Pinkflow
Privacy Policy
Last updated: 2026-07-07
This Policy was last updated on 2026-07-07.
1. Who we are and how to reach us
Pinkflow, operated by [Your Full Legal Name], an individual based in Israel is the controller responsible for your personal data under applicable data protection law, including the Israeli Privacy Protection Law and the EU General Data Protection Regulation (GDPR) where it applies to you.
Email: hello@pinkflow.ai. Location: Tel Aviv, Israel.
2. What we collect
- Account data: your email address and a hashed password. We never see or store your password in plain text.
- Service usage: the prompts you submit, the names you save, and your generation history.
- Payment data: handled entirely by Paddle, our merchant of record / authorized reseller. We receive confirmation of a successful purchase, but we never receive or store your card number or full payment details.
- Security logs: IP address and browser user-agent, used only for abuse prevention and security investigations.
3. Why we use your data (legal bases)
- To provide and improve the service — performance of a contract with you.
- To process payments — performance of a contract, via Paddle.
- To prevent fraud and abuse — our legitimate interests in protecting the service and other users.
- To send essential account and billing emails — performance of a contract or our legitimate interests.
4. Providing data is required
An email address is required to create an account, and you cannot use Namescape without one. Some features (such as saved names and history) require usage data; if you do not want us to hold that data, do not use those features or request deletion (see Section 10).
5. Third parties we share with
We share data with these categories of subprocessors:
- Paddle — merchant of record / authorized reseller for payments. Paddle receives your payment and contact details necessary to complete a purchase.
- Hosting provider — where the service runs and your account data is stored.
- Authentication provider — for sign-in and session management (where you use OAuth, e.g. Google or Microsoft).
- Email delivery — to send account and billing emails.
- Domain availability and pricing sources — public registries and registrar directories we query to produce suggestions and price guidance. We send only the domain names being looked up, not your account data.
- Generation provider — the service we use to draft name suggestions from your prompt. We send only your prompt text, not your account data.
We do not use advertising trackers, advertising networks, or third-party analytics on your browsing.
6. International transfers
Your data is processed in Israel. The European Commission has recognized Israel as providing an adequate level of data protection, which permits personal data to flow from the EU to Israel without additional transfer safeguards. Where data is processed by a subprocessor outside Israel or the EU, we rely on standard contractual clauses or equivalent safeguards required by applicable law. Note: even with an adequacy decision, GDPR notice obligations still apply to EU users, which is why this Policy discloses the information above.
7. Cookies and local storage
We use only a session identifier (cookie or local storage) to keep you signed in. We do not use tracking cookies, advertising cookies, or analytics cookies. We do not run third-party analytics or tag managers on this site or inside Namescape.
8. How long we keep your data
- Account data: while your account is active, plus 30 days after you delete it (to allow recovery and to finalize pending billing).
- Usage data: same as account data, unless you delete specific items earlier.
- Transaction records: retained as required by applicable tax and accounting law (typically several years).
- Security logs: up to 90 days.
9. Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects about you. We do not profile you. Name suggestions are generated based on the prompt you submit, not on personal characteristics.
10. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data and your account.
- Port your data to another service.
- Object to or restrict certain processing.
- Withdraw consent where we rely on it.
To exercise any of these rights, email hello@pinkflow.ai. If you are in the EU/EEA, UK, or another jurisdiction with a data protection authority, you also have the right to lodge a complaint with your local supervisory authority.
11. Children
The service is not intended for children under 16. We do not knowingly collect data from anyone under 16.
12. Changes to this Policy
We may update this Policy from time to time. We will revise the "Last updated" date above and notify you of material changes.
13. Contact
Questions about your data? Email hello@pinkflow.ai or use the contact page.