Privacy Policy

Effective Date: October 17, 2025
Last Updated: October 17, 2025

1. Introduction

Welcome to PointLocker ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loyalty points management platform at pointlocker.com (the "Service").

By using PointLocker, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (encrypted and securely stored)
  • Profile information you choose to provide

2.2 Loyalty Program Information

To provide our services, we collect:

  • Loyalty program names and membership numbers
  • Points balances and transaction history
  • Program credentials (when you choose automatic synchronization)
  • Expiration dates and program status

2.3 Email Data (Optional)

If you choose to connect your email accounts (Gmail, Outlook, or Yahoo), we access your emails solely to:

  • Automatically detect loyalty program memberships
  • Extract points balance information from program emails
  • Identify expiring points and important updates

Important: We only scan emails related to loyalty programs. We do not read, store, or analyze personal correspondence, and we never share your email content with third parties.

2.4 Usage Information

  • Device information (browser type, operating system)
  • IP address and location data
  • Pages visited and features used
  • Time and date of visits

2.5 Transaction Information

When you use marketplace features:

  • Points buying, selling, and trading transactions
  • Conversion rates and transaction history
  • Redemption activities

3. How We Use Your Information

We use your information to:

  • Provide and maintain the PointLocker service
  • Manage your loyalty points across multiple programs
  • Automatically detect and track loyalty program memberships
  • Send notifications about expiring points and special offers
  • Facilitate marketplace transactions (buying, selling, trading points)
  • Improve our service and develop new features
  • Communicate with you about your account and our services
  • Detect and prevent fraud or unauthorized access
  • Comply with legal obligations

4. Email Access and Gmail API Usage

PointLocker uses the Gmail API to provide email scanning features. Our use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 What We Access

  • Scope: Read-only access to your Gmail messages
  • Purpose: Scanning for loyalty program-related emails only
  • Data Extracted: Sender information, loyalty program names, points balances, membership numbers

4.2 What We Do NOT Do

  • We do not read personal emails unrelated to loyalty programs
  • We do not store complete email content
  • We do not share email data with third parties
  • We do not use email data for advertising purposes
  • We do not transfer email data to others (except as required by law)

4.3 Your Control

You can disconnect your email account at any time from the Settings page. When you disconnect, we immediately stop accessing your emails and delete any stored email-derived data.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Password Security: Passwords are hashed using bcrypt
  • Credential Protection: Loyalty program credentials are encrypted with AES-256
  • Access Controls: Strict access controls limit who can access your data
  • Regular Audits: We conduct regular security audits and updates

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Limited Sharing

We may share your information only in these circumstances:

  • Service Providers: Trusted third-party services that help us operate (e.g., hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

  • Personal information is deleted within 30 days
  • Email access is immediately revoked
  • Transaction history may be retained for legal and accounting purposes
  • Anonymized data may be retained for analytics

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Opt-Out: Unsubscribe from marketing communications
  • Data Portability: Export your loyalty program data
  • Revoke Access: Disconnect email and loyalty program integrations at any time

To exercise these rights, contact us at [email protected].

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze usage patterns
  • Improve service performance

You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.

10. Children's Privacy

PointLocker is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. International Users

PointLocker is operated in the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for material changes)

Your continued use of PointLocker after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: pointlocker.com

Address: PointLocker, United States

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making