Privacy Policy

1. Scope

This Policy describes how we process personal data when you use Pigeon, visit pigeon.grim-digital.com, or contact us. "Personal data" means information relating to an identified or identifiable person.

2. Data we collect

We may collect:

• Account data: name, email address, password hash, organization or project names, and billing identifiers provided at registration or checkout.
• Usage data: IP address, device and browser type, pages viewed, approximate timestamps, and diagnostic logs for security and reliability.
• Subscriber data you upload: email addresses and optional fields (e.g., name, tags) for contacts on your mailing lists.
• Support communications: content of emails or tickets you send us.

3. How we use data

We use personal data to provide and improve Pigeon, authenticate users, process payments, send service messages, detect abuse, comply with law, and analyze product usage in aggregate. We do not sell personal data.

4. Email delivery infrastructure

To send campaigns, content and recipient addresses are transmitted to vetted email delivery and hosting providers for processing and delivery. Those providers act as processors under our instructions. They also generate events (deliveries, bounces, complaints) that we store to maintain suppression lists and analytics.

5. Payments

Payments are processed by Paddle (or a successor processor noted at checkout). We receive limited billing status from the processor rather than storing full card numbers on our servers. Our payment integration may be updated; this Policy will reference the current processor where material.

6. Retention

We retain account and billing records as needed to provide the service, meet legal obligations, and resolve disputes. Subscriber data remains until you delete it or close the project, subject to backups and legal holds. Logs may be retained for a shorter rolling period unless security investigations require longer retention.

7. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. EU/EEA/UK users have GDPR rights described further on our GDPR page. To exercise rights, email pigeon@grim-digital.com. You may lodge a complaint with your local supervisory authority.

8. International transfers

We and our processors may process data in the EU, US, or other regions. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

9. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. No method of transmission is 100% secure.

10. Children

Pigeon is not directed at children under 16, and we do not knowingly collect their data.

11. Changes

We will post updates here and revise the effective date for material changes.

12. Contact

Privacy contact: pigeon@grim-digital.com · Nikola Milic PR Labart