Privacy policy

Punchframe is operated by Innerpi(“we”, “us”). This Privacy Policy explains what information we collect when you use Punchframe, why we collect it, and the choices you have. Questions: hello@innerpi.com.

What we collect

Account information

When you sign in with Google, we receive your email address, display name, and Google account ID. We do not receive your Google password. We use this to identify your account and contact you about your subscription.

Photos and event data

When you or your guests upload photos to Punchframe, we store those photos in Google Cloud Storage (a Firebase service) so they can be framed and printed. Each event has an unlock window (typically the event start time through 18 hours after) controlling guest access. You can delete an event and its photos at any time from the event detail page.

Billing information

Paid subscriptions are processed by Stripe. We never see or store your full card number. Stripe sends us a customer ID, the plan you subscribed to, and your invoice history so we can manage your subscription.

Usage analytics

We use Firebase Analytics to record page views and basic interaction events. This data is aggregated and does not identify you personally. We do not use advertising trackers or third-party marketing pixels.

How we use your information

• To run the Punchframe service (storing and printing your photos)
• To bill you and send payment receipts
• To respond to support questions you send to hello@innerpi.com
• To detect abuse and keep the service running
• To improve features by understanding which parts of the app get used

We do not sell your personal information. We do not use your photos to train AI models or share them with third parties for any purpose other than delivering the service (e.g., storage with Firebase).

Who we share with

We share data only with the service providers we need to run Punchframe:

• Google / Firebase — authentication, database, file storage, analytics
• Stripe — payment processing
• Google Cloud Platform — hosting

We may disclose information if required by law or to protect the rights, property, or safety of Innerpi, our users, or the public.

How long we keep your data

• Account data is retained while your account is active.
• Event photos are retained while the event exists. When you delete an event, its photos are deleted within 30 days from Firebase Storage.
• Billing records are retained for as long as required by Canadian tax law (typically 7 years).
• You can request account deletion at any time by emailing us.

Your rights

Depending on where you live (GDPR for the EU, PIPEDA in Canada, CCPA in California, and similar regimes elsewhere), you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (subject to our retention obligations)
• Export your data in a portable format
• Object to or restrict certain processing

To exercise any of these rights, email hello@innerpi.com. We’ll respond within 30 days.

Security

Data is encrypted in transit (HTTPS) and at rest (Firebase default encryption). We use Google Sign-In so we never handle your password. Card data is handled entirely by Stripe, which is PCI-DSS Level 1 certified. See our security page for more detail.

Cookies

We use a small number of essential cookies (and similar browser storage) to keep you signed in and remember your preferences. We do not use advertising or cross-site tracking cookies.

Children

Punchframe is intended for businesses and is not directed at children under 13. If you believe we have inadvertently collected information from a child, contact us and we will delete it.

Changes to this policy

If we change this policy in a material way, we’ll notify active subscribers by email and post a notice in the app. The “last updated” date at the top will always reflect the current version.

Contact

Innerpi · hello@innerpi.com
For privacy-specific questions, please use the same email and include “Privacy” in the subject line.