ISAIA SharePoint Pin Manager

Last updated: May 15, 2026

Internal ISAIA use onlyOfficial Pinterest APIOAuth authorizationNo Pinterest affiliationNo resale or redistributionDisconnect cleanup within 30 daysGDPR-oriented notice

ISAIA SharePoint Pin Manager is an internal web application used by authorized ISAIA personnel to prepare, publish, reconcile, and manage ISAIA-owned visual assets from Microsoft SharePoint on the connected ISAIA Pinterest account. This Privacy Policy explains how the application handles Pinterest API data and internal operational metadata.

Relationship With ISAIA's Main Privacy Policy

This notice supplements the broader ISAIA website privacy policy available at www.isaia.it/privacy-policy. The public ISAIA policy describes general privacy practices for ISAIA services, including the identity of the data controller, contact details, categories of personal data, legal bases, retention, user rights, and DPO contact channels. This page adds the Pinterest API-specific information required for this internal integration.

Controller, Contacts, and Internal Scope

The data controller identified in ISAIA's public privacy policy is Isaia&Isaia S.p.A., Via Toledo 106, 80134 Naples, Italy. Privacy requests may be directed to privacy@isaia.it. The public ISAIA policy also identifies Agilae S.r.l. as Data Protection Officer contact at privacy@agilae.it.

This tool is not a consumer service and is not intended for public user registration. Access is restricted to authorized ISAIA team members and service components that need to operate the SharePoint-to-Pinterest workflow.

Pinterest API Usage

The application uses the official Pinterest API to connect an authorized ISAIA Pinterest account through OAuth, read account, board, board section, and Pin metadata, and perform publishing or management operations where the Pinterest API permissions granted to the application allow it.

The integration is used for the following operational purposes: preparing CSV imports, creating Pins from ISAIA-owned SharePoint images, checking whether a Pin has already been published, avoiding duplicate Pins, detecting changed assets, managing Pinterest boards and sections, and deleting or updating published Pins when the API access tier and granted scopes allow those operations.

This site and application are not approved by, endorsed by, sponsored by, or affiliated with Pinterest. Pinterest is a trademark of Pinterest, Inc. Any Pinterest names, API scopes, endpoint descriptions, or policy links are used only to describe the technical integration and compliance context.

Data We Process

The application does not collect consumer data from Pinterest users. When connected through OAuth, the app may process Pinterest-derived data required for the internal workflow, including Pinterest account identifiers, board and board section identifiers and names, Pin identifiers, Pin titles, descriptions, destination links, privacy status, image preview URLs, and API response metadata needed to reconcile published content.

The application may also process ISAIA operational data, including selected SharePoint folders, SharePoint file names, generated titles and descriptions, CSV generation history, sync decisions, administrative settings, audit logs, and the minimum user/account information needed to authenticate authorized ISAIA personnel.

Legal Bases and Applicable Privacy Framework

Where personal data is processed, the application is operated with reference to Regulation (EU) 2016/679 (GDPR), the Italian Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018), and the principles described in ISAIA's public privacy policy.

GDPR Article 6(1)(b): processing may be necessary to provide the internal service requested by authorized ISAIA users.
GDPR Article 6(1)(f): ISAIA may rely on legitimate interest to organize, protect, and manage brand-owned digital assets and official social publishing workflows.
GDPR Article 6(1)(c): certain retention or disclosure may be required to comply with legal, audit, security, or regulatory duties.
GDPR Articles 5, 25, and 32: the application is designed around minimization, purpose limitation, access control, and reasonable technical and organizational security measures.

How Pinterest-Derived Data Is Used

Pinterest-derived data is used only to operate ISAIA's internal content workflow: browsing the connected account, matching SharePoint assets to Pinterest boards and sections, avoiding duplicate Pins, preparing CSV imports, and managing published brand-owned content where API permissions allow it.

We do not sell, resell, rent, redistribute, or make available Pinterest content or Pinterest-derived data to third parties. We do not use Pinterest-derived data for advertising resale, data brokerage, user profiling, consumer analytics, or any product made available to external customers.

Storage, Security, and Access Control

Application settings, OAuth tokens, API credentials, and operational sync metadata are stored server-side in administrative storage controlled by ISAIA. Sensitive configuration values are not exposed in clear text to regular users after storage. Access is limited to authorized personnel and service components required to run the application.

Reasonable technical and organizational measures include server-side token handling, restricted administrative access, use of HTTPS, limited UI display of secrets, role-based application access, operational logging for troubleshooting, and review of permissions requested from Pinterest.

Processors, Service Providers, and Transfers

The application may rely on infrastructure and platform providers needed to operate the workflow, including Microsoft SharePoint for source assets, Pinterest for API operations, and Vercel or equivalent hosting services for the application runtime. These providers process data only as needed for the service or as governed by their own applicable contractual terms.

If operational data is transferred outside the European Economic Area, ISAIA evaluates the transfer in light of GDPR Chapter V, including adequacy decisions, standard contractual clauses, or other appropriate safeguards where required.

Retention and Deletion

OAuth tokens are retained only while the Pinterest account remains connected and the integration is needed. If the connected Pinterest account is disconnected, OAuth tokens are removed from the application's server-side configuration.

Pinterest-derived operational data that is no longer required for the workflow is deleted or anonymized within 30 days, unless a longer retention period is required for security, troubleshooting, audit, legal obligations, or to prevent duplicate publishing during a defined reconciliation period. ISAIA may also delete Pinterest-derived metadata earlier upon administrative request or when Pinterest account access is revoked.

Cookies, Analytics, and Automated Decisions

The application uses only technical session mechanisms required for login, authorization, security, and normal application operation. It is not designed to place marketing cookies, run third-party advertising tracking, or create external user profiles from Pinterest-derived data.

The application does not make decisions that produce legal effects or similarly significant effects on individuals through automated profiling. CSV and sync recommendations are operational suggestions for ISAIA staff and remain subject to authorized user action.

Rights of Data Subjects

Where GDPR applies, data subjects may have rights of access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making under GDPR Articles 15 to 22. Requests can be sent through the contact channels indicated in ISAIA's public privacy policy. Data subjects may also lodge a complaint with the Italian Data Protection Authority, the Garante per la protezione dei dati personali.

SharePoint Assets

SharePoint images and metadata processed by this application are brand-owned ISAIA assets. The application does not upload or process third-party user content except where it is already part of ISAIA's authorized internal asset libraries.

Legal and Compliance References

This policy is designed to address Pinterest API review requirements and Pinterest's developer policy principles around transparency, OAuth authorization, credential protection, API data restrictions, and not selling or sharing Pinterest-derived data with third parties. The references below are provided for review transparency only and do not imply that this application is approved, certified, sponsored, or affiliated with Pinterest.

ISAIA Website Privacy PolicyGeneral ISAIA privacy notice, controller details, DPO contact, user rights, and retention principles.GDPR - Regulation (EU) 2016/679EU privacy framework covering lawful basis, transparency, rights, security, and accountability.Italian Privacy CodeItalian national privacy framework and amendments aligning local law with the GDPR.Pinterest Developer GuidelinesTransparency, OAuth authorization, API data restrictions, and API credential handling.Pinterest OAuth DocumentationAuthorization code flow, redirect URI, scopes, access tokens, and refresh tokens.Pinterest API Access TiersTrial and Standard API access expectations, review steps, and common denial reasons.

Contact

For privacy or data handling questions related to this internal application, contact ISAIA's internal application administrator, privacy@isaia.it, or the DPO contact listed in the public ISAIA website privacy policy.

Back to application