PINATA Privacy Policy



Contact Us

What We Collect And Process

How and Why We Use Your Personal Information

Sharing Your Personal Information

Protecting Your Personal Information

Retention of Personal Information

Your Choices

Cookies and Related Technologies

Links to Other Websites


California Residents


Effective Date: 08/10/2020

This Privacy Policy (“Policy”) describes how PINATA collects and processes personal information when you interact with us online through our websites and online services, including our PINATA brand services available and our Hayday wellness screening service available at This Policy applies to individuals who interact with us in connection with our services, including employees of businesses that utilize our services (“you,” “your”), whether through our websites, applications, tools, forms, email, or in-person (“Platforms and Services”).

Your use of our Platforms and Services is subject to this Policy and the Terms of Service applicable to the particular Platform or Service you are using.  By using our Platforms and Services, you acknowledge that you have read and understand this Policy and that you agree to its contents. You do not have to provide personal information to us. Please note, however, that if you do not provide certain personal information, you may not be able to use or access all or portions of our Platforms and Services.  Also, this Privacy Policy does not extend to your employer’s data collection and use practices outside of our Platforms and Services.

We will occasionally update this Policy.  When we do, we will revise the effective date above.  Your continued use of our Platforms and Services after such changes means you accept the Policy as revised. We encourage you to periodically review this Policy to stay informed about how we collect and process your personal information.


If you have questions about this Policy, you may contact us via email at


What personal information we collect and process depends on how and why you interact with us.

Personal Information You Provide

Most of the personal information we collect comes directly from you, and what we collect depends on which Products and Services you use. We collect personal information that you provide to us when you use our Platforms and Services, communicate with us, sign up for an account, or otherwise submit information to us. For example, personal information we collect and process that you provide to us includes:

  • Contact information such as your name, email address, mailing address, phone number, and contact preferences;
  • Account and user profile information when you register for an account, create or modify your profile, and set account preferences;
  • Demographic information that you provide when you sign up for our services or create an account, including your birthday, gender, and physical description;
  • Profile photo, if you choose to upload one;
  • Employment and job information, including your place of employment, job title, employee number, and education history;
  • Social media information, if provided, such as your account handle;
  • Platforms and Services use information, including your purchase history; and
  • Questionnaire information you provide, such as your opinions about our Platforms and Services.

Users of our Hayday service also provide us with the following information so we can provide our wellness screening services:

  • Body temperature information;
  • Symptom information;
  • Contact-tracing related information (such as whether you have come in contact with someone with symptoms within a certain period of time); and
  • Location-related information (such as check-in location).

Note, we do not directly collect personal financial information from you. We rely on third party processors to handle that information on our behalf.

Personal Information We Collect From Third Parties

From time to time, we collect personal information from third parties with whom we have direct relationships, including employers, brands and agency partners. The information we receive from them can be provided any number of ways, including through employer feedback or a blank form where the employer, brand, or agency can enter information concerning an employee or authorized user of the platform.

In addition, we collect personal information from sources that are available to the public, such as publicly available information on social media, which we might combine with information that we collect from you directly.

We also collect aggregate or de-identified information from third parties that make our Platforms and Services available for use, including general demographic information. This data does not personally identify you, and we do not use it in conjunction with other information to personally identify you.

Personal Information We Collect Automatically

‍We collect information automatically when you browse and use our Platforms and Services, some of which could be considered personal information (also known as “session data”). The information we automatically collect includes:

  • Your IP address;
  • Geolocation data;
  • Browser type and version;
  • The date and time of your visit;
  • Your operating system, device type, and device model;
  • Referring URL, if any (i.e., the page from which you navigated to our websites);
  • What areas of the websites you accessed, browsed, searched for, or used; and
  • Time spent on our websites and related statistical information.

Note, we do not use this information to personally identify you. We use it to administer, operate, and improve our Platforms and Services. The process by which we collect this information is through cookies, pixels, tags, and similar online technologies. See our “Cookies and Related Technologies” section below for more information.  


We use your personal information to:

  • Establish and manage accounts;
  • Provide and secure our Platforms and Services;
  • Conduct our analyses and develop reports of events, engagements, and wellness;
  • Provide customer support, troubleshoot issues, manage our Platforms and Services, and respond to requests, questions, and comments;
  • Communicate with you about our Platforms and Services, and administer participation in programs, services and events;
  • Conduct market and consumer research and analyze trends;
  • Perform accounting, auditing, billing, reconciliation, and collection activities;
  • Prevent, detect, identify, investigate, and respond to potential or actual claims, liabilities, prohibited behavior, and criminal activity; and
  • Comply with and enforce legal requirements, agreements, and policies; and
  • Achieve purposes for which we provide specific notice at the time of collection.


