Legal

Privacy policy

Last updated 5 July 2026Pointing is free forever and needs no account to plan. We collect as little as possible, and this page lays out exactly what that means: what we hold, which cookies we set, how long we keep things, your rights, and who processes your data.

What we collect

Only what a room needs to run — nothing sold, nothing extra.
  • Anonymous session IDA signed anon_id cookie holding an opaque random ID — HttpOnly, Secure, SameSite=Lax, and HMAC-signed. It carries no email, name, or IP, and is set on your first room so you can rejoin without an account.
  • Ephemeral room stateWhile a room is live we hold its state in memory (Upstash Redis): the join code, mode, chosen deck, and each participant's display name and role. Hidden votes are stored server-side only and deleted the moment a round is revealed. Anonymous rooms write nothing to our database.
  • Optional account dataOnly if you choose to create an account: Clerk handles sign-in and we store your name, email, and avatar (from your sign-in provider) in our database. No account is ever required to plan.
  • Donation recordsIf you donate, Stripe processes the payment. We keep a donation record — including the donor email Stripe returns — for receipts and accounting.
  • Abuse-prevention signalsTo rate-limit creating, joining, and voting we count requests against your IP in a short-lived counter. That IP is never written to our database and never logged in clear text — the counter expires within the rate-limit window.

Cookies

Essential (always on, exempt from consent)

The anon_id session cookie and, if you sign in, the Clerk session cookie. Both are needed to run a room and carry no marketing use.

Analytics & attribution (only with your consent)

First-party product analytics and future donation-attribution cookies run only after you accept them in the cookie banner. Change your choice at any time:

How long we keep it

Anonymous data self-destructs; you control everything else.
  • Anonymous roomsAnonymous rooms and their anon_id cookie expire 7 days after creation. After that the room state is deleted and is unrecoverable.
  • Hidden votesDeleted the instant a round is revealed — never persisted.
  • Rate-limit countersThe per-IP abuse counter expires within the rate-limit window (seconds).
  • Registered account dataKept until you delete it. Team and organisation retention windows are configurable for workspaces (on the roadmap).
  • DonationsRetained as financial records for accounting and tax obligations, and anonymised when you delete your account.

Your rights

Access, export, correction, and erasure — exercised from your account settings, no request form required.
  • Access & export
    Download everything tied to your account — sessions you own, your participation and votes, donations, and memberships — as one JSON file.Export your data in Settings
  • Erasure
    Permanently delete your account and personal data. This removes your Clerk sign-in and anonymises your Stripe donor record.Delete your account in Settings
  • RectificationYour profile name and photo come from your sign-in provider — update them there and they refresh across Pointing.
  • Cookie choicesAccept or reject non-essential cookies at any time. Essential cookies always stay on so a room keeps working.
  • Using Pointing anonymouslyThere's nothing to export or erase — anonymous data isn't tied to you and auto-expires within 7 days.

Who processes your data

The third parties Pointing relies on, and what each one touches.
  • ClerkAuthentication for registered users. Name, email, and avatar from your chosen sign-in provider.
  • NeonOur Postgres database. Registered accounts, saved sessions, and donation records.
  • UpstashIn-memory store (Redis). Ephemeral anonymous room state and short-lived rate-limit counters.
  • StripeDonation payments. Donor email and payment details for one-time and recurring donations.
  • VercelApplication hosting and delivery. Serves the app and keeps standard operational request logs.

Contact

Questions about your privacy, or want to make a data request? Email us at privacy@pointing.dev.