Pinza

Privacy policy

Effective 2 July 2026 · Eleven Ways, Ghent, Belgium

The short version

Pinza is local-first. There is no account, no analytics, no telemetry, and no advertising. What you copy stays on your Mac. The few network connections the app can make are listed below — all of them, with what each one sends and how to turn it off.

Your copy history

Everything Pinza saves — URLs, file paths, titles — is stored only on your Mac, in an AES-256-encrypted SQLite database under ~/Library/Application Support/Pinza/. The encryption key is generated on first launch and stored in your macOS Keychain, marked device-only: it never syncs and is never included in backups. The Recently Deleted Bin can additionally require Touch ID.

What Pinza reads on your Mac

Every network connection Pinza can make

This table is exhaustive. "You control it" names the switch in Settings.

Connection What is sent When You control it
Update check (GitHub Pages) A standard web request for the update feed; GitHub sees your IP address. Daily, and when you choose Check for Updates Settings → About → updates toggle
Website favicons A request to each site already in your history, for its icon. Fetched directly from the site — never via a third-party service. Cached locally. When a URL appears in your recents Settings → Recents → Fetch website favicons
Rich preview images A request for artwork (album covers) to the source service's image server. When you hover an entry with artwork Settings → Recents → Fetch rich preview images
Music links (song.link) The public URL of the track you copied, sent to the Odesli (song.link) API to offer open-in-other-service links. No personal identifier. When you copy or hover a music entry No dedicated switch yet — avoided entirely by not using the music integrations
Podcast & book metadata (Apple) The public show, episode, or book identifier, sent to Apple's iTunes lookup API for titles and artwork. When you copy a Podcasts or Books item Podcasts: the rich-previews toggle. Books: no dedicated switch
YouTube channel avatars The public channel ID, to fetch the channel's avatar from YouTube. When a YouTube entry appears in recents Settings → Integrations → YouTube avatars
Link liveness check A minimal HEAD request to URLs in your history, to dim dead links. On hover — only if you enabled it Settings → Recents. Off by default
Google Drive (optional sign-in) OAuth tokens and file identifiers to Google's APIs, read-only, to copy Drive document contents. Google's privacy policy applies. Only after you sign in, on copy of a Drive document Settings → Integrations → sign out
Notion (optional sign-in) OAuth tokens and page identifiers to Notion's API, to export a page as Markdown. Notion's privacy policy applies. Only after you sign in, on copy of a Notion page Settings → Integrations → sign out
PDF download A request for the PDF you're copying, saved to your Downloads folder. Sent without your browser cookies. Only when you explicitly copy a PDF link Only fires on that explicit action
License activation (Gumroad) Your license key, sent to Gumroad's license API for verification. Gumroad is the merchant of record for purchases — your name, email, and payment details are handled by Gumroad under their privacy policy. When you activate, deactivate, or — at most weekly — silently re-verify a license Only applies to Pro purchases
Crash reports (Sentry) Crash stack traces and basic device info. Never clipboard contents, URLs, or paths; user identifiers are stripped before sending. Only if you opted in. Off by default Settings → About → Diagnostics

One nuance for completeness: when Pinza downloads a PDF that needs your browser session, it asks the browser itself to fetch the file — that traffic comes from your browser, with its cookies, not from Pinza.

What Pinza never does

Deleting your data

Delete the app and the folder ~/Library/Application Support/Pinza/. That's everything. The Keychain entries (database key, license) can be removed with Keychain Access.

Changes and contact

If this policy changes, the effective date above changes with it and the history is visible in the site's public repository. Questions: hello@pinza.app.