Privacy Notice
- What is pointzai.com and what do we do?
- Our approach
- Types of information we collect from or about you
- How and why do we use your data?
- How we share your information
- How long do we keep your data?
- Cookies and tracking technologies
- How to access, rectify, and/or erase your data
- How do we safeguard and transfer your data?
- California Privacy Rights
- Changes to this notice
- Contact us and complaints
1. What is pointzai.com and what do we do?
pointzai.com ("we," "us," or "our") is an AI-powered B2B lead generation platform available at pointzai.com. We help businesses find, qualify, and connect with relevant leads by using artificial intelligence to research and deliver contact details.
Here's how it works: you describe your Ideal Customer Profile (ICP) in natural language — the type of companies you want to reach, their size, location, and the problems they face. Our AI pipeline then researches the market, discovers matching companies, scores them against your criteria, and delivers qualified leads with contact information.
This Privacy Notice explains how we collect, use, share, and protect your personal information when you visit our website, use our demo, or interact with our services.
Contact for privacy inquiries: Contact Support
2. Our approach
We believe in transparency about our data practices and are committed to the following principles:
- Data minimization. We collect only what is necessary to provide our services. We do not collect sensitive personal data such as health information, religious beliefs, political opinions, or ethnic origin.
- Privacy by design. We hash IP addresses and never store them in raw form. We use browser fingerprints solely for rate limiting, not for tracking or profiling.
- Consent-first analytics. We use Google Analytics with Consent Mode v2 enabled. Without your consent, only anonymous, cookieless measurement takes place. Google Signals is disabled — we do not perform cross-device tracking or use demographic/interest reporting.
- AI transparency. Our AI processing is limited to business-related ICP descriptions that you provide. We do not use your data to train AI models.
- No selling of data. We do not rent, sell, or trade your personal information to third parties for their marketing purposes.
3. Types of information we collect from or about you
We collect different types of information depending on how you interact with pointzai.com. We describe these below by user segment.
3.1 Website Visitors
When you visit pointzai.com, we may collect the following information:
- Hashed IP address. We hash your IP address for rate-limiting purposes. We never store raw IP addresses.
- Browser fingerprint. A technical identifier used solely for rate limiting to prevent abuse. Not used for tracking or profiling.
- Device information. Browser type, operating system, and screen resolution — collected automatically by our analytics provider.
- Usage data. Pages visited, scroll depth, time on page, and interactions with site elements — collected only with your consent via Google Analytics.
- Cookies. Consent preference cookies and, with your permission, analytics cookies. See Section 7 for details.
- Server logs. Our hosting provider (Vercel) automatically logs requests, which may include IP addresses, browser information, and timestamps in accordance with their standard practices.
3.2 Demo Users
If you use our AI demo to explore lead generation, we collect everything described in Section 3.1, plus:
- ICP descriptions. The business descriptions you enter during the demo (industry, company size, location, roles). This text is sent to our AI provider for processing and is not stored by us after the demo session.
- Email address. After your demo results are displayed, we ask for your email address to unlock the full set of leads (leads 6–10 are blurred until you provide your email). Your email is stored for communication purposes and to enforce rate limits (one lead delivery per email address per 14 days). Your email is collected after you see your results, not before.
- Demo results. The AI-generated lead cards produced by the demo, streamed to you in real time.
- Local storage data. Your chat progress, ICP answers, and demo results are saved in your browser's local storage with a 24-hour time-to-live. This data is stored on your device only and is automatically cleared upon signup or after 24 hours.
3.3 Account Holders
When we introduce user accounts, we may additionally collect:
- Account information. Name, email address, and authentication credentials.
- Subscription and billing data. Plan type, credit usage, and billing information. Payment details (such as credit card numbers) are processed directly by our payment processor, Stripe, and are never stored on our servers.
- Communication records. Support messages and feedback submitted through our support widget.
4. How and why do we use your data?
We process your data for the purposes described below. Where required by applicable law, we rely on a legal basis for each processing activity.
