Privacy Policy

Effective April 23, 2026. This Policy explains what information we collect when you use Pointegrity software products (including Pouch), what we do with it, and what choices you have. We wrote it to be readable; if anything is unclear, email us at hello@pointegrity.com.

The short version

• We collect the minimum information needed to run the service and bill you — not more.
• We never read your drops (the content you put into Pouch) for any purpose other than operating the service on your behalf.
• We never sell your data. We don't run ads. We don't feed anything into third-party analytics or tracking.
• You can export or delete your data at any time.

What we collect

Account information

When you create an account, we store your email address and a salted hash of your password (never the password itself). If you sign up via the waitlist before trials open, we store the email address and any optional note you provide, nothing else.

Content you put into the service

Your "drops" — text, links, files, whatever you capture through Pouch — are stored so you can retrieve them. The body of each drop is treated as opaque by our systems; we do not parse, index beyond your explicit search requests, or analyze it. When Vault mode ships, vault drops will be end-to-end encrypted on your device before upload, and we will literally be unable to read them.

Operational logs

Our servers keep short-lived access logs for abuse detection, security, and debugging. These include: a truncated hash of the requesting IP address, request path, status code, and timestamp. They do not include drop bodies or any content-identifying fields. Logs are retained for thirty (30) days and then deleted.

Billing information

All payments are processed by Lemon Squeezy, our Merchant of Record. Lemon Squeezy handles your credit card or bank details; we never see them. We receive from Lemon Squeezy: your subscription status, billing country (for tax), and a customer ID we use to look you up when you ask us to update your account.

How we use what we collect

• To operate the service you signed up for
• To bill you and handle refunds
• To send you essential product notifications (account changes, billing issues, security alerts, service outages)
• To detect and prevent abuse of the service
• To comply with law when we're required to

We will only send you marketing or product-update emails if you opt in. You can opt out of any non-essential email at any time.

Third parties we work with

We keep the list short on purpose. Right now, it is:

• Lemon Squeezy — payment processing (Merchant of Record). Privacy policy at lemonsqueezy.com/privacy.
• ForwardEmail — receives email sent to @pointegrity.com addresses and forwards it to our inbox. They don't retain the messages. Privacy policy at forwardemail.net/privacy.
• GitHub Pages — hosts our marketing website (www.pointegrity.com). GitHub receives server access logs (standard web traffic). The Pouch service itself runs on our own infrastructure, not on GitHub.
• Let's Encrypt — issues the TLS certificate for our web domains, automatically.

We do not use Google Analytics, Meta Pixel, Mixpanel, Segment, or any similar third-party analytics or advertising tracker.

Where your data lives

The Pouch service runs on servers we control, located in East Asia. Backups are encrypted at rest and stored in the same region. If we ever add additional regions or move hosting, we will update this Policy before the change takes effect.

How long we keep things

• Active account data: retained as long as your account is active.
• After account deletion or trial lapse: a thirty (30) day grace period during which you can export or reactivate, then permanent deletion from our live systems.
• Backups: permanently deleted within thirty (30) days after they age out of the backup rotation.
• Operational logs: thirty (30) days.
• Waitlist emails: retained until trials open or you request removal, whichever is sooner.

Your rights

Regardless of where you live, you can:

• Access and export all of your data at any time, in a portable format.
• Delete your account and everything in it.
• Correct inaccurate information.
• Opt out of any non-essential communications.
• Ask us questions about how your data is handled.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with specific data-protection rights (GDPR, UK GDPR, CCPA, PIPL, and similar), you have additional rights including the right to object to processing, restrict processing, and lodge a complaint with your local data protection authority. Email privacy@pointegrity.com to exercise any of these; we will respond within thirty (30) days.

Security

All traffic between you and our service is encrypted in transit (HTTPS/TLS). Passwords are stored as salted hashes using a modern algorithm. Access to production systems is limited to people who need it and is logged. No system is perfectly secure; we do our honest best and will notify affected users promptly if we ever detect a breach that compromises their data.

If you believe you have found a security vulnerability, please email security@pointegrity.com rather than disclosing it publicly. We will acknowledge your report within three (3) business days and work with you on a coordinated disclosure.

Children

Pointegrity services are not directed at children under sixteen (16). We do not knowingly collect personal information from anyone under 16. If you believe a child has given us information, email us and we will delete it.

Changes to this Policy

If we make material changes to this Policy, we will give notice (via email or in the product) at least fourteen (14) days before the changes take effect. The date at the top of this page always reflects the current version.

Contact

For privacy questions and data requests, email privacy@pointegrity.com. For security disclosures, email security@pointegrity.com. For anything else, email hello@pointegrity.com. We answer every email.

Last updated: April 23, 2026.