This Privacy Policy describes how Pointer ("we", "us", or "our") collects, uses, and protects information when you use our services. We differentiate between our customers (you) and your end-users to ensure clear understanding of our data practices.

1. Information Collection and Use

1.1. When you register for the Service, we may ask for your contact information, including items such as name, email address and company/organization. As you navigate the Service, we may collect information such as your IP address in order to facilitate ease of login for our users. However, we do not use such information for any other purpose, or engage in the selling of such information to third parties; we only use your data to facilitate user experience. You implicitly also grant us access to derivative data arising from logging your internet address. We may also collect information through the use of commonly-used technologies, such as cookies, server logs, web beacons, encrypted refresh tokens, and encrypted access tokens. We may also (upon your use of the Service) collect the content of your application data to provide you with Pointer's features and functions. We may use this technology to:

(i) evaluate how users utilize the Service;

(ii) monitor aggregate metrics such as user traffic patterns;

(iii) diagnose and deal with technical issues;

(iv) you hereby expressly consent to the use of these technologies by Pointer and our third party service providers;

(v) generate and improve user assistance features based on your inputs.

1.2. We may also receive information about you from the content you upload through our SDK and APIs, thus you, the user, are responsible for giving us access to the information arising from your implementation. Additionally, we may receive information about you from third parties who support our marketing activities or who provide us with technical or payment services.

1.3. While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

(a) Information from Authentication Providers:

• Email address (obtained through Google or GitHub authentication)

• Name (obtained through Google or GitHub authentication)

• Profile picture (if available through authentication provider)

• Any other public profile information provided by these services

(b) Cookies & Usage Data:

• Authentication tokens

• Session information

• User preferences

(c) Service Configuration:

• SDK implementation details

• API configurations

• Integration settings

(d) Optional Information:

• Company/Organization name

• Company/Organization purpose

1.4. In addition to data collection on our end, we may process end-user data as part of your use of the Services. All end-user data is processed locally in the browser and we do not store any personally identifiable information about your end-users. Data may be collected through two channels: first, through our SDK as installed in your application, or second, through our APIs, if and only if, functionality requiring the use of the aforementioned APIs is invoked. Data processed through these channels is never shared with third parties as described in sections 2.3, 2.4, 3.1 & 3.2. We process only:

(a) UI state and preferences (stored locally in the browser);

(b) User interaction patterns (processed locally, only aggregated analytics stored);

(c) Feature usage metrics (anonymous and aggregated);

(d) Error rates and performance data (for system optimization);

(e) Support conversation context (processed in-memory only).

1**.5.** All data collected shall only be used for productive purposes which include:

(a) Proper Rendering of Services;

(b) Continued Development;

(c) User Feedback & Analytics;

1.6. We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link.

2. Third-Party Integrations and Data Processing

2.1. In order to provide Pointer's services, we interface with the following third-party platforms:

(a) AI Processing:

• OpenAI

• Anthropic

These services help power our AI-driven user assistance features.

(b) Authentication:

• Google

• GitHub

We use these providers to securely authenticate users.

(c) Analytics:

• Google Analytics

• PostHog

These services help us understand service usage and improve our platform.

(d) Infrastructure:

• npm (package distribution)

• Stripe (payment processing)

• Loops (email communications)

• Tally (form management)

Each of these services is subject to their own privacy policies and terms of service.

2.2. In such cases of integration, any terms of service, privacy or cookie policies that have been set up on the part of third-party platforms shall also come into effect in addition to Pointer's terms of service, privacy & cookie policies.

2.3. Under no circumstances shall third-party platforms providing integrations, as described in section 2.1, have access to your end-user data, as we do not collect or store such data in the first place. All end-user interactions are processed locally in the browser, and only anonymous, aggregated analytics are stored.

2.4. Only data generated by your use of Pointer may be disclosed to the aforementioned third-party integrations and is only used for either providing functionality on Pointer as described in section 2.1, or for improving the user experience.

3. Information Sharing and Disclosure

3.1. Under no circumstances shall we rent, sell or share any information about you to data brokers, advertising agencies, credit & lending agencies, databases, information resellers and AI models.

3.2. We shall only disclose information about you in cases where disclosure is required by law. Cases of obligatory disclosure include:

(a) To comply with laws or legal process or respond to lawful requests, including from law enforcement and government agencies;

(b) If disclosure is necessary to limit legal liability; protect or defend our rights, property, or interests; or protect the rights, interests, and safety of Pointer and its users;

(c) In connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of a bankruptcy; disclosure of user information shall only be limited to law enforcement, government, or financial regulatory entities, as may be required by law.

(d) To enforce compliance with our agreements or policies, with your consent, and as may be otherwise set forth in this Privacy Policy.

4. Your Choices About Collection and Use of Your Information

4.1. You can choose not to provide us with certain information. However, choosing not to provide certain required information may result in you being unable to use certain features of the Service because such information may be required in order for you to register as a member.

4.2. We may send periodic promotional or informational emails to you. You may opt-out of such marketing emails by following the opt-out instructions contained in the email. Please note that opt-out requests may take some time to be effective.

4.3. Your selection on receiving marketing emails will not preclude Pointer from corresponding with you regarding your user account or your transactions with us.

4.4. If you request us to delete all data we have collected on you, we shall delete your data in accordance with all local regulations and laws that may be in effect; we will also provide you with confirmation of such in a timely manner. However, please note that such a request will also result in the termination of your use of Pointer’s Services, since your use of Pointer’s Services necessitates the collection of user data as needed to ensure optimal operation.

5. Data Security and Your Risks

5.1. We have implemented commercially reasonable technical and organizational measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, or disclosure to the best of our ability with your best interests in mind. However, we cannot guarantee that unauthorized third parties will never be able to overcome those measures or use your personal information for improper purposes. You hereby acknowledge and assume these risks by using the Service.

5.2. Refresh and Access Tokens (OAuth) are encrypted in our database in order to facilitate registration and logging in capabilities.

6. Managing Cookies In Your Browser

6.1. Most browsers allow you to manage how cookies are set and used as you’re browsing, and to clear cookies and browsing data. Also, your browser may have settings letting you manage cookies on a site-by-site basis. For example, deleting existing cookies, allowing or blocking all cookies, and setting cookie preferences for websites. Most browsers offer some form of Incognito mode, which deletes your browsing history and clears cookies from the Incognito windows on your device after you close all of your Incognito windows.

7. CALIFORNIA USERS AND RESIDENTS

7.1. In accordance with the California Privacy Rights Act (“CPRA”), Pointer’s privacy policy notifies you about the data we collect on you as a user, our procedures regarding the sharing of that information, our information security procedures, and your rights pertaining to that data. If any disputes are not satisfactorily satisfied with us, you may contact the California Privacy Protection Agency at 2101 Arena Blvd, Sacramento, CA 95834, or by telephone at (279) 895-1412.

8. Privacy Policy Changes

8.1. Although most changes are likely to be minor, Pointer may change its Privacy Policy from time to time, and we shall provide a new “last updated” date. Pointer encourages you to frequently check this page for any changes. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such changes.