Privacy Policy

Pointfolio

Last updated: May 2026

Pointfolio (“we,” “our,” or “the app”) is operated by Pointfolio.co. This policy explains how we collect, use, store, and share information when you use our mobile apps (iOS and Android), web app, and related services at pointfolio.co.

1. Scope

This policy applies to the Pointfolio application and our websites. By using the app, you agree to this policy. If you do not agree, please do not use the service.

2. Information we collect

Account information: Email address, display name, and profile details you choose to provide (such as country of residence, profile image, and forum username).
Rewards data you enter: Points balances, loyalty programme selections, transfers, redemptions, activity logs, and trip goals. This data is entered manually by you. We do not connect to your bank, card issuer, or loyalty programme accounts directly.
Subscription and billing: Subscription status and billing identifiers. Payment card data is handled by Stripe or your app store (Apple/Google); we do not store your full card number or payment credentials.
Community content: Posts, comments, images, and other content you submit to the Pointfolio community forum. Images are stored on Google Firebase Storage.
Crash and diagnostic data: We collect crash reports, app version, device type, and OS version through Firebase Crashlytics (Google) to diagnose bugs and improve stability. This data is not used for advertising.
Advertising identifiers (mobile only): The app displays ads served by Google AdMob. On iOS, we request your permission via Apple’s App Tracking Transparency (ATT) prompt before any advertising identifier (IDFA) is accessed. If you decline, AdMob serves contextual ads only and does not use your advertising identifier. On Android, you can opt out of personalised ads at any time in your Google account settings. See Section 4 for details.
Cookies and similar technologies: Our website may use cookies or equivalent technologies for basic functionality. You can control cookies through your browser settings.

3. How we use your information

We use your information to:

Provide, maintain, and improve the Service.
Sync your data securely across your devices when you are signed in.
Process and manage Premium subscriptions.
Respond to your support requests and communications.
Detect, investigate, and prevent fraud, abuse, or security incidents.
Automatically scan community forum images and links for harmful, illegal, or deceptive content using Google Cloud Vision SafeSearch and Google Safe Browsing. This processing is necessary to fulfil our legal obligations and to protect users from harm.
Serve advertisements through Google AdMob (with your consent on iOS; with opt-out rights on Android).
Send important notices about your account or the Service (e.g. billing, security alerts). We do not send marketing emails.
Comply with legal obligations, including mandatory reporting of child sexual abuse material (CSAM) to the relevant authorities.

We do not sell your personal data to third parties. We share advertising identifiers with Google AdMob solely to serve ads within the app. Under some privacy laws (including CCPA), sharing data with advertising networks may be considered a “sale” or “sharing” of personal information — see Section 10 for California residents’ opt-out rights.

4. Third-party services

We rely on the following service providers that process data on our behalf:

Google Firebase (Crashlytics, Firestore, Auth, Storage, App Check, Cloud Functions): authentication, database, file storage, crash reporting, security, and serverless compute. Data is processed by Google LLC on servers primarily in the United States. Firebase Privacy
Google AdMob: in-app advertising. AdMob may collect your device’s advertising identifier (IDFA on iOS, GAID on Android), IP address, and interaction data to serve and measure ads. On iOS 14.5+, this requires your explicit consent via the ATT prompt. On Android, you can opt out via Google’s ad personalisation settings. AdMob data is processed under Google’s privacy policy. Google Privacy Policy
Google Cloud Vision API: automated SafeSearch scanning of images uploaded to the community forum. Images are transmitted to Google for analysis and are not retained by Google beyond the API call. Data usage
Google Safe Browsing API: automated checking of links posted in the community forum against Google’s database of known malicious URLs. Advisory
Stripe: payment processing for web subscriptions. Card data is handled directly by Stripe and never passes through our servers. Stripe Privacy
Apple App Store / Google Play Store: payment processing and subscription management for mobile subscriptions. Governed by Apple’s and Google’s respective privacy policies.
Anthropic Claude API: the in-app AI support assistant uses Anthropic’s Claude API to respond to support queries. Messages sent to the assistant are transmitted to Anthropic’s servers for processing. We do not send personally identifiable information to Anthropic beyond the content of your message. Anthropic Privacy

These providers are contractually required to protect your data and use it only to provide their services to us. Your data may be processed on servers located outside your country, including in the United States.

5. User-generated content and DMCA

The Pointfolio community forum allows users to post text and images. You are solely responsible for content you submit. By posting content, you confirm you have the necessary rights to do so.

