Yes, Pinterest business accounts need a privacy policy. If you install the Pinterest Tag on your website, upload product catalogs for Shopping, run promoted pins, use creator analytics, access the Pinterest API, or include affiliate links in your pins, you are collecting or facilitating the collection of personal data. Pinterest's advertising policies and privacy regulations require you to disclose these practices in a published privacy policy.
When Pinterest Users Need a Privacy Policy
Pinterest has its own privacy policy that covers data collected through the Pinterest platform itself. However, Pinterest's policy does not cover data that you, as a business or creator, collect from your audience through your own tools and activities. If you engage in any of the following, you need your own privacy policy:
Installing the Pinterest Tag on your website
The Pinterest Tag is a conversion tracking pixel that collects visitor data from your website and sends it to Pinterest. It tracks page visits, product views, add-to-cart events, purchases, sign-ups, and searches. Because you choose to install this tag and benefit from the data it collects, you are responsible for disclosing its presence and data collection practices.
Uploading product catalogs for Pinterest Shopping
When you connect your e-commerce platform to Pinterest and upload product catalogs, you create shoppable pins that link directly to your store. Click-throughs from these pins generate customer browsing data, purchase information, and analytics. Your privacy policy must cover the data collected when Pinterest users arrive at your store.
Running promoted pins or ad campaigns
Pinterest's Advertising Guidelines require advertisers to comply with applicable privacy laws. When you run promoted pins, Pinterest collects engagement data, click-through data, and conversion data on your behalf. If you use audience targeting features like customer list matching or actalike audiences, additional data sharing is involved.
Using creator analytics and audience insights
Pinterest Analytics provides business accounts with audience demographics, engagement metrics, and content performance data. While Pinterest provides this data in aggregated form, accessing and using these insights for business decisions constitutes data processing that should be acknowledged in your privacy policy.
Accessing the Pinterest API
If you build applications or use third-party tools that access the Pinterest API, you are processing Pinterest user data outside the platform. Pinterest's Developer Guidelines require API users to have a privacy policy that discloses how they handle data obtained through the API, including pin data, user profiles, and board information.
Including affiliate links in pins
Affiliate links set tracking cookies on the devices of users who click them. These cookies track browsing behaviour across the merchant's website to attribute sales to your account. Under GDPR, setting tracking cookies requires consent and disclosure. Your privacy policy must explain that clicking your pins may result in affiliate tracking.
Without a privacy policy, you risk
Pinterest ad account suspension, rejection of promoted pin campaigns, removal from the Verified Merchant Program, GDPR fines up to €20 million, CCPA penalties of $7,500 per violation, and loss of customer trust. Pinterest reviews advertiser compliance and can restrict your account without warning. Learn the full breakdown of what happens without a privacy policy.
Does this apply to personal Pinterest accounts?
Personal accounts used purely for saving and organizing pins for personal inspiration generally do not need their own privacy policy. However, the moment you switch to a business account, install the Pinterest Tag, upload product catalogs, run promoted pins, or use affiliate links, the requirement applies.
What about Pinterest accounts for bloggers?
Bloggers who use Pinterest to drive traffic to their websites are engaged in data collection the moment a visitor arrives at a site with analytics, cookies, or ad networks. If you monetize your blog through affiliate links pinned on Pinterest, ad revenue, or email list building, you need a privacy policy that covers the full data chain from pin click to website interaction.
Data Sources on Pinterest Business Accounts
Every data type your Pinterest presence might collect or facilitate.
The data your Pinterest business account handles depends on which features and external tools you use. Here is a comprehensive breakdown by source:
| Data Source | Data Collected | Who Controls It |
|---|---|---|
| Pinterest Tag | Page visits, product views, add-to-cart events, purchases, sign-ups, search queries, IP addresses, browser data, device IDs, cookies | Joint controller (you and Pinterest) |
| Product Catalogs | Product interaction data, click-throughs, saves, purchase attribution, catalog sync metadata | You (controller), e-commerce platform (processor) |
| Promoted Pins | Impressions, clicks, engagement data, conversion events, audience targeting matches, cost-per-action data | Joint controller (you and Pinterest) |
| Creator Analytics | Audience demographics, engagement metrics, content performance, follower geography, device breakdown | Pinterest (controller, aggregated data) |
| API Access | Pin data, board data, user profile information, engagement metrics, image data | You (controller for processed data), Pinterest (platform) |
| Shopping | Customer names, shipping addresses, email addresses, payment details, order history, browsing behaviour on your store | You (controller), payment processor (processor) |
| Idea Pins | View counts, engagement data, saves, comments, audience reach, content interaction patterns | Pinterest (controller), you (recipient of analytics) |
| Affiliate Links | Click data, tracking cookies, browsing behaviour on merchant sites, purchase attribution, commission tracking | You and affiliate network (joint controllers) |
The critical distinction: Pinterest Analytics provides aggregated demographic data that Pinterest controls. But the Pinterest Tag, product catalog click-throughs, promoted pin conversions, API data, and affiliate link tracking involve personal data that you collect, control, or jointly control with Pinterest. These are what your privacy policy must cover.
