Privacy Policy
Welcome to My Joy Pin! This Web3 service forms part of the decentralized internet, encompassing the https://myjoypin.com website, the Pinning Service, and related applications (collectively referred to as the “Service”).
This Privacy Policy explains how personal data is collected, stored, used, disclosed, and managed when you engage with the My Joy Pin website, the Pinning Service, and all related tools, software, APIs, and other features offered by MYJOYPIN. It applies to any website, app, or service that references this Privacy Policy.
By accessing our Service, you consent to the collection and use of your information as described in this Privacy Policy. Any personal data we collect is used exclusively to improve and deliver the Service. We will not share your information beyond the provisions outlined in this document.
Unless stated otherwise within this Privacy Policy, all terms have the same meaning as defined in our Terms and Conditions.
Information We Collect and Why
While using our Service, you may be asked to provide certain personally identifiable information, which we use for purposes such as:
- Identifying and contacting you.
- Granting you access to the Service.
- Restoring lost access to your account.
- Managing your subscriptions.
- Providing user support.
- Delivering updates, notifications, and other relevant information.
- Enhancing security measures, including fraud prevention.
Obtaining Consent: Your explicit consent is required before we store or use your personal information for the first time. This consent is collected through checkboxes in the registration process or via a notification dialog box.
What We Retain: To ensure transparency, here is an overview of the data we collect and how we use it:
Account Information: Essential for operating your My Joy Pin account and accessing the Service.
Name/Username: May be your real name, a pseudonym, or left blank. It is used to address you and display your identity to other members. It is publicly visible.
Email: Used as your login identifier, for restoring account access, for support communication, to confirm specific actions performed within your account, and for sending notifications or updates. Emails are securely encrypted using AES-256 standard and accessed only by you and authorized support staff. You may choose to opt out of receiving promotional communications from us at any time.
Email hash: The Service may create and use a Decentralized Identity (DID) by hashing your email. Although this hash cannot reveal your actual email address, it may still be linked to your email to verify your identity. Whenever an operation does not require sending to an email address, the email hash is preferably used instead of the actual email.
DID (Decentralized Identity): Serves as your unique identifier for secure operations, including login, data updates, and transaction approvals. DIDs are also used for validating your electronic signature. Keep in mind that every time you sign a document, token, transaction, or confirmation, your DID is shared with the recipient alongside your digital signature. This DID acts as evidence of your online identity and plays a crucial role in verifying your digital signature.
Password: Used exclusively to verify your login credentials and cannot be accessed or seen by anyone. It is securely stored as a hashed and salted value, utilizing the cryptographic key derivation function (“scrypt”) encryption method. This ensures the data remains both protected and unrecoverable.
Profile Picture Link/Avatar: This is an URL to an image used to personalize your account. By default, images are pulled from services like Gravatar or your social network account, and the links are publicly visible.
Public Key: Associated with your DID, it serves to validate the authenticity of your digital signature whenever you sign confirmations, documents, tokens or transactions.
Subscription Data: When you subscribe or make a payment, we collect your real name, billing address, and payment verification data. This data is protected using AES-256 encryption, ensuring that only you and authorized support personnel have access to it. My Joy Pin may decrypt this information strictly to manage tasks such as subscription renewals and payments, including conducting secure data exchanges with authorized payment gateways. Please note that we only receive payment verification details and do not collect any other payment-related information. This personal data is processed exclusively for contractual purposes.
Transactional Data: Information about your purchases, including subscription type, payment details, price, and transaction date.
Communication History: When you communicate with MYJOYPIN via email or the Website, we gather personal data tied to your correspondence along with any additional information you voluntarily provide. This data is processed to fulfill contractual obligations and offer support. Our email service utilizes Microsoft 365 provided by GoDaddy, a secure cloud-based solution, ensuring the safety of our correspondence through its robust security protocols. You can learn more about data policies on GoDaddy - Global Privacy Notice and Microsoft Privacy Statement.
We use Brevo to send notification emails from our servers. You can consult their Privacy Policy Personal Data Protection for details.
Cookies: We use cookies and similar technologies to enhance your experience, analyze website traffic, and enable certain functionalities. These include:
Our Own Cookies: We use a first-party cookie to remember the user access key in some scenarios, when no other ways to authorize the user are possible.
Local Storage: Certain information may be stored locally on your device to provide seamless access, enhance usability, and maintain session continuity. These data are kept only during your active session on the Website and are automatically erased when you log off, or are kept based on your choices in the consent dialog and the “Remember Me” option.
