Pointr – Privacy Policy
Last updated: 23 July 2025
1. Who We Are
Pointr AG ("Pointr", "we", "us") is the controller of your personal data under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection 2023 (FADP).
- Address: Pointr AG, Steinengraben 22, 4051 Basel, Switzerland
- Email (Data Protection Officer): privacy@pointr.org
2. Where Your Data Is Stored
Your data is processed only in Frankfurt am Main, Germany (EU) and the Zurich region, Switzerland. Germany is in the EEA; Switzerland enjoys an EU adequacy decision (Art. 45 GDPR). Back-ups are mirrored between the two sites; no routine transfers occur elsewhere.
3. What Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | name, email, phone, password hash | you |
| Listing Data | service description, pricing, profile photo | you |
| Usage Data | IP address, device IDs, interaction logs, crash reports | automatically |
| Payment Metadata (listers) | Stripe customer ID, payment status, fee amount | Stripe API |
| Optional Device Data | contacts, camera, photos, location | you (permission-based) |
We never receive or store full card numbers or CVCs. Payments are handled directly by Stripe Payments Europe Ltd.
4. Legal Bases for Processing (Art. 6 GDPR / Art. 31 FADP)
- Contract: Contract: provide marketplace, manage accounts, collect listing fees via Stripe.
- Legitimate interests: Legitimate interests: security, fraud prevention, analytics, marketing of similar Pointr services (opt-out any time).
- Consent: Consent: optional access to contacts, camera, photos, location (withdraw in device settings).
5. Retention Periods
- Account & listing history: 10 years after last activity.
- Payment metadata: 10 years (book-keeping laws).
- Usage logs: 12 months, then aggregated or deleted.
- Device content: deleted immediately when removed or permission withdrawn.
- Back-ups: overwritten on a 30-day rolling cycle.
6. International Transfers
If vendors outside the EEA/Switzerland are engaged, we rely on EU Standard Contractual Clauses with the Swiss addendum plus industry-standard technical safeguards. Copies are available on request.
7. Who Receives Your Data
- Stripe Payments Europe Ltd. (payment processor) – Ireland
- Hosting & cloud providers – Germany / Switzerland
- Analytics & crash-report tools – EU
- Pointr affiliates – EU / CH
- Public authorities when legally required
We do not sell personal data.
8. Your Rights
| Right | GDPR | FADP |
|---|---|---|
| Access | Art. 15 | Art. 25 |
| Rectification | Art. 16 | Art. 32 |
| Erasure | Art. 17 | Art. 32 |
| Restriction | Art. 18 | — |
| Portability | Art. 20 | Art. 28 |
| Object | Art. 21 | Art. 30 |
| Withdraw consent | Art. 7 (3) | Art. 6 (6) |
To exercise any right, email privacy@pointr.org. We reply within one month (GDPR) or 30 days (FADP).
9. Automated Decision-Making
No automated decisions with legal or similar effect are made.
10. Security
All data in transit is protected by industry-standard TLS encryption. Data at rest is encrypted using industry-standard encryption algorithms. We implement multi-factor authentication, role-based access controls, and conduct regular security assessments. No system is 100% secure.
11. Children
The service targets users 16 +. If we learn we hold data of a younger child, we delete it promptly.
12. Changes
Material changes are announced by email 30 days before they take effect and published here.
13. Contact
- Pointr AG, Steinengraben 22, 4051 Basel, Switzerland
- Email (DPO): privacy@pointr.org
- EU representative (Art. 27 GDPR): Pointr GmbH, c/o PrivacyRep, Hanauer Landstr. 204, 60314 Frankfurt am Main, Germany
You may also contact your local EU data-protection authority or the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland.
© 2025 Pointr AG. All rights reserved.