Skip to content
How it works Features Pricing FAQ Get started

Privacy Policy

Effective Date: March 18, 2026 · Last Updated: March 18, 2026

This Privacy Policy describes how The MNPPI Group LLC (“Company,” “we,” “us,” or “our”), operating under its Pyndale product line (“Pyndale,” “the Service”), collects, uses, discloses, and otherwise processes personal information in connection with our website at pyndale.com, all websites hosted on the Pyndale platform (collectively, “Tenant Sites”), and our related services, tools, and communications (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

This Privacy Policy applies to all users of the Services, including business owners who subscribe to Pyndale’s managed website hosting (“Subscribers”), visitors who browse Tenant Sites (“Site Visitors”), individuals who submit information through contact forms on Tenant Sites (“Form Submitters”), and business contacts identified through publicly available data sources for outreach purposes (“Prospects”).

If you do not agree with the practices described in this Privacy Policy, you should not access or use the Services.

Definitions

  • Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
  • Tenant Site means any website built, hosted, and maintained by Pyndale on behalf of a Subscriber.
  • Subscriber means a business owner or authorized representative who has entered into a subscription agreement with Pyndale for managed website services.
  • Processing means any operation performed on personal information, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.

Information We Collect

Information Collected From Subscribers

When a business owner subscribes to Pyndale’s services, we collect:

  • Business name, address, phone number, and operating hours
  • Business owner or authorized representative name and contact email address
  • Business category, description, and service offerings
  • Billing and payment information (processed and stored by Stripe; we do not store credit card numbers, bank account numbers, or other payment card data)
  • Communications between you and Pyndale, including support requests and content approvals
  • Any additional business information you voluntarily provide for website content (such as descriptions of services, staff bios, or promotional text)

Information Sourced From Public Data

We obtain publicly available business information from licensed data sources, including:

  • Google Places API: Business name, address, phone number, operating hours, customer reviews, photos, business categories, and other publicly listed business attributes. This data is obtained through Google’s official, paid API services in compliance with Google’s Terms of Service. We do not scrape Google Maps, Google Search, or any other Google property.
  • Overture Maps Foundation: Publicly available business location data, including business name, address, category, confidence scores, and geographic coordinates, distributed under open data licenses.

This publicly sourced data is used to generate draft website content and to identify businesses that may benefit from our services. No website is published using this data without the explicit review and approval of the business owner.

Information Collected From Site Visitors

  • Server log data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and request data. This data is collected automatically by Cloudflare’s infrastructure in the course of delivering web pages.
  • Analytics data: Aggregated, anonymized usage statistics collected through Cloudflare Web Analytics. Cloudflare Web Analytics does not use cookies, does not collect personally identifiable information, and does not track individual users across sites or sessions.

We do not use cookies, tracking pixels, browser fingerprinting, or any other persistent tracking technology on Tenant Sites or on pyndale.com.

Information Collected From Contact Form Submissions

When a Site Visitor submits a contact form on a Tenant Site, we collect the name, email address, and message content as provided by the submitter, along with IP address and submission timestamp for anti-spam and abuse prevention purposes. Contact form submissions are forwarded to the Subscriber via email and to our administrative team for monitoring purposes. Contact form submissions are not stored in our database after transmission.

Contact forms are protected by Cloudflare Turnstile for bot and abuse prevention. When you submit a contact form, Turnstile transmits technical data about your device and browser session to Cloudflare for verification. Turnstile operates without cookies and without collecting personally identifiable information from the submitter.

IP Addresses

We collect your IP address when you interact with our Services, including when submitting contact forms and when logging into the client portal. IP addresses are used for rate limiting, fraud prevention, session management, and CAPTCHA verification (via Cloudflare Turnstile). IP addresses stored for rate limiting are automatically deleted within 60 seconds. IP addresses stored in session records are retained for the duration of the session.

Information Collected From Prospects

For the purpose of identifying businesses that may benefit from our services, we collect publicly available business contact information from licensed, publicly available data sources (Google Places API and Overture Maps Foundation), including business name, address, phone number, email address (where publicly listed), business category, operating status, and geographic location data. This information is used solely for CAN-SPAM compliant commercial outreach.

