Privacy Policy

Last updated: June 24, 2026

This policy explains what data the pagepin.ai managed instance collects, how we use it, and what we receive when you sign in with Google or GitHub. It covers the hosted console at app.pagepin.ai, the content domain pagepin.page, the marketing site pagepin.ai, and the API.

pagepin is also free, open-source software (Apache-2.0) you can run yourself. This policy applies only to the instance we operate. If you self-host, you are the data controller for your deployment and this policy does not apply to it.

1. Information we collect

Account & identity. When you create an account we store a stable account identifier and, optionally, a display name. If you sign in with email and password, we store your email address and a salted hash of your password — never the password itself. If you sign in with Google or GitHub, we store the identity described in section 2.
Content you deploy. The files you upload, their version history, and the review comments left on your pages — stored so we can host and serve them and run the review-comment overlay.
Operational & security data. To secure the service and investigate abuse, deploy actions are logged with the requesting account, client IP address, user agent, and timestamps. We keep basic request logs for the same purposes.
Cookies. We use strictly-necessary cookies only: signed session/authentication cookies (pp_session, pp_csrf, pp_view) and a short-lived sign-in state cookie (pp_oauth). We do not use advertising cookies or third-party analytics, and the marketing site loads no third-party tracking scripts.

2. Signing in with Google or GitHub

When you choose "Continue with Google" or "Continue with GitHub", the provider authenticates you and returns a limited set of profile information. We request the minimum needed to sign you in:

Google — scopes openid, email, profile. We receive your Google account ID, name, and verified email address.
GitHub — scopes read:user, user:email. We receive your GitHub account ID, name (or username), and your primary verified email address.

We use this only to create and identify your pagepin account. We store the provider account ID, your name, and your email address. We never receive your provider password. We do not post or act on your behalf, access your repositories, files, or contacts, or use this data for advertising. You can revoke pagepin's access at any time from your Google or GitHub account settings.

pagepin's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

3. How we use your information

We use the data above to operate and provide the service, authenticate you and keep your account secure, host and serve the content you deploy, run the review-comment feature, prevent and investigate abuse, and comply with our legal obligations. We do not sell your personal data, and we do not use it to build advertising profiles.

4. How information is shared

We share data only as needed to run the service:

Infrastructure providers. The managed instance runs on Cloudflare (compute, database, object storage, and CDN). Your account data and deployed content are processed and stored on their network on our behalf.
Your published content. Anything you deploy is served to viewers according to your sharing settings — public pages are accessible to anyone with the link, and private pages to signed-in viewers you allow.
Legal & safety. We may disclose information when required by law, or where we reasonably believe it is necessary to enforce our terms, prevent abuse, or protect the service, our users, or the public.

5. Data retention & deletion

We keep account data while your account is active. Security and abuse logs are retained only as long as needed for security, abuse handling, and legal compliance. When you delete a site, its stored files are purged on a best-effort basis. To delete your account and the personal data associated with it, contact us at legal@pagepin.ai.

6. Your choices and rights

You can request access to, correction of, export of, or deletion of your personal data by emailing legal@pagepin.ai. Depending on where you live, you may have additional rights under local law. You can also revoke social sign-in access directly from your Google or GitHub account settings at any time.

7. Security

Sessions are stateless, signed tokens stored in httpOnly cookies; API tokens are stored hashed, never in plaintext; and all content is served over HTTPS. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work to protect your data and limit what we collect.

8. International transfers

Our infrastructure provider operates a global network, so your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

9. Children

The service is not directed to children, and accounts on the managed instance are invite-only. We do not knowingly collect personal data from anyone under 16 (or the minimum age of digital consent in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be reflected by the "last updated" date above; continued use after a change means you accept it.

11. Contact

Privacy questions: legal@pagepin.ai. To report abuse or infringing content, see Report abuse or email abuse@pagepin.ai.