Privacy Policy
Last updated: July 9, 2026
1. Introduction & Our Role
WebPinch ("WebPinch", "we", "us", "our") provides a visual website feedback, bug-tracking, and site-auditing platform. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have. For your account and marketing data we act as the data controller (the Data Fiduciary under India's DPDP Act). For the projects, feedback, and screenshot content you and your team create inside WebPinch, we act as a data processor on your behalf — you or your organization remain the controller of that content.
2. Information We Collect
We collect: (a) Account data you provide — name, email, username, a hashed password, and organization details; (b) Usage and device data collected automatically — IP address, browser type and version, operating system, screen resolution, pages visited, and interaction logs; (c) Captured content — the feedback pins, comments, checklists, screenshots, screen recordings, page URLs, and DOM/element metadata you create, which may include the content of the web pages you review; (d) Guest data — when someone leaves feedback through a guest link without an account, we collect their feedback content and basic technical data; (e) Payment data — billing details and transaction identifiers handled by our payment providers (we do not store full card numbers); and (f) Integration data — information you authorize us to access when you connect Google, GitHub, Slack, or Jira.
3. How We Use Your Information & Legal Bases
We use your data to provide, maintain, secure, and improve WebPinch — including displaying feedback on your Kanban board, enabling collaboration, processing payments, sending service and account notifications, and preventing abuse. We do not sell your personal information. Where the GDPR applies, we rely on the following legal bases: performance of our contract with you, our legitimate interests (to secure and improve the service and prevent fraud), your consent (for optional communications and non-essential cookies), and compliance with legal obligations. Where India's DPDP Act applies, we process personal data on the basis of your consent or other legitimate uses permitted by the Act, and you may withdraw consent at any time.
4. Captured Content, Screenshots & the Website Proxy
WebPinch lets you pin feedback and capture screenshots on live, staging, and local websites, and can load sites through a secure proxy for in-app review — which may involve storing and replaying session cookies you provide so that authenticated pages render correctly. This captured content can include personal data belonging to you or to third parties that appears on the pages you review. You are responsible for ensuring you have the right to capture, review, and store that content and to use any credentials you supply to the proxy. We process this content only to provide the service to you and your team, and access is restricted to authorized members of your project or organization.
5. Sub-Processors & Service Providers
We use trusted third parties to operate WebPinch and share only the minimum data necessary. Our current sub-processors are: Vercel (application hosting); Amazon Web Services (file and screenshot storage, hosted in India); MongoDB Atlas (database); Razorpay (payment processing for India); Stripe (international payment processing); Zoho (transactional and notification email); and Google (sign-in / OAuth). Each is bound by its own privacy commitments and, where required, a data processing agreement. If we add or replace a sub-processor that handles personal data, we will update this list and, for business customers, provide reasonable prior notice and an opportunity to object.
6. International Data Transfers
Our servers and primary storage are located in India. If you access WebPinch from the European Economic Area, the United Kingdom, or elsewhere, your personal data will be transferred to and processed in India and in other countries where our sub-processors operate. Where such transfers are subject to the GDPR, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
7. Cookies & Tracking
We use cookies and similar technologies to keep you signed in, remember your preferences (such as theme), and understand how the service is used so we can improve it. Strictly necessary cookies are required for the service to function; you can control other cookies through your browser, though disabling them may affect functionality.
8. Data Retention
We retain your account and project data for as long as your account is active and as needed to provide the service. When you request account deletion, we will remove or de-identify your personal data within a reasonable period, except where we must retain certain information to comply with legal obligations, resolve disputes, enforce our agreements, or maintain security and backups for a limited time.
9. Your Privacy Rights
Depending on where you live, you may have the right to access, correct, update, or delete your personal data, to receive a copy of it (portability), to object to or restrict certain processing, and to withdraw consent. EEA/UK residents have these rights under the GDPR and may lodge a complaint with their supervisory authority. Residents of India have rights under the DPDP Act, including access, correction, erasure, grievance redressal, and the right to nominate. California residents have the right to know what personal information we collect, to request its deletion, and to opt out of any "sale" or "sharing" — and we do not sell or share personal information as those terms are defined by the CCPA. To exercise any right, contact us using the details below; we will respond within the timeframes required by applicable law.
10. Data Security
We protect your data with HTTPS/TLS in transit, encryption of stored credentials, access controls, and the principle of least privilege. Screenshots and feedback data are scoped to your projects and accessible only to authorized team members. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard measures.
11. Data Breach Notification
If we become aware of a personal data breach that is likely to affect you, we will notify the relevant supervisory authority and affected users without undue delay and in accordance with applicable law.
12. Children's Privacy
WebPinch is not intended for children. You must be at least 18 years old (or the age of majority in your jurisdiction) to create an account. We do not knowingly collect personal data from children; if you believe a child has provided us with personal data, please contact us and we will delete it.
13. Grievance Officer (India)
In accordance with India's Digital Personal Data Protection Act, you may contact our Grievance Officer for any data-protection concern or complaint through the contact page on our website. We will acknowledge and address grievances within the timelines prescribed by law.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the service. Your continued use of WebPinch after the changes take effect constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us through the contact page on our website.