Consentmanager: To manage user preferences regarding data collection, we use a consent management tool. This ensures compliance with applicable privacy laws and allows users to adjust their consent settings at any time. You can learn more about Consentmanager’s data policies here.
Google Authentication: When you sign in using Google, authentication cookies are used to secure the login process and maintain session integrity. You can learn more about Google’s data policies here.
Google Analytics: We use cookies provided by Google Analytics to track and analyze user interactions, helping us improve our services. You can learn more about Google’s data policies here.
Cloudflare CDN: Some JavaScript libraries, used on our Website, may be loaded from Cloudflare CDN. Cloudflare uses cookies to collect analytical data of their network usage. Privacy Policy.
You can manage your cookie preferences via your browser settings or through our consent manager at any time. Please note that disabling some cookies may impact the functionality of our website. Detailed description of used cookies is available in the Use of Cookies and Local Storage section below.
Log Data: Information such as timestamp, session ID, User ID, and IP address is gathered to ensure the security of the Service, safeguard user access, and prevent fraudulent activities. Additionally, changes made to your account, space, and subscription - along with details like modified data and the time of updates - are logged. This information is utilized to uphold and enhance the safety and reliability of the Service.
Analytical Data. Information collected by Google Analytics. It includes, but not limited to, device and browser information, page views and clicks, IP, country and timestamp. You can learn more about Google’s data policies here.
Account, Subscription, Transactional and Log data are stored securely in the OVHcloud data center in Frankfurt, Germany (EU) and retained only for as long as necessary, as explained in the Data Retention section. You can learn more about OVHcloud’s data policy in OVHcloud personal data usage policy.
Communication History is stored on GoDaddy’s/Microsoft’s servers. Analytical Data is stored on Google’s servers. Cookies are stored in user’s browser.
Sensitive Information. We do not process sensitive information.
No Sale of Personal Data. We do not sell personal information under any circumstances. Furthermore, we do not transfer personal data to third parties for monetary or other consideration.
You can check the information we have about you by visiting your user profile page or downloading a copy of your personal data. Alternatively, you may request this information via email. We do not knowingly collect or track any additional personal information beyond what is specified above.
Summary
| Field | Visibility | Retention period | Description | Legal basis |
|---|---|---|---|---|
| User ID | public | Account lifetime + 14 days | Serves to identify the user accessing the server. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| Username | public | Account lifetime | Used to address you and display your identity to other members. | Art. 6 Para. 1(a) GDPR. Given consent. |
| internal | Account lifetime | Used to identify the user, to handle confirmations, to restore service access, and to send server notifications. | Art. 6 Para. 1(a) GDPR. Given consent. Art. 6 Para. 1(b) GDPR. Performance of a contract. | |
| Email hash | internal | Account lifetime + 14 days | Used to identify the user during email-based confirmations, including profile modifications or access restoration. | Art. 6 Para. 1(a) GDPR. Given consent. Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| DID | public | Account lifetime + 14 days | Used to identify the user, access server resources through authorization tokens, and verify cryptographic digital signatures. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| Public key | internal | Account lifetime | The cryptographic public key is used to verify digital signatures generated with the DID. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| Avatar | public | Account lifetime | Used to display the user’s profile picture on the site. | Art. 6 Para. 1(a) GDPR. Given consent. |
| Password hash | none | Account lifetime | Utilized exclusively to verify user’s login credentials. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| Registered IP | internal | 14 days | Utilized to prevent spam and fraudulent activities. | Art. 6 Para. 1(f) GDPR. Legitimate interests. |
| Session ID | internal | Active user session or 30 days | Used to support access token rotation. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| Session timestamp | internal | Active user session or 30 days | Used to support access token rotation. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
Use of Cookies and Local Storage
Cookies are small data files stored on your device, often used as unique anonymous identifiers. Local storage is a browser-based storage solution used for similar purposes.
We use local storage and cookies to store your access token, preferences, avatar link and username. As well cookies are used by Consentmanager, Google Authentication, Google Analytics and Cloudflare CDN. Some features require these elements to function and will request your permission before being activated. We recommend reviewing their respective privacy policies.
Cookies have an expiration time, after which they are removed by a browser automatically. The Local storage does not have such a functionality, so keys are stored there forever until removed manually or programmatically. We follow your choices and remove our keys if they are not selected for use. We try to cleanup third-party keys based on your choices too, but we do not warrant it is effective. We recommend reviewing vendors respective data policies.
