Back to home

Privacy Policy

Last updated: April 22, 2026

1. Information We Collect

We collect information you provide directly: name, email address, password (hashed), and payment information (processed by Stripe). During onboarding we also collect optional commercial profile data — your professional segment (coordinator, venue, corporate, association), estimated event volume per year, typical event size, current tool you use, and country — to personalize your experience and our communications. Every time you grant or revoke a consent (Terms, Privacy, marketing, cookies, DPA) we log the document version, timestamp, IP address, and browser user-agent as auditable evidence under GDPR Article 7. We also collect usage data including pages visited, features used, and device information.

2. Guest Data

Event organizers upload guest information including names, table assignments, contact details, dietary preferences, and payment status. This data is stored securely and only accessible to the event organizer and their authorized staff.

3. How We Use Your Information

We use your information to: provide and maintain the service, process payments, send important notifications about your account, improve our product, and generate anonymized analytics.

4. Data Sharing

We do not sell your personal data. We share data only with: Stripe (payment processing), Supabase (database hosting), Vercel (application hosting), and as required by law.

5. Data Retention

Account data is retained while your account is active. Event and guest data is automatically deleted 90 days after the event date unless you request earlier deletion. You can export your data at any time.

6. Cookies & Tracking

We use the following categories of cookies: Essential cookies (authentication session via NextAuth, CSRF protection, locale preference) are required for GuestOS to function and cannot be disabled. Analytics cookies (Google Analytics) help us understand how you use the platform — these are only loaded with your consent. Marketing cookies (Meta Pixel) are used for ad measurement and remarketing — these are only loaded with your consent. You can manage your cookie preferences at any time through the 'Manage Cookies' link in our footer. When you choose 'Essential Only', we do not load Google Analytics or Meta Pixel scripts.

7. Your Rights

You have the right to: access your personal data, correct inaccurate data, export your data in a portable format (JSON), opt out of non-essential communications, and request account deletion. Deletion is managed from Settings → Account and requires email confirmation (token expires in 60 minutes); after confirmation we apply a 30-day grace period during which you can cancel the request, and at the end of the period we proceed with permanent erasure under GDPR Article 17. BUSINESS and ENTERPRISE customers may additionally sign a Data Processing Agreement (DPA) by emailing hola@pintado.ai.

8. Google Sign-In

GuestOS offers sign-in with Google as an authentication option. When you use Google Sign-In, we receive your name, email address, and profile picture from Google. This information is used solely to create and manage your GuestOS account. We do not use Google user data for advertising or share it with third parties beyond what is disclosed in this policy. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

9. Contact

For privacy-related questions, contact us at hola@pintado.ai