HiddenMRRLogin

Legal

Privacy Policy

Last updated: March 17, 2026

1. Who We Are

HiddenMRR is a product operated by Pintayo Studio(“we”, “us”, “our”). We provide an AI-powered platform that analyses GitHub repositories to surface B2B SaaS monetisation opportunities. Our website is https://www.hiddenmrr.com. For any privacy-related questions please contact us at support@pintayo.com.

2. Data We Collect

We only collect what is strictly necessary to provide the service.

Account data

Name, email address, GitHub username, and profile avatar. Provided by GitHub during OAuth sign-in.

Repository metadata

Repository names, descriptions, README content, and package.json files you explicitly select for analysis. We do not clone, copy, or persistently store your source code.

Payment data

Order ID and payment status provided by our payment processor Lemon Squeezy. We never see or store your card details.

Usage data

Pages visited, features used, and error logs — collected to improve reliability.

Session cookies

Secure, HTTP-only session cookies managed by NextAuth.js to keep you signed in. No third-party advertising cookies are used.

3. Your OpenAI API Key (BYOK)

HiddenMRR operates a Bring Your Own Key model. Your OpenAI API key is submitted directly from your browser for the duration of an analysis session and is never written to our database. It exists in server memory only for the time required to complete a request, after which it is discarded. You retain full control and can revoke the key from your OpenAI account at any time.

4. How We Use Your Data

  • To authenticate you via GitHub OAuth and maintain your session.
  • To perform AI analysis of the repositories you select.
  • To verify payment status and gate access to paid features.
  • To send transactional emails (receipt, account notifications) — no marketing emails without explicit consent.
  • To diagnose errors and improve service reliability.

We do not sell, rent, or broker your personal data to any third party.

5. Third-Party Services

GitHub (OAuth)

Authentication and repository metadata access.

Supabase

Secure database storage of account and payment status.

Lemon Squeezy

Payment processing. Operates as Merchant of Record.

OpenAI

AI analysis using your own API key. Subject to your OpenAI account terms.

Vercel

Hosting and edge infrastructure.

6. Data Retention

Account data is retained for as long as your account is active. If you request deletion, we will permanently erase your personal data from our systems within 30 days, except where we are legally obliged to retain certain records (e.g. payment records for tax purposes, typically 7 years).

7. Your Rights

Depending on your location you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your account and associated data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection / Restriction — object to or restrict certain processing activities.
  • Withdraw consent — at any time, where processing is based on consent.

To exercise any right, email support@pintayo.com. We will respond within 30 days. EU/UK residents may also lodge a complaint with their local data protection authority.

8. California Residents (CCPA)

California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact support@pintayo.com.

9. Cookies

We use only essential cookies required for authentication and security. We do not use advertising, tracking, or analytics cookies. You can disable cookies in your browser settings, but this will prevent you from signing in.

10. Security

All data in transit is encrypted via TLS. Database records are encrypted at rest via Supabase. We follow industry-standard security practices including least-privilege access controls and regular dependency audits.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email or via an in-app notice. The “Last updated” date at the top of this page always reflects the current version.

12. Contact

For any questions about this Privacy Policy, contact Pintayo Studio at support@pintayo.com.

← Back to HiddenMRR