Subprocessors and Data Sharing

1. Overview

Pointerly uses subprocessors to operate the service and supports customer-controlled integrations that customers choose to connect. Operational subprocessors process data on Pointerly's behalf under confidentiality, security, and service obligations. Customer-controlled destinations receive data only when a customer or authorized workspace user configures or initiates that transfer.

2. Operational subprocessors

These providers support core hosting, database, authentication, storage, billing, and email functions:

Supabase (AWS)

Database, authentication, storage, row-level team isolation, and operational security.

Data: Account, workspace, product, campaign, analytics, integration metadata, authentication events, and audit records.
Location: United States and other provider-operated regions as configured by the provider.

Vercel

Application hosting, serverless functions, CDN, deployments, and web traffic delivery.

Data: Request metadata, application traffic, deployment artifacts, logs, and operational telemetry needed to serve Pointerly.
Location: Global edge network and provider-operated infrastructure.

Stripe

Subscription billing, invoices, tax support, checkout, and payment processing.

Data: Billing contact, subscription status, invoices, payment metadata, and tax data. Card data is handled directly by Stripe.
Location: United States and other Stripe-operated regions.

Resend

Transactional email delivery for account, security, billing, and product notifications.

Data: Recipient address, message content, delivery metadata, and suppression data needed to send email.
Location: United States and other provider-operated regions.

3. Customer-controlled destinations

Customers may connect optional third-party destinations for exports, sync, analytics, messaging, storage, CRM, commerce, or workflow automation. These destinations are controlled by the customer, not by Pointerly. A transfer occurs only when the customer authorizes the integration, configures sync, or explicitly initiates an export.

Google Sheets, Google Drive, Notion, Airtable, Trello, Slack, Discord, Zoom, Dropbox, OneDrive, HubSpot, Mailchimp, Google Analytics, Shopify, Meta, TikTok, Stripe and similar customer-selected tools.

4. Amazon Ads and restricted partner data

Amazon Ads API and Creator Connections data is classified as restricted partner data in Pointerly. Pointerly does not sell this data, does not independently share it with outside parties, and does not push it to third-party services automatically.

Default automated exports of restricted Amazon partner data are blocked.

Allowed exports must be explicitly initiated by the customer and sent only to the customer's connected destination.

Pointerly records audit metadata for allowed restricted partner data exports where available.

Official Amazon Creator Connections API sync remains disabled until Amazon approves the required app, scopes, and endpoints.

5. Vendor review and updates

We review subprocessors based on service need, security posture, confidentiality obligations, availability, and ability to support customer data protection requirements. We may update this page when providers, purposes, locations, or data categories materially change.