4.1 Website Visitors
| Context of processing | Purpose | Legal basis |
|---|---|---|
| Serving the website | Delivering web pages and static content to your browser | Legitimate interest in operating our website |
| Rate limiting | Using hashed IP addresses and browser fingerprints to enforce fair usage limits and prevent abuse | Legitimate interest in preventing abuse and ensuring service availability |
| Analytics (with consent) | Understanding how visitors interact with our website via Google Analytics (Consent Mode v2, Google Signals disabled) | Consent |
| Analytics (without consent) | Collecting anonymous, aggregated measurement data in cookieless mode | Legitimate interest in understanding general usage patterns |
| Security | Detecting and preventing fraud, abuse, and unauthorized access to our systems | Legitimate interest in protecting our service and users |
4.2 Demo Users
| Context of processing | Purpose | Legal basis |
|---|---|---|
| Provision of demo service | Processing your ICP descriptions through our AI pipeline to generate and stream lead results | Legitimate interest in providing the demo service you requested |
| Email collection (post-results) | Collecting your email address after results are displayed, as a gate to unlock the full set of demo leads | Legitimate interest in enabling communication and providing follow-up access to demo results |
| Rate limiting (demo) | Enforcing demo usage limits (3 runs per IP per 24 hours, 1 lead delivery per email per 14 days, 500 global demo runs per day) | Legitimate interest in preventing abuse and managing service costs |
| Marketing communications | Sending product updates and newsletters to users who have opted in | Consent |
4.3 Account Holders (future)
When we introduce user accounts, additional processing activities will include:
| Context of processing | Purpose | Legal basis |
|---|---|---|
| Account management | Creating and maintaining your account, authenticating access | Performance of a contract |
| Providing the service | Running AI pipelines, generating and delivering leads | Performance of a contract |
| Billing and payments | Processing subscriptions, managing credits, issuing invoices | Performance of a contract |
| Service improvement | Analyzing usage patterns, identifying bugs, and enhancing features | Legitimate interest in improving our service |
| Legal compliance | Complying with applicable laws, regulations, and legal processes | Legal obligation |
5. How we share your information
We do not rent, sell, or trade any personal information to third parties for their marketing purposes.
We share data with the following categories of service providers, solely for the purposes described in this notice:
Service providers
| Service | Data shared | Purpose |
|---|---|---|
| Anthropic (Claude API) | ICP text descriptions | AI processing of your business descriptions to generate leads. Governed by Anthropic's terms of service and data processing terms. |
| Supabase | Account data, authentication tokens, database records | Database hosting and user authentication. Data encrypted at rest by our database provider. |
| Vercel | Server requests, IP addresses in logs | Website hosting and content delivery. |
| Railway | Pipeline job data, server logs | Background processing infrastructure for our AI pipeline workers. |
| Google Analytics | Anonymized usage data (with consent) | Website analytics. Consent Mode v2 enabled; Google Signals disabled. Without consent, only anonymous cookieless measurement occurs. |
| Resend | Email addresses | Transactional email delivery (verification emails, team invitations). |
| FeatureBase | None (anonymous mode) | Support and feedback widget. Operates in anonymous mode; no personal information is collected or shared. |
Future service providers
When we introduce paid plans, we will additionally share data with:
| Service | Data shared | Purpose |
|---|---|---|
| Stripe | Payment and billing information | Payment processing. pointzai.com never stores your credit card details; Stripe handles all payment data directly. |
| GreenInvoice | Invoice details (name, email, amount) | Israeli tax invoice (חשבונית מס) generation, where applicable. |
Other disclosures
We may also disclose your information:
- Legal requirements. When required by law, regulation, legal process, or governmental request.
- Protection of rights. To protect the rights, property, or safety of pointzai.com, our users, or others.
- Business transfers. In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would be transferred as part of the transaction. We will notify you of any such change.
- With your consent. When you direct us to share your information with a third party.
6. How long do we keep your data?
We retain your data only for as long as necessary to fulfill the purposes described in this notice. Retention periods vary by data category:
| Data category | Retention period |
|---|---|
| Hashed IP addresses | Designed to be automatically purged after 24 hours |
| Browser fingerprints | Designed to be automatically purged after 24 hours |
| Local storage data (demo chat state, ICP answers) | 24-hour time-to-live on your device; cleared on signup |
| Email addresses (demo users) | Retained for rate-limiting enforcement and communications until you request deletion |
| Analytics data | Retained in accordance with our analytics provider's retention settings |
| Server logs (Vercel) | Retained in accordance with our hosting provider's standard log retention practices |
| Communication records (support inquiries) | Retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter |
When we introduce user accounts, we will publish specific retention periods for account data, subscription records, and generated lead data.
When data is no longer needed, we delete or anonymize it. Where deletion is not immediately possible (for example, data stored in backups), we isolate the data from further processing until deletion is feasible.
