Pointer uses an array of industry-leading technologies and services to protect your data against unauthorized access, disclosure, use, and loss.

All Pointer administrators undergo background checks and are routinely trained on security practices both during company onboarding and on a quarterly basis.

Security at Pointer is directed and maintained by our founders.

Infrastructure and Network Security

Physical Access Control

Our platform is hosted exclusively on Google Cloud Platform, which maintains both ISO 27001 certificates and SOC 2/3 reports. Their datacenters include:

• Vehicle access barriers

• Perimeter fencing

• Biometric access control

• 24/7 security monitoring

• Advanced electronic access control systems

Pointer employees do not have physical access to any data centers, servers, networking equipment, or storage media.

Logical Access Control

We maintain strict controls over infrastructure access:

• Limited administrator access to authorized employees

• Two-factor authentication requirement

• Detailed audit logging

• Private network administration

• Regular certificate rotation

Authentication Security

Our authentication system provides enterprise-grade security through multiple mechanisms:

• OAuth2 integration with Google and GitHub

• Session-based authentication with automatic token rotation

• Comprehensive token refresh and expiry management

• Scope-based authorization controls

• Active session validation and monitoring

IP Security

We maintain robust location-based security through continuous monitoring and verification. Our system includes:

• Location tracking and verification for all access attempts

• Known IP address monitoring and validation

• Automatic notifications for new location access

• Account locking after multiple suspicious attempts

• Comprehensive location-based risk assessment

• Real-time email alerts for security events

Data Flow

Data Arriving from Customers

We maintain strict security standards for incoming data:

• HTTPS encryption using TLS 1.2 or above

• Rejection of connections using TLS below 1.2

• Zero-trust network with full traffic encryption

• Regular SSL configuration testing via SSL Labs

• Rule and anomaly-based request monitoring

Data Leaving the System

Customers can access their data through multiple secure channels:

• Web Application (app.pointer.so)

• Mobile Applications (iOS and Android)

• REST API (api.pointer.so)

All data access methods ensure TLS 1.2+ encryption in transit.

Application Security

Authentication Methods

We support multiple secure authentication options:

Sign In with Google

• Google/GSuite account integration

• Annual Google Security Assessment

• Third-party security audit

Sign In with GitHub

• GitHub OAuth integration

• Enterprise-grade security standards

• Secure token handling and validation

REST API Authentication

• Brute force resistant API keys with rate limiting

• Self-service token management

• Secure key storage and transmission

• Session-based request validation with automatic rotation

• Origin validation and environment-specific controls

Business Continuity

High Availability

Our platform operates on redundant servers with regular maintenance rotation.

Backup Systems

We maintain comprehensive backup procedures:

• Daily and weekly backups

• Multiple geographic locations

• Encrypted storage

• Regular integrity verification

• Routine restoration testing

Disaster Recovery

We maintain ready-to-deploy recovery procedures:

• Multi-region deployment

• Documented recovery processes

• Regular testing

• Incident response protocols

Monitoring

We provide comprehensive security monitoring:

• Real-time event logging

• Suspicious activity alerts

• Activity tracking

• Security audit trails

• User notifications

For security concerns or vulnerability reports, contact team@pointer.so.