Privacy Policy
Last updated: March 12, 2026
Pindrop ("we", "us", "our") is a visual feedback tool developed by Périmètre (perimetre.co). This privacy policy explains how we collect, use, and protect your information when you use our web application and Chrome extension.
1. Information We Collect
We collect the following information: your name (entered when posting comments, not verified), email address (waitlist registration only), comments and feedback you post on review sessions, screenshots captured automatically when you post a comment, your browser language preference, and basic usage events (session views, comment creation) for analytics.
2. Chrome Extension
The Pindrop Chrome extension ("Pindrop — Website Review") injects an overlay on websites you are reviewing. It only activates on URLs matching an active review session. The extension captures visible tab screenshots when you post a comment, stores your session data locally in chrome.storage.local, and communicates with our server via the extension's background service worker. The extension does not track your browsing history, collect data from websites you are not reviewing, or run on any page without an active review session.
3. How We Use Your Information
We use your information to display your comments and feedback within review sessions, synchronize comments to Teamwork (project management tool) when configured by the session administrator, send screenshots to Teamwork alongside task descriptions, and improve the product through anonymous usage analytics.
4. Data Storage & Security
Your data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) policies. Screenshots are uploaded directly to Teamwork and are not stored on our servers. All API communications use HTTPS. Authentication for admin users is handled through Supabase Auth with Google OAuth, restricted to authorized email domains.
5. Data Retention
Review session data (comments, screenshots, feedback) is retained as long as the session is active. Archived sessions retain their data until permanently deleted by an administrator. Waitlist emails are retained until the product launches or you request removal.
6. Third-Party Services
We use the following third-party services: Supabase (database and authentication), Vercel (hosting), Teamwork (project management integration), Sentry (error tracking, when configured), and Anthropic (AI-powered suggestions, when configured). Each service has its own privacy policy governing how they handle data.
7. Your Rights (GDPR & Loi 25)
Under the General Data Protection Regulation (GDPR) and Quebec's Loi 25 (Act respecting the protection of personal information in the private sector), you have the right to access, correct, or delete your personal information, withdraw consent at any time, request data portability, and lodge a complaint with a supervisory authority. Since reviewer accounts are anonymous (name only, no verification), your data is linked to the name you provide when commenting. To exercise your rights, contact us at the email below.
8. Cookies
We use essential cookies only: a Supabase authentication cookie for admin users, and a language preference stored in localStorage. We do not use advertising cookies or third-party tracking cookies.
9. Contact
For any privacy-related questions or requests, contact us at: gjoly@perimetre.co — Périmètre, Montréal, Québec, Canada.