7. Cookies and tracking technologies
Cookies we use
| Type | Cookie | Purpose | Duration |
|---|---|---|---|
| Essential | Consent preferences | Remembering your cookie consent choice | 12 months |
| Analytics (with consent) | Google Analytics | Understanding website usage patterns | Up to 2 years |
Google Analytics configuration
We use Google Analytics 4 (GA4) with the following privacy-protective settings:
- Consent Mode v2 is enabled. Analytics cookies are only set after you provide consent.
- Google Signals is disabled. We do not perform cross-device tracking or use demographic/interest-based advertising features.
- Without consent: GA4 operates in cookieless mode, collecting only anonymous, aggregated measurement data. No cookies are placed, and no personal identifiers are used.
- With consent: GA4 collects anonymized data about page views, time on page, and navigation patterns.
- IP anonymization is enabled by default in GA4.
Managing cookies
You can manage your cookie preferences at any time:
- Cookie consent banner. When you first visit our website, a consent banner allows you to accept or decline analytics cookies.
- Browser settings. You can block or delete cookies through your browser's privacy settings.
- Update preferences. You can change your consent choice via the cookie settings link in our website footer.
Declining analytics cookies does not affect the functionality of our website or demo.
For more information about cookies, visit allaboutcookies.org.
8. How to access, rectify, and/or erase your data
Your rights
Depending on where you are located, you may have the following rights regarding your personal information:
- Right of access. Request a copy of the personal information we hold about you.
- Right to rectification. Request correction of inaccurate or incomplete personal information.
- Right to erasure. Request deletion of your personal information, subject to certain legal exceptions.
- Right to restriction. Request that we limit the processing of your personal information in certain circumstances.
- Right to data portability. Request to receive your personal information in a structured, commonly used, machine-readable format.
- Right to object. Object to our processing of your personal information where we rely on legitimate interest as our legal basis.
- Right to withdraw consent. Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
How to exercise your rights
To exercise any of these rights, please contact us at Contact Support. We will respond to your request within 30 days of receiving it. If we need additional time (up to an additional 60 days for complex requests), we will inform you of the extension and the reasons for the delay.
We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.
Children and minors
pointzai.com is a B2B service designed for business professionals. Our services are not directed at, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will take steps to delete that information promptly. If you believe we may have collected information from a minor, please contact us at Contact Support.
9. How do we safeguard and transfer your data?
Security measures
We implement the following security measures to protect your data:
- Encryption in transit. All data transmitted between your browser and our servers is encrypted using TLS/HTTPS, provided by our hosting infrastructure.
- IP hashing. IP addresses are hashed before storage. We never store raw IP addresses.
- Rate limiting. We enforce rate limits across our services to prevent abuse and protect system integrity.
- Database encryption. Data stored in our database is encrypted at rest by our database provider.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially reasonable measures to protect your personal information, we cannot guarantee absolute security.
International data transfers
pointzai.com's services are hosted in the United States via Vercel and Supabase. Our AI processing involves US-based services, including Anthropic (Claude API). If you are accessing our services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States.
We rely on our service providers' own data protection commitments and standard terms of service, which include data processing provisions, to ensure appropriate handling of your data during international transfers.
10. California Privacy Rights
If you are a California resident, the following rights may apply to you under the California Consumer Privacy Act (CCPA), to the extent applicable:
Categories of personal information collected
In the preceding 12 months, we may have collected the following categories of personal information:
- Identifiers. Email address, hashed IP address, browser fingerprint.
- Internet or other electronic network activity. Browsing history on our website, interactions with our demo, device information.
- Professional or employment-related information. Business descriptions provided as part of ICP inputs.
How we use your information
We use the categories of personal information listed above for the business purposes described in Section 4 of this Privacy Notice.
Your California privacy rights
- Right to Know. You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share your information.
- Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sale. We do not sell your personal information. We do not use your personal information for targeted advertising.
- Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights.
How to exercise your rights
To exercise your CCPA rights, contact us at Contact Support. We will respond within 45 days of receiving your verifiable request. We may need to verify your identity before fulfilling your request.
11. Changes to this notice
We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this notice.
- Where appropriate, notify you by email or through a prominent notice on our website.
We encourage you to review this Privacy Notice periodically. Your continued use of our services after any changes constitutes your acceptance of the updated notice.
12. Contact us and complaints
If you have any questions, concerns, or requests regarding this Privacy Notice or our data practices, please reach us through our Help & Support page.
Complaints
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with your local data protection authority if you believe your data has been processed in violation of applicable data protection laws.
A list of EEA data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Version History
| Version | Date | Notes |
|---|---|---|
| 1.0 | March 23, 2026 | Initial version |