Privacy Policy

Last updated: May 25, 2026

1. Who we are

Pin Magic is a WordPress plugin built by Daniel Hennessy. This privacy policy applies to:

• The Pin Magic WordPress plugin (the "Plugin")
• Pin Magic's pin copy service, which the Plugin calls (the "Service")
• This website at pinmagic.tech

If you have any questions about this policy or want to exercise your rights below, email support@pinmagic.tech.

2. Information we collect

2.1 When you generate pin copy

When you click "create pin" or "generate copy" inside the Plugin, the Plugin sends the following from your WordPress site to our pin copy service:

• The title of the WordPress post you're creating a pin for
• A short summary of the post's content (typically the first few paragraphs)
• Recipe metadata if the post contains a recipe (ingredients list, total time, servings)
• The URL of the post
• Your anonymous Pin Magic install ID (a random UUID generated at install time — not linked to your name, email, or any personal identifier)
• Your current plan ("free" or "pro")

We do not send your name, email address, IP address, WordPress admin username, author name, or any personally identifying information. The install ID is the only identifier transmitted, and it cannot be used to identify you outside of our own usage counter.

2.2 When you connect Pinterest

When you click "Connect to Pinterest," you're sent to Pinterest to authorize the Plugin. Pinterest returns an access token to your WordPress site. The token is stored on your WordPress site only — never transmitted to us. We never see your Pinterest password or token.

2.3 When you publish a pin

When the Plugin publishes a pin, it sends the pin image, title, description, hashtags, and target Pinterest board directly to Pinterest's official API from your WordPress site. We are not involved in the publish step. Pinterest's privacy policy applies to this data; see policy.pinterest.com/en/privacy-policy.

2.4 Pinterest API data we never see

For clarity to Pinterest's app reviewers and users alike: all communication with Pinterest's API happens directly between your WordPress site and Pinterest's servers. Pin Magic's pin copy service does not proxy, intercept, log, or store any of the following:

• Your Pinterest access token or refresh token
• The list of your Pinterest boards, board names, or board IDs
• Your Pinterest profile information (username, follower count, email)
• Pinterest analytics data (impressions, saves, clicks)
• Other pins or content from your Pinterest account

The OAuth access token is stored exclusively in your WordPress site's database (in the wp_options table) and is only transmitted to Pinterest's API endpoints over HTTPS. We never share, sell, or otherwise transfer Pinterest data to any third party, and we do not use Pinterest data to train any model or build any aggregate dataset.

2.5 When you visit this website

We don't run analytics, ad pixels, third-party trackers, or session recording on pinmagic.tech. Standard web server logs (request URL, response code, timestamp, user-agent) may be retained by our hosting provider (Cloudflare) for operational purposes per their retention policy; these are not used by us for marketing or profiling.

3. How we use information

The data described in section 2.1 is used solely to generate pin copy and return it to your WordPress site. We do not:

• Use your content to train AI models
• Store your content after returning a response (Cloudflare doesn't retain prompt content; Google retains briefly per their standard processing terms but does not use Gemini API content for model training)
• Aggregate or analyze your content for marketing, research, or any secondary purpose
• Share, sell, or rent your content or install ID to any third party

The install ID is used only to enforce monthly usage caps (e.g., 5 free generations per month) and to log error rates in aggregate. It is not joined with any other dataset.

4. Third-party services (subprocessors)

Pin Magic's pin copy service runs on the following infrastructure:

• Cloudflare, Inc. — hosts the pin copy service (Cloudflare Workers) and provides DNS / CDN / TLS for this website. Cloudflare's privacy policy: cloudflare.com/privacypolicy. Cloudflare's standard Data Processing Addendum is available on request.
• Google LLC — provides the underlying language model that generates pin titles and descriptions (Google Gemini API). Per Google's terms for paid Gemini API use, content submitted via the API is not used to train Google's models and is not retained beyond the time required to return a response. Google's privacy policy: policies.google.com/privacy.

When you publish pins, Pinterest acts as a direct controller of the published content, not as our subprocessor. Pinterest's terms govern that relationship: policy.pinterest.com/en/privacy-policy.

5. Data stored on your WordPress site

The Plugin stores the following in custom WordPress database tables on your own server — we never receive a copy:

• Pin history: titles, descriptions, hashtags, image references, scheduled times, publish status, and any error messages for each pin you've created
• Error log: technical messages and timestamps from recent plugin activity (e.g., "Pinterest API returned 401 at 14:32:08 UTC")
• Settings: Pinterest OAuth tokens, your preferred template selections, scheduling preferences, anonymous install ID

Deleting the Plugin (not just deactivating) removes all of this data from your site. Deactivating keeps it intact in case you reactivate later.

6. Cookies and tracking

The Plugin does not set any cookies on visitors to your blog. The Plugin's WordPress admin UI uses standard WordPress admin cookies for authentication (managed by WordPress, not Pin Magic). This website (pinmagic.tech) sets no cookies and uses no client-side tracking.

7. International data transfers

Pin Magic operates from the United States. When you generate pin copy from anywhere in the world, your data is processed by Cloudflare's edge network (which may route through the nearest data center) and by Google's Gemini API (US-based). Both Cloudflare and Google offer Standard Contractual Clauses for international transfers; these are referenced in their respective DPAs linked above.

8. Children's privacy

Pin Magic is a tool for content creators and is not directed at children. We do not knowingly collect information from anyone under the age of 13 (or the applicable age of digital consent in your jurisdiction). If you believe a child has interacted with our service, please contact support@pinmagic.tech and we'll investigate.

9. Your rights

Because Pin Magic stores all user data on your own WordPress site (not on our servers), you have direct, complete control:

• Access: every piece of data Pin Magic stores about you is visible in your WordPress database. The Plugin's diagnostic export (Settings → "Get help" → "Copy diagnostic info") gives you a plain-text snapshot.
• Deletion: deleting the Plugin from your WordPress site removes all stored data immediately.
• Portability: pin history is stored in standard WordPress database tables; you can export via any database tool or backup plugin.
• Reset your anonymous install ID: this happens automatically when you delete and reinstall the Plugin.

For GDPR / CCPA requests specifically related to data processed by our subprocessors (Cloudflare, Google, Pinterest), please contact them directly using the links in section 4. We can assist; email support@pinmagic.tech.

10. Security

Pinterest tokens stored by the Plugin in your WordPress database benefit from WordPress's built-in protections; you should ensure your WordPress install is kept up to date and uses strong admin credentials. Our pin copy service uses HTTPS exclusively. The Gemini API key powering the pin copy service is held as an encrypted Cloudflare Worker secret and is not transmitted to any client.

11. Changes to this policy

If we change this policy, we'll update the "Last updated" date at the top. For material changes (e.g., adding a new subprocessor or a new category of data collected), we'll also note the change in the Pin Magic admin dashboard so existing users are aware before the change takes effect for them.

12. Contact

For any privacy questions, requests, or concerns, email support@pinmagic.tech. We reply within a couple of business days.