Did you know?
The Pinterest Tag fires on every page of your website where it is installed, not just product pages. If you install it site-wide (as Pinterest recommends for maximum conversion data), it tracks every visitor across every page, including blog posts, about pages, and contact pages. Under GDPR, this broad tracking requires explicit cookie consent before the tag fires, and your privacy policy must disclose the full scope of what the tag collects.
Pinterest Tag and Conversion Tracking
The most significant data collection tool in the Pinterest ecosystem.
The Pinterest Tag is a JavaScript snippet you install on your website to track conversions and build audiences for promoted pin campaigns. It is the Pinterest equivalent of Meta Pixel or Google Ads conversion tracking. Because it collects personal data from your website visitors, it carries significant privacy obligations.
Base code tracking
The base Pinterest Tag code fires on every page where it is installed and collects page URL, referring URL, browser type, device type, screen resolution, IP address, and Pinterest cookie data. This happens automatically for every visitor, regardless of whether they clicked a promoted pin. Your privacy policy must disclose this passive data collection.
Event tracking
Pinterest Tag supports nine standard events: PageVisit, ViewCategory, Search, AddToCart, Checkout, WatchVideo, Signup, Lead, and Custom. Each event sends specific data to Pinterest, such as product IDs, order values, search terms, and video engagement. You must document which events you track and what data each event captures.
Enhanced Match
Enhanced Match is a Pinterest Tag feature that sends hashed customer data (email addresses, names) directly to Pinterest for improved conversion attribution. This is a direct transfer of personal data to Pinterest. Under GDPR, this requires explicit consent because it goes beyond basic analytics. Your privacy policy must specifically mention Enhanced Match if you enable it.
Conversions API
The Pinterest Conversions API sends server-side event data to Pinterest, bypassing browser-based tracking limitations. It can send customer email addresses, phone numbers, IP addresses, and transaction data directly from your server. Because this data transfer happens server-side, it is not blocked by ad blockers or cookie consent tools, making your privacy policy disclosure even more critical.
Do I need cookie consent before the Pinterest Tag fires?
Yes, under GDPR and the ePrivacy Directive. The Pinterest Tag sets cookies on visitor devices for tracking purposes. In the EU/UK, you must obtain explicit consent before the tag fires. Most cookie consent platforms (CookieYes, Cookiebot, OneTrust) support blocking the Pinterest Tag until consent is given. Your privacy policy must disclose the tag regardless of whether you use a consent tool.
Does the Pinterest Tag work without cookies?
The Pinterest Tag relies on cookies for core functionality like conversion attribution and audience building. Without cookies, its effectiveness is significantly reduced. The Conversions API provides a server-side alternative, but it sends personal data directly from your server to Pinterest, which still requires privacy policy disclosure and, in many jurisdictions, consent.
Shopping Catalog Requirements
Product pins create a direct data pipeline between Pinterest and your store.
Pinterest Shopping allows businesses to upload product catalogs that automatically create shoppable product pins. When users click these pins, they land on your e-commerce site where the full data collection chain begins. Whether you use Shopify, WooCommerce, BigCommerce, or another platform, the privacy implications are significant.
Catalog feed data sync
Your product catalog syncs with Pinterest on a scheduled basis, sharing product titles, descriptions, prices, images, availability, and URLs. While catalog data itself is product information rather than personal data, the sync creates a tracked pathway. When Pinterest users interact with your product pins, that engagement data is tied to their Pinterest profiles.
Click-through to your store
When a Pinterest user clicks a product pin and lands on your website, your analytics tools, the Pinterest Tag, and your e-commerce platform all begin collecting data. The visitor's browsing path, product views, cart additions, and purchase details are captured. Your privacy policy must cover this entire data flow from Pinterest click to order confirmation.
