Point Pilot (“we,” “our,” or “the app”) is published by Pointfolio. This policy explains how we collect, use, store, and share information when you use our mobile apps (iOS and Android), web app, and related services at pointfolio.co.
1. Scope
This policy applies to the Point Pilot application and our websites. By using the app, you agree to this policy. If you do not agree, please do not use the service.
2. Information we collect
- Account information: Email address, display name, and profile details you choose to provide (such as location, bio, and forum username).
- Rewards data you enter: Points balances, loyalty programme selections, transfers, redemptions, activity logs, and trip goals. This data is entered manually by you. We do not connect to your bank, card issuer, or loyalty programme accounts directly.
- Subscription and billing: Subscription status and billing identifiers. Payment card data is handled by Stripe or your app store (Apple/Google); we do not store your full card number or payment credentials.
- Community content: Posts, comments, and other content you submit to the Point Pilot community forum.
- Device and diagnostics: We collect limited technical data (such as app version, crash reports, and device type) through Firebase Crashlytics and Firebase Analytics to operate and improve the app. This data is used to fix bugs and understand general usage patterns; it is not used for targeted advertising.
- Cookies and similar technologies: Our website may use cookies or equivalent technologies for basic functionality and analytics. You can control cookies through your browser settings.
3. How we use your information
We use your information to:
- Provide, maintain, and improve the Service.
- Sync your data securely across your devices when you are signed in.
- Process and manage Premium subscriptions.
- Respond to your support requests and communications.
- Detect, investigate, and prevent fraud, abuse, or security incidents.
- Automatically scan community forum images and links for harmful, illegal, or deceptive content using Google Cloud Vision SafeSearch and Google Safe Browsing (see Section 4). This processing is necessary to fulfil our legal obligations and to protect users from harm.
- Send important notices about your account or the Service (e.g. billing, security alerts).
- Comply with legal obligations, including mandatory reporting of child sexual abuse material (CSAM) to the relevant authorities.
We do not use your personal data for targeted advertising, and we do not sell your data to third parties.
4. Third-party services
We rely on the following service providers that process data on our behalf:
- Google Firebase: authentication, database (Firestore), cloud functions, crash reporting (Crashlytics), and app analytics.
- Google Cloud Vision API: automated SafeSearch scanning of images uploaded to the community forum. Images are sent to Google's servers for analysis and are not stored by Google beyond the API call. See Google Cloud Vision data usage.
- Google Safe Browsing API: automated checking of links posted in the community forum against Google's database of known phishing, malware, and social engineering URLs. URLs are sent to Google for lookup. See Google Safe Browsing advisory.
- Stripe: payment processing for web subscriptions.
- Apple App Store / Google Play: payment processing and subscription management for mobile subscriptions.
These providers are contractually required to protect your data and use it only to provide their services to us. Your data may be processed on servers located outside your country, including in the United States.
5. Data retention and deletion
We retain your information for as long as your account is active or as needed to provide the service. When you delete your account through the app's Settings screen, we initiate deletion of your portfolio, activity logs, and profile data. Some residual data (such as anonymised analytics or legally required records) may be retained for a limited period as required by law.
You may also request deletion by contacting us at info@pointfolio.co. We will respond within 30 days.
6. Sharing your information
We do not sell your personal data. We may share information in the following limited circumstances:
- With service providers listed in Section 4, to the extent necessary to provide the Service.
- If required by law, regulation, or valid legal process.
- To protect the rights, property, or safety of Pointfolio, our users, or the public.
- In connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case we will notify you.
7. Your rights (all users)
Regardless of where you live, you can:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data via your profile settings.
- Delete your account and associated data through the app or by emailing us.
- Export your data in CSV format using the Export feature in Settings.
- Withdraw consent at any time for processing based on consent (e.g. optional analytics). Note that some processing is necessary to provide the Service.
To exercise any of these rights, contact us at info@pointfolio.co.
8. Brazilian users (LGPD)
If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you additional rights. You have the right to:
- Confirm whether we process your personal data.
- Access your personal data.
- Correct incomplete, inaccurate, or outdated data.
- Request anonymisation, blocking, or deletion of unnecessary or non-compliant data.
- Request portability of your data to another service provider.
- Be informed of third parties with whom we share your data.
- Revoke consent at any time.
- Lodge a complaint with Brazil's national data protection authority (ANPD).
To exercise your LGPD rights, contact us at info@pointfolio.co.
9. European users (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent laws, including the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and to object to processing. You also have the right to lodge a complaint with your local supervisory authority. Contact us at info@pointfolio.co to make a request.
Our legal basis for processing is: contract (to provide the Service you signed up for), legitimate interests (security, fraud prevention, improving the app), and consent (optional analytics).
10. Children
Point Pilot is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Security
We use industry-standard measures to protect your data, including Firebase's built-in security, encrypted data transmission (HTTPS/TLS), and Firestore security rules that restrict access to your own data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Disclaimer
Point Pilot is a planning and valuation tool. It does not guarantee award availability, routing rules, or partner programme terms. Airlines and loyalty programmes control their own rules; estimates shown in the app are for informational purposes only and do not constitute financial or travel advice.
13. Changes to this policy
We may update this policy from time to time. We will post the new version on this page and update the “Last updated” date. For significant changes, we will notify you via the app or by email. Continued use of the app after the changes take effect means you accept the revised policy.
14. Contact
For privacy questions, requests, or concerns:
info@pointfolio.co