Peggy the Pinduin penguin Pinduin

Privacy Policy

Last updated: June 2026.

Your privacy matters to Pinduin. This policy explains what we collect, how we use it, how our AI handles your content, and the choices you have. It applies to the Pinduin app and website, operated by Insitderp Consulting ("Pinduin", "we", "us").

Private by default

Pinduin is built around a clear line between what's yours and what's shared:

  • Your journal entries are encrypted at rest and visible only to you.
  • Your GSD marks, goals, and private notes are personal to your account.
  • Nothing you write becomes public automatically. Content is shared only when you post it to a board, share an entry with a contact or huddle, or take another explicit, opt‑in action — and shares can be revoked at any time.

What we collect

  • Account information — your name, email address, and optional profile details (username, timezone, bio, school, sport). If you sign in with Google or Facebook, we receive basic profile information from them to create or link your account. We support passkeys and two‑factor authentication for stronger security.
  • Content you create — journals, goals, posts, comments, and messages.
  • Usage and technical data — basic log information such as IP address and device/browser details, used to operate and secure the Service.

How we use your information

We use your information to provide and personalize the Service, power its AI features, keep accounts secure, respond to support requests, and send you essential account and notification emails.

How AI handles your content — the two lanes

Pinduin is AI‑first, so we run AI in two separate lanes to keep personal content protected:

  • Private lane — powers Peggy, reflections, insights, prompts, and "ask your journal." This lane is designed to handle your personal entries with privacy as the priority. As we roll out local AI, this lane runs on a model hosted by us so personal content does not leave our environment.
  • Public lane — powers community features and Buddy, your support guide. It works only with public content (public boards and the Help Center). Personal‑content actions that use this lane are always opt‑in.

During our beta, where a local model isn't yet available, private‑lane features may run on trusted third‑party AI providers (such as Google, OpenAI, or Anthropic) to generate responses. We surface this so you can decide what you're comfortable sharing. Buddy always runs on the public lane and only ever reads the public Help Center — never your journals.

How we protect your information

We use a combination of technical and organizational safeguards, including encryption of journal content at rest and secure authentication (passwords, social sign‑in, passkeys, and two‑factor authentication). No method of storage or transmission is 100% secure, but we work to protect your information.

Cookies

Pinduin uses cookies and similar technologies for essential purposes:

  • Session and authentication cookies keep you signed in and keep your account secure (including CSRF protection). These are required for the app to work.
  • We may use limited analytics to understand and improve how the Service is used.

Most browsers let you refuse or delete cookies in their settings, but blocking essential cookies will prevent you from signing in and using Pinduin. We'll update this section if we add new categories of cookies.

Sharing with third parties

We don't sell your personal information. We share it only with service providers who help us operate Pinduin (for example, hosting, email delivery, and the AI providers described above), and only as needed to provide the Service. We may disclose information if required by law or to protect the rights and safety of our users and the Service.

Data retention

We keep your account and content for as long as your account is active. Technical logs are retained for a limited period for security and troubleshooting. When you delete your account, we remove your account and content (some information may persist briefly in backups before being purged).

Children's privacy

Pinduin is intended for users 13 and older. We don't knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we'll address it.

Your choices and rights

  • Access and update your profile in Settings → Profile.
  • Manage security (password, passkeys, two‑factor) in Settings → Security.
  • Stop sharing any entry, board post, or share at any time.
  • Delete your account and content in Settings → Security → Delete account, or email [email protected] from your registered address with the subject "Delete my account."

Changes to this policy

We may update this policy from time to time. We'll post the new version here and revise the date above.

Contact

Questions about your privacy? Email us at [email protected].

Ready to get stuff done? Create your account or log in.