How We Use Your Information

Service Delivery and Operations

  • Building, hosting, maintaining, and updating Tenant Sites on behalf of Subscribers
  • Generating draft website content using artificial intelligence tools, based on publicly available business data and Subscriber-provided information
  • Routing contact form submissions from Site Visitors to the appropriate Subscriber
  • Processing subscription payments through Stripe
  • Providing customer support and responding to inquiries
  • Communicating with Subscribers regarding their accounts, service updates, and content approvals

AI-Generated Content

We use artificial intelligence services (accessed through OpenRouter, a third-party API routing service) to generate initial website content for Tenant Sites. Business information provided to us or obtained from publicly available sources — including business name, category, address, phone number, and customer review data — may be transmitted to AI service providers for the purpose of generating website copy. All AI-generated content is reviewed and may be edited before publication. No AI-generated content is published attributed to a business without that business owner’s explicit consent.

Business Development and Outreach

  • Identifying businesses that do not currently have a professional web presence
  • Generating preview websites to demonstrate our service capabilities
  • Sending CAN-SPAM compliant outreach communications to Prospects
  • Analyzing market opportunities and service demand

Commercial Email Communications to Prospects

We send commercial email communications to business contacts identified through publicly available data sources. These emails are sent in compliance with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.) and include: (i) a clear identification of the message as an advertisement or solicitation; (ii) our valid physical postal address; and (iii) a conspicuous mechanism to opt out of future emails from us. We honor all opt-out requests within ten (10) business days and maintain a suppression list of contacts who have opted out.

Email Tracking

Our commercial outreach emails may contain a small, invisible image (a “tracking pixel”) that notifies us when the email is opened. This information is used to measure the effectiveness of our communications. Contact form notification emails sent to Subscribers do not contain tracking pixels.

Direct Mail Outreach

We may send physical mail, including postcards, to business addresses identified through publicly available data sources. This mail contains information about our services and may include a link to a free website preview we have generated for the recipient’s business. We use PostGrid, a third-party print and mail provider, to fulfill these mailings.

Platform Improvement and Security

  • Monitoring and maintaining the performance, security, and availability of the Services
  • Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues
  • Analyzing aggregated, de-identified usage patterns to improve the Services
  • Complying with legal obligations and enforcing our terms of service

How We Share Your Information

We do not sell personal information. We do not rent personal information.

With Subscribers

Contact form submissions made by Site Visitors on a Tenant Site are forwarded to the Subscriber who operates that Tenant Site. Once delivered, the Subscriber is independently responsible for their handling of that information.

With Service Providers

We share personal information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect the confidentiality and security of such information:

  • Cloudflare, Inc. — Hosting, content delivery, DNS, security, analytics, and bot prevention (Turnstile). Processes server log data, IP addresses, and request metadata.
  • Stripe, Inc. — Payment processing and subscription billing. Receives Subscriber name, email address, and subscription plan details. Stripe collects payment card information directly — we do not receive, store, or process payment card numbers. Stripe is PCI-DSS Level 1 certified.
  • Google (Google Places API) — Business data sourcing. API queries containing business identifiers.
  • Unosend — Transactional email delivery (contact form notifications) and commercial outreach email delivery. Receives recipient email addresses and email content.
  • PostGrid — Direct mail fulfillment. Receives business names and addresses for printing and delivering physical mailings.
  • OpenRouter / Anthropic — AI content generation. Business data used as input for content generation (no end-user personal information).

For Legal and Safety Purposes

We may disclose personal information if we believe in good faith that such disclosure is necessary to: comply with applicable law, regulation, legal process, or enforceable governmental request; enforce our terms of service or other applicable agreements; detect, prevent, or otherwise address fraud, security, or technical issues; or protect the rights, property, or safety of The MNPPI Group LLC, our Subscribers, our users, or the public.

In Connection With Business Transfers

If The MNPPI Group LLC is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of assets, or similar transaction, personal information may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a different privacy policy.

Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected:

  • Subscriber data: Retained for the duration of the subscription and for thirty (30) days following termination or cancellation, after which account data is deleted. Billing records may be retained for up to seven (7) years as required for tax and accounting purposes.
  • Contact form submissions: Forwarded to the Subscriber via email and not stored in our database after transmission.
  • Prospect data: Retained until the Prospect subscribes to the Service, requests deletion, or for a maximum period of twelve (12) months from the date of collection, whichever occurs first. Prospects who opt out of outreach communications are maintained on a suppression list (email address only) to ensure continued compliance.
  • Session data: Retained for the duration of the active session plus thirty (30) days.
  • Rate limiting data: Automatically deleted within 60 seconds to 48 hours depending on the specific limit.
  • Server logs: Retained for thirty (30) days via Cloudflare Workers Logs.
  • Analytics data: Cloudflare Web Analytics provides only aggregated, anonymized data that does not constitute personal information.

