Privacy Policy

Last updated: April 30, 2026

1. Scope and our role

Pointerly provides smart links, bio pages, analytics, affiliate workflows, AI-assisted content, Creator Connect, brand campaign tools, and integrations for creators, brands, and teams. This Privacy Policy explains how Pointerly collects, uses, shares, retains, and protects personal data when you use our websites, apps, APIs, and related services.

For account, billing, product, website, and service operations, Pointerly generally acts as an independent business or controller. For workspace content, campaign records, connected account data, exports, and customer-configured integrations, Pointerly generally processes data on behalf of the customer workspace that controls how the data is used.

2. Data we collect

We collect the data needed to provide and protect the service. Depending on how you use Pointerly, this may include:

  • Account data such as name, email address, login provider, profile details, avatar, and team membership.
  • Workspace data such as links, bio pages, products, campaigns, creator or brand profiles, applications, comments, notes, and uploaded assets.
  • Analytics data such as clicks, referrals, device category, approximate location, UTM parameters, conversion events, and aggregated performance metrics.
  • Affiliate and commerce data such as affiliate tags, product identifiers, marketplace metadata, earnings imports, reports, and attribution settings.
  • Connected account data from integrations you authorize, such as Google, Meta, TikTok, Shopify, Notion, Airtable, Slack, HubSpot, Mailchimp, Stripe, and similar tools.
  • Amazon affiliate, Amazon Ads, and Creator Connections data such as affiliate tags, campaign identifiers, eligibility status, enrollment or application status, product identifiers, reporting metrics, credential references, and export audit records.
  • Payment and subscription data such as plan, invoice, tax, and payment status. Payment card numbers are handled directly by Stripe and are not stored by Pointerly.
  • Technical and security data such as IP address, browser type, device information, session events, authentication logs, audit logs, API usage, error logs, and abuse-prevention signals.
  • Communications data such as support requests, emails, notices, survey responses, and product feedback.

3. Sources of data

We collect data directly from you, from workspace members, from connected accounts you authorize, from customer-configured imports or exports, from your use of the service, from payment and infrastructure providers, and from public pages or public campaign information where relevant to the product experience.

4. How we use data

We use data for the following purposes:

  • Provide, personalize, maintain, and improve Pointerly.
  • Create and manage links, bio pages, Creator Connect workflows, applications, campaign pipelines, and analytics dashboards.
  • Connect customer-authorized integrations and move data only according to customer configuration.
  • Sync affiliate, product, campaign, eligibility, reporting, and performance data where authorized.
  • Process subscriptions, invoices, taxes, and account administration.
  • Send transactional messages, security notices, product updates, and support responses.
  • Detect, prevent, and investigate abuse, fraud, policy violations, security incidents, and unauthorized access.
  • Comply with law, enforce agreements, maintain audit records, and protect the rights of Pointerly, customers, users, and partners.

5. Legal bases where applicable

Where privacy laws require a legal basis, we rely on one or more of the following:

  • Contract necessity to provide the service you or your workspace requested.
  • Consent for optional cookies, certain marketing communications, and connected account authorizations.
  • Legitimate interests in securing the service, improving product quality, supporting customers, preventing abuse, and maintaining business operations.
  • Legal obligations for tax, accounting, security, sanctions, reporting, and regulatory requirements.

6. Amazon Ads and restricted partner data

Pointerly classifies Amazon Ads API and Creator Connections-derived data as restricted partner data. This includes campaign identifiers, advertising or affiliate metrics, Creator Connections eligibility or enrollment data, raw partner payloads, credential references, and other Amazon-derived reporting data.

  • We do not sell Amazon Ads, Amazon affiliate, or Creator Connections data.
  • We do not include restricted Amazon partner data in default automated third-party exports.
  • Automated exports of restricted partner data are blocked by default.
  • Exports that contain restricted partner data must be explicitly initiated by the customer and sent only to the customer's own connected destination.
  • We maintain audit records for allowed restricted partner data exports, including user, team, destination, data type, and timestamp where available.
  • Official Amazon Creator Connections API sync remains disabled unless Amazon approves the required app, scopes, and endpoints.

7. Sharing and recipients

We do not sell personal data. We share data only as needed to provide, secure, and support the service:

  • Infrastructure, database, authentication, storage, hosting, email, billing, analytics, and security providers.
  • Customer-controlled integrations that you or your workspace configure, such as spreadsheets, storage, CRM, messaging, analytics, and workflow tools.
  • Other members of your workspace according to their role and permissions.
  • Public visitors when you publish public links, bio pages, campaign pages, media kits, or creator/brand profiles.
  • Legal, compliance, safety, and rights-protection recipients where required or permitted by law.

See our Subprocessors and Data Sharing page for current operational providers and customer-controlled destination examples.

8. Cookies and tracking choices

We use strictly necessary cookies for authentication, security, session management, and service delivery. With consent where required, we may use functional and analytics cookies to remember preferences and understand product usage. We do not use third-party advertising cookies on Pointerly marketing pages. See our Cookie Policy to manage preferences.

9. International transfers

Pointerly and its providers may process data in the United States and other countries where our providers operate. Where required, we use appropriate safeguards such as data processing agreements, standard contractual clauses, transfer risk assessments, and provider security commitments.

10. Retention

We retain data for as long as needed to provide the service, operate workspaces, maintain security, comply with law, resolve disputes, enforce agreements, and preserve legitimate business records.

  • Account and workspace data is generally retained while the account or workspace is active.
  • Deleted workspace data is removed from active systems according to product deletion workflows and purged from backups on a rolling schedule.
  • Billing, tax, audit, and security records may be retained longer where required for legal, compliance, or fraud-prevention reasons.
  • Connected account tokens are revoked or deleted where technically available when an integration is disconnected.
  • Restricted partner data is retained only for customer workspace use, legal or security obligations, audit trails, and service continuity.

11. Security

We use technical and organizational controls designed to protect data, including TLS, provider-managed encryption at rest, row-level team isolation, role-based permissions, server-side secret storage, audit logs, incident response procedures, and least-privilege administrative access. More details are available on our Security page.

12. Your rights and choices

Depending on your location, you may have the right to access, correct, delete, port, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent, opt out of certain sharing or targeted advertising, and appeal a privacy request decision.

You can manage many settings in your account. You can delete your account and associated data from account settings, or contact us for help. If you signed up using Facebook Login, see our Data Deletion Instructions.

To exercise privacy rights, contact privacy@pointerly.com. We may need to verify your identity and authority before completing a request.

13. Children

Pointerly is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to Pointerly, contact us so we can take appropriate action.

14. Automated decisions

Pointerly may use automation to organize analytics, suggest content, classify campaign records, detect abuse, or route workflows. We do not use fully automated processing to make decisions that produce legal or similarly significant effects about you without appropriate notice and safeguards.

15. Changes to this policy

We may update this Privacy Policy to reflect product, legal, security, or operational changes. We will update the date above and, where required, provide additional notice.

16. Contact

Questions about this Privacy Policy or our data practices? Contact privacy@pointerly.com or support@pointerly.com.

← Back to home