Verified Merchant Program
Pinterest's Verified Merchant Program requires businesses to meet specific standards, including having a clear return policy and terms of service. While Pinterest does not explicitly list a privacy policy as a Verified Merchant requirement, operating a compliant e-commerce store without one violates the privacy laws that the program expects you to follow.
Retargeting catalog viewers
Pinterest allows you to create audiences based on users who have interacted with your product catalog. This retargeting involves Pinterest matching user engagement data with your ad targeting parameters. Your privacy policy must disclose that you use product interaction data for retargeting purposes through Pinterest's advertising platform.
For comprehensive e-commerce privacy guidance, see the e-commerce privacy policy guide. If you sell on Etsy and Pinterest simultaneously, the Etsy privacy policy guide covers marketplace-specific requirements.
Did you know?
Pinterest product pins can appear in Google Shopping results and Google Image search, not just within the Pinterest platform. This means your product catalog data reaches users who may never have visited Pinterest directly. When these users click through to your store, the same privacy obligations apply. Your privacy policy must account for traffic arriving from Pinterest product pins regardless of where those pins are surfaced.
Promoted Pins and Ad Data
Pinterest advertising involves multiple layers of data collection.
Running promoted pins on Pinterest involves data collection at multiple stages: audience targeting, ad delivery, click-through tracking, and conversion measurement. Each stage has privacy implications that your policy must address.
Audience targeting options
Pinterest offers interest targeting, keyword targeting, demographic targeting, and custom audience targeting. Custom audiences can be built from customer email lists you upload, website visitors tracked by the Pinterest Tag, or users who have engaged with your pins. Each targeting method involves different data flows that must be disclosed.
Customer list targeting
When you upload a customer email list to Pinterest for audience targeting, Pinterest hashes the data and matches it against its user database. This is a direct sharing of personal data with a third party. Under GDPR, you must have a lawful basis for this data sharing and must disclose it in your privacy policy. You also need to ensure you collected the email addresses with appropriate consent for advertising use.
Actalike audiences
Pinterest's actalike audiences (similar to Meta's lookalike audiences) use your existing audience data to find new users with similar characteristics. This involves Pinterest analyzing the personal data you provide to identify patterns and match them against its broader user base. Your privacy policy should disclose that customer data may be used for advertising audience expansion.
Conversion tracking and attribution
Pinterest tracks user actions after they see or click your promoted pins, including website visits, product purchases, sign-ups, and app installs. This cross-platform tracking involves the Pinterest Tag, cookies, and device fingerprinting. Your privacy policy must explain that Pinterest tracks conversions across platforms and how long this attribution window lasts.
Creator Tools and Analytics
Pinterest creator features involve audience data that requires disclosure.
Pinterest provides creators with analytics tools, audience insights, and monetization features. While Pinterest delivers most of this data in aggregated form, the broader creator ecosystem involves personal data collection that extends beyond the Pinterest platform.
Pinterest Analytics dashboard
The analytics dashboard shows impression counts, engagement rates, audience demographics (age, gender, location, device), and top-performing content. While this data is aggregated by Pinterest, accessing and using these audience insights for business decisions, content strategy, or brand partnership pitches constitutes commercial use of audience data.
Idea Pins and video content
Idea Pins (Pinterest's multi-page story format) generate detailed engagement data including views, saves, reactions, comments, and completion rates. If you include links or calls to action that direct viewers to external sites, the data collection extends beyond Pinterest. Your privacy policy should cover what happens when viewers follow links from your Idea Pins.
Affiliate link monetization
Pinterest allows creators to include affiliate links in pins. When followers click these links, affiliate tracking cookies are placed on their devices. These cookies track browsing behaviour across the merchant's website, potentially for 30 to 90 days depending on the affiliate program. Your privacy policy must disclose that you use affiliate links and that clicking them results in tracking.
Email list building from Pinterest traffic
Many creators use Pinterest to drive traffic to landing pages with email opt-in forms. The email addresses collected are stored in your email marketing platform and used for newsletters, promotions, and automated sequences. Your privacy policy must disclose the email service provider, what you send, and how subscribers can unsubscribe.
Did you know?
Pinterest pins have an exceptionally long content lifespan compared to other social platforms. A single pin can drive traffic to your website for months or even years after it was originally published. This means your privacy policy must remain accurate and up to date for as long as your pins are active, because new visitors arriving from old pins are still subject to your current data collection practices.
Pinterest API Requirements
API access carries the strictest privacy obligations.
If you build applications, scheduling tools, or analytics dashboards that access the Pinterest API, you are processing Pinterest user data outside the Pinterest platform. Pinterest's Developer Guidelines impose specific privacy requirements on API users that go beyond what standard business accounts face.