Your Rights and Choices

All Users

  • Opt-out of outreach emails: Every outreach email includes a clear unsubscribe mechanism. You may opt out at any time by clicking the unsubscribe link or contacting us at hello@pyndale.com. We process opt-out requests within ten (10) business days.
  • Access and correction: You may request access to or correction of the personal information we hold about you by contacting us at hello@pyndale.com.
  • Deletion: You may request deletion of your personal information by contacting us at hello@pyndale.com. We will comply except to the extent retention is necessary for legal obligations, dispute resolution, or enforcement of agreements.

California Residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the CCPA:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights.

To exercise your CCPA rights, contact us at hello@pyndale.com. We will verify your identity before processing your request.

Minnesota Residents

If you are a Minnesota resident, you may have additional rights under the Minnesota Consumer Data Privacy Act, including the right to confirm whether we process your personal data, access your data, correct inaccuracies, delete your data, and obtain a portable copy. To exercise these rights, contact us at hello@pyndale.com. We will respond within 45 days. You may appeal a denial of your request by contacting us at the same address.

Children’s Privacy

The Services are not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under sixteen. If we become aware that we have inadvertently collected personal information from a child under sixteen, we will take reasonable steps to delete such information promptly. Tenant Sites operated by businesses that serve children (such as daycare centers or preschools) are designed to provide business information to parents and guardians, not to interact with children directly.

Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit via TLS (HTTPS), DDoS protection and web application firewall via Cloudflare, PCI-DSS Level 1 certified payment processing via Stripe, multi-factor authentication for administrative access via Cloudflare Access, and server-side input validation with parameterized database queries.

No method of transmission over the internet and no method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

Data Breach Notification

In the event of a data breach involving personal information that poses a risk of harm, we will notify affected individuals and applicable regulatory authorities in accordance with Minnesota’s data breach notification law (Minn. Stat. § 325E.61) and other applicable state breach notification laws, as expeditiously as practicable and without unreasonable delay.

Health Information Disclaimer

Contact forms on Tenant Sites operated by healthcare providers are not intended for the transmission of protected health information (“PHI”) as defined by HIPAA. Pyndale is not a covered entity or business associate under HIPAA. Users should not include medical conditions, treatment information, or other health data in contact form submissions. Subscribers in regulated industries are responsible for ensuring their use of the Service complies with applicable professional and regulatory requirements.

Do Not Track Signals

Our Services do not use cookies or behavioral tracking technology. We do not track individual users across third-party websites. Because we do not engage in tracking, Do Not Track (DNT) browser signals do not change the behavior of our Services. No tracking occurs regardless of DNT status.

Third-Party Websites and Services

Tenant Sites may contain links to third-party websites or services not owned or controlled by Pyndale. This Privacy Policy does not apply to any third-party websites or services. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

International Users

The Services are operated from and intended for use within the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Services, you consent to the transfer of your information to the United States.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. For material changes that affect the processing of personal information in ways not previously disclosed, we will provide at least thirty (30) days’ advance notice before the changes become effective. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the modified Privacy Policy.

Limitation of Liability

To the fullest extent permitted by applicable law, The MNPPI Group LLC shall not be liable for any unauthorized access to, or alteration, theft, or destruction of, personal information through accident, fraudulent means, or any force or cause beyond our reasonable control. The MNPPI Group LLC is not responsible for the privacy or security practices of any third-party service provider. To the fullest extent permitted by applicable law, The MNPPI Group LLC’s aggregate liability arising from or related to this Privacy Policy shall not exceed the greater of five dollars ($5) or the total fees paid by the individual to Pyndale during the twelve (12) months immediately preceding the event giving rise to the claim.

Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Minnesota, without regard to its conflict of laws principles. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Hennepin County, Minnesota.

Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Pyndale — A Product of The MNPPI Group LLC
Email: hello@pyndale.com

We will respond to all privacy-related inquiries within thirty (30) days of receipt.