Privacy Policy

This Privacy Policy describes how VB Holdings ("we", "us", "our"), a UK-based sole trader operating at vb-holdings.uk, collects, uses, and handles information in connection with our Pinterest API applications:

• Mighty Little Minds — a Pinterest API application used to distribute pins for children's activity book products published via Amazon KDP
• Blunt Threads — a Pinterest API application used to distribute pins for print-on-demand apparel products sold via Amazon Merch on Demand

These applications are internal automation tools operated solely by VB Holdings. They are not public-facing services, do not offer sign-up or login functionality to end users, and do not collect, process, or store personal data belonging to Pinterest users or any third parties.

As our applications do not process personal data of third parties, VB Holdings acts solely as an internal operator of its own Pinterest business accounts and is not acting as a data processor on behalf of any other data controller.

Our Pinterest API applications operate in a strictly limited, outbound-only fashion. The table below describes the full scope of data interactions:

Data accessed via the Pinterest API is used exclusively for the following legitimate business purposes:

• Creating and scheduling pins on our own Pinterest business boards (Mighty Little Minds and Blunt Threads)
• Confirming successful publication of content we have created and own
• Reviewing aggregate analytics on our own pin performance to inform future content decisions

We do not use Pinterest API access to scrape user data, track individuals, build advertising profiles, or engage in any activity outside the scope of promoting our own products through official Pinterest features.

Our legal basis for any incidental processing of data accessible via the API is Legitimate Interests (Article 6(1)(f) UK GDPR) — specifically, the lawful operation of official business marketing channels using first-party content.

We do not sell, rent, trade, or share any data with third parties for commercial purposes. The only third-party services our applications interact with are:

Our system architecture is self-hosted on a private network and is not accessible from the public internet. All API communications occur over encrypted HTTPS/TLS connections. No external parties have access to our internal systems or logs.

As our applications do not collect personal data from end users, standard personal data retention obligations do not apply to our Pinterest integrations.

Internal operational logs (pin IDs, timestamps, API response codes) are retained for a maximum of 12 months for debugging and scheduling purposes, after which they are permanently deleted. These logs contain no personal data.

Pinterest OAuth credentials are stored in an AES-256 encrypted vault, accessible only to the operator, and are rotated at minimum annually or immediately upon any suspected compromise.

We implement appropriate technical and organisational measures to protect system integrity and any operational data we hold:

• AES-256 encryption for all stored credentials and sensitive configuration
• No public internet exposure — systems accessible via private encrypted network (Tailscale) only
• Master key authentication for all system access; held in memory only, never persisted to disk
• Rate-limited API calls operating within Pinterest's documented usage limits
• All API communications over encrypted HTTPS/TLS
• Credentials are never logged, printed, or transmitted in plain text under any circumstances

Our Pinterest API applications are server-side automation tools with no web interface accessible to end users. They do not use cookies, tracking pixels, browser fingerprinting, or any client-side tracking technology.

The vb-holdings.uk website does not use tracking cookies, analytics scripts, or any third-party tracking tools. No cookie consent banner is required as no non-essential cookies are set.

Mighty Little Minds produces content designed for children ages 4–7. However, our Pinterest application markets these products to parents, carers and educators — the purchasing audience on Pinterest. We do not knowingly collect, process, or market directly to children.

Our Pinterest API application does not interact with Pinterest users' profiles, ages, or personal data in any form. Pins we publish are publicly visible content in accordance with standard Pinterest platform operation.

We are cognisant of and fully supportive of the UK Children's Code (Age Appropriate Design Code) and apply the principle of data minimisation as a baseline across all our operations.

Under UK GDPR and the Data Protection Act 2018, individuals have rights regarding their personal data. As our Pinterest applications do not collect personal data from individuals, the practical scope of these rights in relation to our API applications is limited. However, we acknowledge and respect the following rights:

• Right of Access — You may request details of any personal data we hold about you
• Right to Erasure — You may request deletion of any personal data we hold
• Right to Rectification — You may request correction of inaccurate data
• Right to Object — You may object to any processing we undertake
• Right to Data Portability — You may request your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@vb-holdings.uk. We will respond within 30 days in accordance with UK GDPR obligations. For matters relating to your Pinterest data specifically, contact Pinterest directly at help.pinterest.com.

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

Our applications are built and operated in full compliance with Pinterest's Developer Terms of Service, API Terms, and Acceptable Use Policy. Specifically:

• We use the official Pinterest API only — no scraping, no unofficial access methods
• We operate within Pinterest's rate limits (10 requests/second, 200 pins/day per account)
• All pins are original content created and owned by VB Holdings or its sub-brands
• We do not use Pinterest API access to harvest, store, or analyse other users' data
• OAuth tokens are used solely to authenticate actions on our own business accounts
• We do not access user profile information beyond what is required to operate our own accounts

We may update this Privacy Policy to reflect changes in our operations, legal requirements, or Pinterest platform requirements. Material changes will be reflected in the "Last Updated" date at the top of this document.

The current version of this policy is always accessible at vb-holdings.uk/privacy-policy.html. As our applications have no registered user base, we are not obligated to notify users individually of updates.

For any privacy-related queries regarding VB Holdings, Mighty Little Minds, or Blunt Threads:

• Email: privacy@vb-holdings.uk
• Website: vb-holdings.uk
• Jurisdiction: England & Wales

This policy was last reviewed on 29 April 2026 and is accurate as of that date. For ICO-related enquiries: ico.org.uk.