Privacy policy requirement for API access
Pinterest requires all API developers to have a privacy policy that is publicly accessible and clearly describes what data you collect through the API, how you use it, how you store it, and how users can request deletion. Your API application will not be approved without a compliant privacy policy URL.
Data usage restrictions
Pinterest's API Terms restrict how you can use data obtained through the API. You cannot sell Pinterest user data, use it for surveillance, or combine it with other data sources without clear disclosure. Your privacy policy must accurately reflect how you use API data, and any changes to your data practices may require updating your API application.
User consent and authorization
If your application accesses Pinterest data on behalf of users (through OAuth), you must obtain clear consent for the specific data scopes you request. Your privacy policy must explain what permissions your application requests, why each permission is needed, and how users can revoke access to their Pinterest data.
Data retention and deletion
Pinterest's API Terms require you to delete user data when a user revokes access to your application or when Pinterest requests deletion. Your privacy policy must include a data retention section that explains how long you keep API data and how users can request that their data be removed from your systems.
Common Pinterest Privacy Mistakes
These assumptions are widespread among Pinterest business users. All of them are wrong.
"Pinterest's privacy policy covers my business"
Pinterest's privacy policy covers data that Pinterest collects through its platform, such as pin saves, searches, and browsing behaviour within the app. It does not cover data you collect through the Pinterest Tag on your website, customer lists you upload for ad targeting, email addresses gathered from pin click-throughs, or orders processed through your e-commerce store. When someone clicks your product pin and buys from your Shopify store, Pinterest's privacy policy says nothing about how your store handles that customer data. You need your own policy.
"I just pin images, I don't collect data"
If you truly only save and organize pins for personal use, then Pinterest's policy covers the platform-level data. But business accounts do far more. Your pins link to websites with analytics and cookies. Your product pins drive traffic to e-commerce stores. Your affiliate pins set tracking cookies on visitor devices. Even claiming your website on Pinterest creates a data connection between the two platforms. Pinning images is rarely the only thing a business account does on Pinterest.
"The Pinterest Tag is just analytics"
The Pinterest Tag does far more than count page views. It sets cookies on visitor devices, collects IP addresses and browser fingerprint data, tracks specific actions like purchases and sign-ups, and sends all of this data to Pinterest for ad targeting and audience building. Under GDPR, this is not "just analytics." It is advertising surveillance that requires explicit cookie consent and a detailed privacy policy disclosure. Treating the Pinterest Tag as a simple analytics tool creates significant compliance gaps.
"Affiliate links don't need disclosure"
Affiliate links on Pinterest set tracking cookies on every user who clicks them. These cookies can persist for 30 to 90 days and track browsing behaviour across the merchant's website. Beyond the FTC requirement to disclose affiliate relationships (which is a separate advertising disclosure issue), GDPR requires you to disclose that clicking your links results in third-party tracking cookies being placed on user devices. Your privacy policy must name the affiliate networks you participate in and explain the tracking involved.
"My Etsy shop policy covers Pinterest sales too"
If you sell on Etsy and use Pinterest to drive traffic to your Etsy shop, your Etsy privacy disclosures cover data collected within the Etsy platform. They do not cover the Pinterest Tag on your standalone website, customer lists you upload to Pinterest for ad targeting, or affiliate tracking from Pinterest pins that link to non-Etsy destinations. If you have both an Etsy shop and a standalone website promoted through Pinterest, you need a privacy policy that covers the Pinterest-specific data flows independently.
How to Create a Privacy Policy for Your Pinterest Business
Six steps from audit to publication.
Creating a privacy policy for your Pinterest business account is straightforward once you map out your data collection points. Follow these steps:
Audit every data collection point in your Pinterest ecosystem
List every tool and platform connected to your Pinterest business: Pinterest Tag, Conversions API, product catalog feeds, promoted pin campaigns, affiliate networks, your website analytics, email marketing platform, e-commerce platform, and any Pinterest API integrations. For each, note what personal data it collects from your audience.
Determine which privacy laws apply to your audience
Check your Pinterest Analytics for audience geography. If any followers are in the EU or UK, GDPR applies. Followers in California trigger CCPA and CalOPPA. Pinterest has a global user base, so most business accounts with meaningful traffic will have visitors from multiple jurisdictions. GDPR, CCPA, and CalOPPA apply at minimum for most accounts.
