Skip to content
Pinnix
How it worksFor businessPricingFAQAbout
Brain dumpOnline timer5 minute timer10 minute timer15 minute timer30 minute timer1 hour timer
Sign inStart free
Pinnix
Start freeSign in
How it worksFor businessPricingFAQAboutFree toolsBrain dumpOnline timer5 minute timer10 minute timer15 minute timer30 minute timer1 hour timer
Legal

Privacy policy.

How Pinnix looks after your data. Written in plain English, and honest about the bits that matter.

Version 2.0Effective 5 July 2026Last updated 5 July 2026

Contents

  1. 1Who we are
  2. 2What we collect, and why
  3. 3Lawful bases, in short
  4. 4Special-category data (neurodiversity and health)
  5. 5Who we share data with
  6. 6Where your data is stored, and international transfers
  7. 7How long we keep it
  8. 8Your rights
  9. 9Cookies
  10. 10Children
  11. 11Security
  12. 12How we notify changes
  13. 13Contact and complaints
1

Who we are

Who controls your data, and how Team plans fit in.

Pinnix is a daily planner run by Pinnix Ltd, the data controller for the personal data described here. Our details are at the end of this policy. This policy covers your personal Pinnix account. If your employer provides Pinnix through a Team plan, our separate Data Processing Agreement also applies to your work data, but your private board and anything you record about your health stay covered by this policy and are never shared with your employer (see section 4).

2

What we collect, and why

Only what we need to run Pinnix.

We collect only what we need to run the service:

  • Your email address, so you can sign in and we can contact you about your account. Lawful basis: performance of our contract with you.
  • Your name, if you choose to give it. Lawful basis: contract.
  • The tasks, plans and brain dumps you create, because that is the product. Lawful basis: contract.
  • Usage signals, such as when you open the app and what you complete, so Pinnix can learn your focus patterns and improve. Lawful basis: our legitimate interest in running and improving the service, and, where you have chosen the features that rely on it, your consent.
  • Payment information, if you subscribe to a paid plan. Your card details are handled by our payment processor and are never seen or stored on our servers. Lawful basis: contract.

We do not collect anything we do not need, and we do not sell your data.

3

Lawful bases, in short

The legal grounds we rely on to process your data.

We rely on contract to run your account and deliver the service, legitimate interest to keep Pinnix secure and to improve it, consent for optional things such as marketing-site analytics cookies and any special-category data you choose to record, and legal obligation where the law requires us to keep certain records. You can withdraw consent at any time where consent is the basis.

4

Special-category data (neurodiversity and health)

Health data is optional, private to you, and consent-only.

4.1Pinnix lets you optionally record self-reported neurodiversity or health information, for example during onboarding, so the app can work better for you. Under UK GDPR this is special-category data and we treat it with particular care.

4.2We only ever record it with your explicit, separate consent, and only because you have chosen to give it. You do not have to.

4.3This information is private to you. It is held on your personal board and is never shown to an employer, a manager or anyone else, at any sharing setting, even on a Team plan. You can withdraw your consent and delete this data at any time.

5

Who we share data with

A few trusted providers, by category, never sold.

We use a small number of trusted providers to run the service. We share only what each one needs, and only to deliver Pinnix to you. We describe them by the job they do rather than by name.

  • Hosting, to store and run the application and your data.
  • Payment processing, to take subscription payments securely (they handle your card details, we do not).
  • AI task-breakdown, to break down and plan the tasks you ask it to. We send the title, description, labels and working-hours context of that task. We do not send your identity or your history, and the provider is contractually barred from retaining the text to train its models.
  • Transactional email, to send account and service emails.
  • Error monitoring, to spot and fix faults. Passwords, tokens, emails and IP addresses are stripped out before any error report leaves our systems.
  • Marketing-site analytics, on our public website only, and only if you accept cookies. This never runs in the signed-in app.

We do not sell your data or share it for anyone else’s advertising, beyond the optional marketing-site analytics you can decline. If we change or add a provider, we will update this policy, and Team customers receive advance notice under our Data Processing Agreement.

6

Where your data is stored, and international transfers

EU-hosted, with the AI task-breakdown processed in the US.

6.1Your Pinnix account data is stored on servers in the EU (Germany), which the UK recognises as providing an adequate level of protection. It is encrypted in transit and our backups are encrypted at rest.

6.2One important exception. The AI task-breakdown described in section 5 is processed by a provider in the United States. That means the task text you send for breakdown leaves the UK and EU.

6.3That transfer is protected by an appropriate UK safeguard: the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses. We keep a record of the mechanism we rely on, and a transfer risk assessment where one is required.

6.4We do not transfer your data anywhere else outside the UK or EU without a valid safeguard in place first.

7

How long we keep it

While your account is active, then deleted within 30 days.

We keep your data for as long as your account is active. If you close your account, we delete your personal data within 30 days, which also gives you a window to export anything you want to keep first. Routine encrypted backups are overwritten on their normal cycle and are not restored except for disaster recovery. Where the law requires us to keep certain records (for example, limited billing records for tax purposes), we keep only those, for only as long as required.

8

Your rights

Access, port, correct, delete, restrict, object.

Under UK GDPR you can:

  • Access a copy of the personal data we hold about you.
  • Port your tasks and plans, by exporting them in a standard format at any time.
  • Rectify anything that is wrong.
  • Erase your data by closing your account.
  • Restrict or object to certain processing, and withdraw consent where we rely on it.

To exercise any of these, email hello@pinnix.co.uk. We respond within one month, and usually much sooner. There is no charge for a reasonable request.

9

Cookies

Essential cookies to sign in, analytics only if you accept.

Pinnix uses essential cookies to keep you signed in. On our public website we also offer optional analytics cookies that load only if you accept them on the banner, and none of those run in the signed-in app. The full breakdown is in our cookie policy.

10

Children

Pinnix is for adults, 18 and over.

Pinnix is for adults. It is not intended for anyone under 18, and we do not knowingly collect data from children.

11

Security

How we protect your data.

We protect your data with measures appropriate to its sensitivity, including: EU data residency, TLS encryption in transit, GPG-encrypted backups on-host and off-site, per-user data isolation, bcrypt password hashing and enforced two-factor authentication for administrator accounts, an append-only admin audit trail, and error monitoring that strips out personal data before any report is sent. No system is perfectly secure, but we take this seriously and keep our measures under review.

12

How we notify changes

We email you before a material change.

If we make a material change to this policy, we will tell you by email and update the date and version at the top. Earlier versions are available on request.

13

Contact and complaints

How to reach us, and the ICO.

For any data request, complaint or question, email hello@pinnix.co.uk. If you are not happy with our response, you can complain to the UK Information Commissioner’s Office at ico.org.uk.

Pinnix Ltd, registered in England and Wales, company number 16150227. Registered office: c/o Kingswood, Sidings Court, Lakeside, Doncaster DN4 5NU.

Pinnix

The daily planner for brains that don’t run on autopilot.

© 2026 Pinnix. Built in the UK.

Product

How it worksFor businessADHD plannerBrain dumpFree focus timerPricingFAQSign in

Company

AboutContactPrivacyCookiesTerms
Pinnix Ltd, registered in England & Wales, Company No. 16150227.LinkedIn