never see card numbers)
  • Usage logs (session, IP, browser type)

2.2. End customer (someone who makes a booking)

  • Name, email, phone, booking details (room, date, amount)
  • This data is controlled by the venue. Pinhour acts only as processor on the venue's behalf for these records.

3. Purposes of Processing

  • Providing the service, account auth, booking management
  • Subscription billing and payment tracking
  • Sending transactional emails (booking confirmation, reminders, invoices)
  • Fulfilling legal obligations
  • Service improvement (aggregated analytics with no personal data)

Pinhour does not sell or rent personal data to third parties for marketing.

4. Third-Party Processors

The following providers process data on our behalf to deliver the service:

  • Supabase (database and auth, EU region)
  • Vercel (application hosting, US region)
  • Paddle (Merchant of Record, billing, EU region)
  • Brevo (transactional email, EU region)
  • Cloudflare (DNS, email routing)

5. Retention

Data is retained while the account is active. After closure:

  • User data is kept in a recoverable state for 30 days, then permanently deleted.
  • Billing and accounting records are retained for 10 years to satisfy legal obligations.

6. Your Rights

Under KVKK / GDPR you may:

  • Request access to your data
  • Request correction of inaccurate or incomplete data
  • Request deletion under certain conditions
  • Object to processing
  • Request data portability (export of your data in a transferable format)

Send requests to contact@pinhour.com; we respond within 30 days.

7. Cookies

Pinhour only sets functional cookies (session, language preference). No third-party marketing or analytics cookies are used.

8. Security

All data in transit is encrypted with TLS. Database access is gated by Row-Level Security: each venue's data is only visible to its authorized users. Passwords are stored via one-way hashing.

9. Changes

Material changes to this policy are announced via email at least 30 days in advance.

10. Contact

Questions or data-subject requests: contact@pinhour.com