Map data types to purposes and lawful bases
For each type of personal data, document the purpose and GDPR lawful basis. Pinterest Tag tracking for ad optimization = legitimate interests (with cookie consent required). Customer list uploads for targeting = consent. Purchase data for order fulfillment = contract performance. Email marketing = consent. Map every data flow.
Name every third-party service and processor
GDPR requires naming specific services. Write 'Pinterest, Inc. (for advertising and conversion tracking)' not 'social media advertising partners.' Write 'Shopify Inc. (for order processing)' not 'e-commerce platform.' Name your affiliate networks, email provider, payment processor, and analytics tools.
Generate your privacy policy
Use a structured privacy policy generator that asks about your specific Pinterest business setup and produces a customized document. This covers Pinterest Tag tracking, promoted pins, shopping catalogs, affiliate links, and cookie consent in a single, coherent policy. Our generator handles this in under 60 seconds for $4.99.
Publish and link from every touchpoint
Host your privacy policy on a dedicated URL. Link to it from your Pinterest business profile website field, your claimed website footer, your e-commerce checkout pages, your email newsletter footer, and any landing pages you drive Pinterest traffic to. Set a reminder to review and update it every 6 months.
For guidance on GDPR-specific sections, see the GDPR privacy policy template. Learn about how other social platforms handle privacy in the Instagram privacy policy guide and the TikTok privacy policy guide.
Generate Your Pinterest Privacy Policy
Answer a few questions about your Pinterest business setup and get a customized, compliant privacy policy covering Pinterest Tag, promoted pins, shopping catalogs, and affiliate links in under 60 seconds.
Structured around widely accepted GDPR requirements. Not legal advice.
Frequently Asked Questions
Do Pinterest business accounts need a privacy policy?
Yes. If you use the Pinterest Tag, run promoted pins, upload shopping catalogs, access Pinterest API, use creator analytics, or include affiliate links in your pins, you are collecting or facilitating the collection of personal data. Privacy laws (GDPR, CCPA, CalOPPA) and Pinterest's own advertising guidelines require you to have a privacy policy.
Does Pinterest require a privacy policy for advertisers?
Yes. Pinterest's Advertising Guidelines require advertisers to comply with all applicable privacy laws and to provide users with clear notice about data collection. When you install the Pinterest Tag or upload customer lists for audience targeting, you must disclose these practices in a published privacy policy.
What data does the Pinterest Tag collect?
The Pinterest Tag tracks visitor actions on your website including page visits, product views, add-to-cart events, purchases, sign-ups, and searches. It collects IP addresses, browser data, device identifiers, and sets cookies. If Enhanced Match is enabled, it also sends hashed customer email addresses and names to Pinterest for improved conversion attribution.
Do I need a privacy policy for Pinterest Shopping?
Yes. Pinterest Shopping requires you to upload product catalogs that sync with your e-commerce platform. When users click through product pins to your website, you collect browsing data, purchase information, and customer details. Your privacy policy must disclose how you handle this commerce data and that Pinterest receives conversion signals.
Does Pinterest's privacy policy cover my business account?
No. Pinterest's privacy policy covers data that Pinterest collects through its platform. It does not cover data you collect through the Pinterest Tag on your website, customer lists you upload for targeting, email addresses collected from pin click-throughs, or data processed by your e-commerce platform. You need your own privacy policy to disclose your specific data handling practices.
Do Pinterest creators need a privacy policy?
Yes, if they use affiliate links, direct followers to external websites, collect email subscribers, access Pinterest Analytics for audience insights, or sell products through linked shops. Creators who monetize their Pinterest presence are engaged in commercial data collection that requires a privacy policy. A creator with 500 followers using affiliate links has the same obligations as one with 500,000.
Where should I link my Pinterest privacy policy?
Link to it from your Pinterest business profile website field, your claimed website footer, your e-commerce checkout pages, your email newsletter footer, and any landing pages you drive Pinterest traffic to. If you run promoted pins, ensure your privacy policy URL is accessible from your advertiser account. The policy should be hosted on a dedicated URL that you control, not as a pin or board description.
Related Resources
Privacy Policy for Instagram
Meta advertising and creator compliance
Privacy Policy for Facebook
Facebook Page and ads compliance
Privacy Policy for TikTok
TikTok business and creator guide
Privacy Policy for Etsy
Etsy seller compliance guide
E-Commerce Privacy Policy
Online store compliance guide
GDPR Privacy Policy Template
EU and UK compliance template
What Happens Without One
Fines, platform bans, and legal risks
Generate Your Privacy Policy
Customized policy in under 60 seconds