We respect intellectual property rights. If you believe content on our platform infringes your copyright, you may submit a takedown notice to our designated DMCA agent:

DMCA Agent: Jonathan Daunt

Email: info@pointfolio.co

Your notice must include: (1) identification of the copyrighted work; (2) identification of the infringing material and its location; (3) your contact information; (4) a statement of good faith belief that the use is not authorised; (5) a statement of accuracy under penalty of perjury; and (6) your physical or electronic signature.

We will respond to valid DMCA notices promptly and remove infringing content. Repeat infringers will have their accounts terminated.

6. Data retention and deletion

We retain your information for as long as your account is active or as needed to provide the service. When you delete your account through the app’s Settings screen, we initiate deletion of your portfolio, activity logs, and profile data. Some residual data (such as anonymised crash reports or legally required records) may be retained for a limited period as required by law.

You may also request deletion by contacting us at info@pointfolio.co. We will respond within 30 days.

7. Sharing your information

We do not sell your personal data. We may share information in the following limited circumstances:

With service providers listed in Section 4, to the extent necessary to provide the Service.
With advertising partners (Google AdMob) as described in Section 2 and Section 4, subject to your consent or opt-out rights.
If required by law, regulation, or valid legal process.
To protect the rights, property, or safety of Pointfolio, our users, or the public.
In connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case we will notify you.

8. Your rights (all users)

Regardless of where you live, you can:

Access the personal data we hold about you.
Correct inaccurate or incomplete data via your profile settings.
Delete your account and associated data through the app or by emailing us.
Export your data in CSV format using the Export feature in Settings.
Opt out of ad personalisation on iOS via the ATT prompt or iOS Settings → Privacy & Security → Tracking. On Android via Google Settings → Ads.
Withdraw consent at any time for processing based on consent. Note that some processing is necessary to provide the Service.

To exercise any of these rights, contact us at info@pointfolio.co.

9. Brazilian users (LGPD)

If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you additional rights. You have the right to:

Confirm whether we process your personal data.
Access your personal data.
Correct incomplete, inaccurate, or outdated data.
Request anonymisation, blocking, or deletion of unnecessary or non-compliant data.
Request portability of your data to another service provider.
Be informed of third parties with whom we share your data.
Revoke consent at any time.
Lodge a complaint with Brazil’s national data protection authority (ANPD).

To exercise your LGPD rights, contact us at info@pointfolio.co.

10. California users (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.

Categories of personal information we collect: identifiers (email, device ID); commercial information (subscription status); internet or electronic network activity (crash logs, ad interactions); and inferences drawn from this information.

Sharing for cross-context behavioural advertising: We share advertising identifiers with Google AdMob for personalised advertising, which may constitute “sharing” of personal information under CCPA. California residents have the right to opt out of this sharing.

Your California rights:

Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: request deletion of personal information we hold about you.
Right to Correct: request correction of inaccurate personal information.
Right to Opt Out of Sharing: opt out of the sharing of your personal information for cross-context behavioural advertising. On iOS, use the ATT prompt or iOS Settings. On Android, use Google’s ad settings.
Right to Non-Discrimination: we will not discriminate against you for exercising these rights.

To exercise your California rights, email us at info@pointfolio.co with “California Privacy Request” in the subject line. We will respond within 45 days.

11. European users (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent laws, including the right to access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and to object to processing. You also have the right to lodge a complaint with your local supervisory authority. Contact us at info@pointfolio.co to make a request.

Our legal bases for processing are: contract (to provide the Service you signed up for); legitimate interests (security, fraud prevention, improving the app); and consent (advertising identifiers via ATT / ad personalisation settings).

12. Children

Pointfolio is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Security

We use industry-standard measures to protect your data, including Firebase’s built-in security, encrypted data transmission (HTTPS/TLS), Firebase App Check to prevent unauthorised API access, and Firestore security rules that restrict access to your own data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

14. Disclaimer

Pointfolio is a planning and valuation tool. It does not guarantee award availability, routing rules, or partner programme terms. Airlines and loyalty programmes control their own rules; estimates shown in the app are for informational purposes only and do not constitute financial or travel advice.

15. Changes to this policy

We may update this policy from time to time. We will post the new version on this page and update the “Last updated” date. For significant changes, we will notify you via the app or by email. Continued use of the app after the changes take effect means you accept the revised policy.

16. Contact

For privacy questions, requests, or concerns:

info@pointfolio.co

← Back