Cookies summary
| Cookie | Initiator | Period | Description | Legal basis |
|---|---|---|---|---|
| key | MYJOYPIN | 1 hour | Functional cookie storing an user access token. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| __cmpcc, __cmpcccu*, __cmpcccx*, __cmpconsent*, __cmpconsentx*, __cmpiuid | Consentmanager | 1 month | Functional and tracking cookies storing Cookie banner settings and choices. | Art. 6 Para. 1(a) GDPR. Given consent. Art. 6 Para. 1(f) GDPR. Legitimate interests. |
| __Host-*, __Secure-*, ACCOUNT_CHOOSER, AEC, APISID, HSID, LSID, LSOLH, LSOLH, NID, OTZ, S, SAPISID, SEARCH_SAMESITE, SID, SIDCC, SIDCC, SMSV, SSID | Google Authentication | 6 months | Tracking cookies used by Google Authentication. | Art. 6 Para. 1(f) GDPR. Legitimate interests. |
| _ga, _ga_* | Google Analytics | 1 month | Tracking cookies used by Google Analytics. | Art. 6 Para. 1(f) GDPR. Legitimate interests. |
| _mkto_trk, cfz_google-analytics_v4, OptanonAlertBoxClosed, OptanonConsent | Cloudflare CDN | 1 month | Tracking cookies used by Cloudflare. | Art. 6 Para. 1(f) GDPR. Legitimate interests. |
Local storage summary
| Key | Initiator | Description | Legal basis |
|---|---|---|---|
| consent | MYJOYPIN | User consent choices. | Art. 6 Para. 1(b) GDPR. Performance of a contract. |
| theme | MYJOYPIN | Your theme selection | Art. 6 Para. 1(a) GDPR. Given consent. |
| user | MYJOYPIN | Your access token, user ID and username. | Art. 6 Para. 1(a) GDPR. Given consent. |
| rememberMe | MYJOYPIN | “Remember me” state. | Art. 6 Para. 1(a) GDPR. Given consent. |
| loginType | MYJOYPIN | Selected login type. | Art. 6 Para. 1(a) GDPR. Given consent. |
| sideMenuCollapsed | MYJOYPIN | Side menu state. | Art. 6 Para. 1(a) GDPR. Given consent. |
| theme-fit | MYJOYPIN | Fit content vertically. | Art. 6 Para. 1(a) GDPR. Given consent. |
| auto-play | MYJOYPIN | Auto play media files. | Art. 6 Para. 1(a) GDPR. Given consent. |
| explore-tab | MYJOYPIN | Selected “Explore IPFS” tab. | Art. 6 Para. 1(a) GDPR. Given consent. |
| files-pageSize | MYJOYPIN | File list page size. | Art. 6 Para. 1(a) GDPR. Given consent. |
| pins-pageSize | MYJOYPIN | Pin list page size. | Art. 6 Para. 1(a) GDPR. Given consent. |
| onboard.js:agreement | MYJOYPIN | Wallet onboard agreement. | Art. 6 Para. 1(a) GDPR. Given consent. |
| onboard.js:last_connected_wallet | MYJOYPIN | Last connected wallet. | Art. 6 Para. 1(a) GDPR. Given consent. |
| alreadyConnectedWallets | MYJOYPIN | Connected wallet(s). | Art. 6 Para. 1(a) GDPR. Given consent. |
| __cmpcccu*, __cmpconsent* | Consentmanager | Functional and tracking data storing Cookie banner settings and choices. | Art. 6 Para. 1(a) GDPR. Given consent. Art. 6 Para. 1(f) GDPR. Legitimate interests. |
Data Retention
Personal data is retained only as long as necessary for its intended purposes:
- Account Information: This data is retained throughout the active lifetime of your account and is permanently deleted upon account closure, either immediately or within 14 days following the closure.
- Subscription Data: These are retained throughout the duration of an active subscription and for the lifetime of the account if a subscription was held previously. You have the option to update or delete this information whenever you wish.
- Transactional Data: Retained for 10 years in accordance to tax laws to support audit requirements.
- Log Data: This data is stored for a period that ranges from a day to 2 months.
- Analytical Data: Retained from 2 to 14 months.
Legal Basis for Data Processing
We process personal data based on:
- Your Consent: By continuing to use the Service, you confirm your consent and agreement as described in the Terms and Conditions. Furthermore, we request your explicit consent prior to registering for the Service or before your personal data is initially stored or utilized.
