Privacy Policy

Who we are

PitMinder (pitminder.com) is a service that monitors and graphs data from Ninja Woodfire grills and smokers, operated by Resilient Software Ltd, a company incorporated in the United Kingdom (registered office: 71–75 Shelton Street, London WC2H 9JQ). Resilient Software Ltd is the data controller for the personal data described below. PitMinder is not affiliated with, endorsed by, or connected to SharkNinja or Ayla Networks in any way. Questions about this policy: hello@pitminder.com.

What we collect

• Account data. Your email address, a display name, and a password. Passwords are stored only as salted hashes — we never see or store them in plain text.
• Your Ninja account credentials. To read data from your grill, PitMinder signs in to your SharkNinja account on your behalf. This means we store the email and password of your Ninja account, plus the resulting OAuth and Ayla API tokens, in our database. This is the most sensitive thing we hold, and you should only connect an account you are comfortable delegating this way. You can delete the stored credentials at any time from the Ninja Connection page, or by deleting your PitMinder account.
• Device data. Identifiers and state reported by your grill via the Ayla cloud: serial numbers (DSN), model, MAC address, local IP, connection status, firmware versions, temperatures (grill, chamber, probes), cook mode and timers, and similar telemetry.
• Device history. We keep a time-series record of state changes (the data behind the temperature graphs). History is retained until you delete the device or your account.
• Preferences. Settings such as your temperature unit (°C/°F).

What we don't collect

No analytics trackers, no advertising identifiers, no sale or sharing of personal data for marketing — to anyone, ever. The only cookies used are strictly necessary session cookies that keep you signed in.

How data is used

Exclusively to provide the service: authenticating you, fetching your devices' state from the SharkNinja/Ayla cloud, storing and graphing telemetry, syncing it to your browser in real time, and sending transactional email (such as login-related messages). We use your data for nothing else.

Where data lives (subprocessors)

• Neon — primary database (hosted on AWS, London, UK)
• Vercel — application hosting and serverless functions
• Railway — real-time sync server (holds a read replica of application data)
• Resend — transactional email delivery
• SharkNinja / Ayla Networks — your grill's own cloud, which we access on your behalf (EU endpoints)

Security

All traffic is encrypted in transit (TLS). Passwords are hashed. Databases are encrypted at rest by our hosting providers. Stored Ninja credentials are accessible only to the sync process acting on your behalf. No system is perfectly secure, and you connect third-party credentials at your own risk.

Your rights and deletion

You can delete your account at any time from the Account page — this permanently removes your account, stored Ninja credentials and tokens, devices, and all telemetry history. If you are in the UK/EU, you also have GDPR rights to access, rectify, port, or erase your data and to complain to a supervisory authority (in the UK, the ICO). Email us to exercise any right we haven't built a button for yet.

Changes

If this policy changes materially, the effective date above will change and significant changes will be flagged on this page.