We may share personal information with the following categories of parties and as otherwise described in this Policy or at the time of collection:

  • With our wholly owned or affiliated entities for the purposes described in this Policy;
  • With brands or agencies with whom we have established corporate accounts and you have a relationship through engagements;
  • With your employer with whom we have an established relationship;
  • With our service providers who help us perform and deliver our Platforms and Services, including: website and database management, hosting, and analytics; form processing; report generation and analysis; image processing; payment processing; information technology and security; communications; advertising and sponsorships; and auditing;
  • With the appropriate authorities if we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss, including to protect against fraud or credit risk,
  • With legal, governmental, or judicial authorities as instructed or required by those authorities and applicable laws, or in relation to a legal activity, such as in response to a subpoena or investigation of suspected illicit or illegal activities, or where we believe in good faith that users may be engaged in illicit or illegal activities, or where we are bound by contract or law to enable a network partner to comply with applicable laws;
  • With necessary third parties in connection with, or during negotiations for, an acquisition, merger, asset sale, or other similar business transfer that involves all or substantially all of our assets or functions where personal information is transferred or shared as part of the business assets; and
  • With your consent or at your direction, such as when you choose to share information.

With respect to the PIÑATA services, we may share with third parties reports about engagements and events, but those reports do not contain any personal information. Rather, they contain aggregate or deidentified data that cannot reasonably be used to directly identify anyone.


While no one can guarantee your personal information is completely secure at all times, we use administrative, organizational, technical, and physical safeguards to protect the personal information we collect and process. Our security controls are designed to maintain data confidentiality and integrity, and give us appropriate access to your data.

Among other things, we use professional third party service providers and data centers to provide our Platforms and Services, and enter into confidentiality agreements with them where appropriate.  Those data centers implement industry-standard measures to protect the security of the personal information we collect.  For example, those service providers and data centers use SSL (Secure Socket Layers), firewalls, and digital certificates to help protect your personal information.  Personal information we collect and process is encrypted in transit and at rest.  The financial partners we use that collect and process payment information follow the Payment Card Industry Data Security Standard.


We keep your personal information in line with set periods of time calculated using the following criteria:

  • How long you have been an authorized user of our Platforms and Services, the types of Platforms and Services you have used, and when you will stop being a user or your employer will stop having an account with us;
  • How long it is reasonable to keep records to show we have met the obligations we have to you and by law;
  • Any time limits for making a claim;
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations; and
  • Any relevant proceedings that apply.

The session data discussed above under the section titled “Personal Information We Collect Automatically” is retained for 30 days.


You may choose not to send us certain personal information. We will tell you what information is required to use the Platforms and Services when you create or modify your account.

You may choose not to receive marketing communications from us by clicking on the unsubscribe link in our marketing emails or by contacting us as at  If you provide us with inconsistent privacy preferences (for example, by indicating on one occasion that we may provide you with marketing offers and on another occasion that we may not), we will treat it as if you opted out to receive our marketing communications.  

You may choose not to receive certain email or SMS notifications from us by following the instructions in the email or text message you receive, if that feature is made available for you.  For some Platforms and Services, notifications are required and only the account administrator (which may be your employer) can turn off these notifications for you.

You can also choose to de-activate your account at any time unless required by your employer, or brand or agency partners.


As noted above, we collect information about the device you are using through cookies and related online technologies like pixels, tags, and web beacons. We use these technologies when you interact with our website and online Platforms and Services to improve their quality, store user preferences, and track user trends. In order for these technologies to work, third parties collect and/or receive information from our websites and elsewhere on the internet. These third parties typically collect information in the aggregate and in a way that does not personally identify you. As explained in “Links To Other Websites,” we do not control all of the information collected by such third parties in connection with our websites, and they do not process all such data on our behalf. You may opt-out of some of these technologies, but if you do, the functionality of our website or online services may be impacted.

You can prevent or restrict the storage of cookies on your computer or device by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time.  Please refer to your browser’s instructions to find out how this works.  If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. Please note, however, if you do not accept necessary cookies some website features or services may not function properly. Among other cookies, we use Google Analytics. You can learn more about how those cookies work by visiting “How Google Uses Data When You Use Our Partners' Sites or Apps,” located at To find out more about cookies in general, visit

Note, we do not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who use or visit our websites.  To find out more about “do not track,” please visit


Our website contains links to third party sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our websites and to read the privacy statements of those websites for more information.


We do not knowingly collect information from children or minors under the age of 18. If we learn that we have collected personal information from a child or minor under the age of 18, we will promptly delete that information.


If you are a California resident, please note that we do not share information that identifies you personally with non-affiliated third parties for their own marketing use without your permission.

Effective January 1, 2020, under the California Consumer Privacy Act (“CCPA”), California residents have the right to know and request access to their personal information collected and shared within the past 12 months, to delete their personal information in accordance with the CCPA, and not to be discriminated against if invoking these rights granted by the CCPA. If you are a California resident and a consumer of the Platforms and Services through your employer, or the brand or agency in charge of an event, because we are a service provider, we will not be able to act on any CCPA request that you may make. You should direct any requests under the CCPA to your employer, brand or agency with whom you have a direct relationship.