- Contractual Obligations: Processing necessary for subscription management, notifications, and support.
- Legitimate Interests: Ensuring network security, fraud prevention, and Service enhancements without infringing on your rights.
Disclosure of Personal Data. Personal information may be shared with courts, law enforcement agencies, or government authorities under the following circumstances:
To fulfill legal requirements and obligations.
To comply with legal processes and resolve claims made against MYJOYPIN.
To address verified requests relating to criminal investigations, alleged unlawful activities, or other matters that may create legal liabilities for you or other users.
To implement and uphold our Terms and Conditions along with other user agreements.
To safeguard the rights, assets, or personal safety of MYJOYPIN, its subsidiaries, affiliates, successors, assigns, employees, representatives, directors, officers, and shareholders.
Your Rights Under GDPR
You are entitled to the following rights concerning your personal data:
Right to Access: You may request a copy of the personal data we have about you and understand how it is being processed.
Right to Rectification: If your personal data is incorrect or incomplete, you can request its correction or update.
Right to Erasure (Right to be Forgotten): You have the option to request the deletion of your personal data if it is no longer required for its original purpose or if you withdraw your consent.
Right to Restrict Processing: In specific circumstances, such as contesting the accuracy of your data or objecting to processing, you may request that we limit how your data is used.
Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller seamlessly.
Right to Object: If your data is processed based on legitimate interests or for direct marketing purposes, you have the right to object to such processing.
Right to Withdraw Consent: At any point, if you’ve given consent for the processing of your personal data, you retain the right to withdraw that consent.
Right to Lodge a Complaint: Should you feel your data protection rights have been infringed, you are entitled to lodge a complaint with the relevant supervisory authority.
To exercise any of these rights, kindly contact us at hello@myjoypin.com.
Service Providers
We may work with third-party companies or individuals to support our operations in the following ways:
To facilitate the delivery of our Service;
To perform the Service on our behalf;
To carry out tasks directly related to the Service; or
To help analyze and improve how the Service is utilized.
These third parties may have access to your Personal Information, but strictly limited to what is necessary for the tasks they are assigned on our behalf. All such parties are bound by confidentiality agreements and are explicitly prohibited from using or disclosing your data for any purposes beyond their designated responsibilities.
Links to Other Sites
Our Service may include links to external websites. By clicking on a third-party link, you will be redirected to their site. Please note that these external websites are not under our operation or control. We strongly encourage you to review the Privacy Policy of these sites, as we cannot take responsibility for their content, privacy practices, or any services they provide.
Public Network Notice
Your Content, Your Responsibility: Anything you upload, pin, or share belongs to you, not MYJOYPIN. We only host it at your direction. MYJOYPIN does not monitor or control your content, and you’re solely accountable for it.
Public Nature: The Service operates on a global, public network. Content uploaded may become publicly available and widely distributed. Please avoid uploading sensitive or private information.
Content Removal Limitations: Once shared, it might be impossible to fully remove content from the network, as others outside MYJOYPIN’s control may have already republished it.
Data Safety Advice: If data security is important, consider encrypting your content before uploading. For better privacy, using a private IPFS network might be a better option.
Security and Data Breaches
We are committed to protecting your data through advanced security measures and deeply value the trust you place in us by sharing your Personal Information. Although we employ industry-standard protocols to secure your data, it’s important to recognize that no method of transmission over the internet or electronic storage can ensure absolute security. Consequently, we cannot guarantee the total safety of your information.
Should a data breach occur, we will notify you and the appropriate supervisory authorities within 72 hours, as mandated by the GDPR. To ensure timely communication, please make sure an email address is registered as a designated channel to receive such notifications.
Children’s Privacy
Our Service is not intended for individuals under 16 years of age. Any identified data from minors will be promptly deleted.
Contact Information
If you have any questions or concerns regarding this Privacy Policy or our data handling practices, feel free to reach out to us at hello@myjoypin.com.
Privacy Policy Updates
Our Privacy Policy may be updated from time to time. We encourage you to check this page regularly to stay informed about any changes. In case of an update, the revised Privacy Policy will be posted on the Website, and the “Last Modified” date below will be updated accordingly. For significant updates, registered users will be notified via their accounts and/or through a notice on the Website. The updated Privacy Policy will come into effect two (2) weeks after the “Last Modified” date.
By continuing to use the Service after the effective date of these updates, you agree to the revised Privacy Policy.
Last modified : June 11, 2025
Effective date: June 25, 2025