Privacy Policy

PinpointIQ (“we”, “our”) is a geographic market intelligence tool operated by 2nd St Strategy. This policy explains what data we collect, why we collect it, who we share it with, and how long we keep it. It applies to the PinpointIQ web application at app.pinpointiq.app and the marketing site at pinpointiq.app.

1. Information we collect

• Account data. Name (optional), email address, hashed password, organization affiliation, role, last login timestamp.
• Usage data inside the product. Saved dashboards, custom metrics, tags, mTAM assumptions, applied filters, and the metropolitan areas you query. This data is scoped to your organization and is used to power your views inside the app.
• Business lists you upload. CSV/Excel files you upload as “business layers” (competitor locations, target operators, etc.) and the geocoded results. This data is org-scoped — only members of your organization can read it.
• Product analytics. Anonymous-by-default events (page views, feature usage) sent to PostHog for product improvement.
• Error reports. Stack traces and request metadata sent to Sentry when something breaks, so we can fix bugs.
• Server logs. Standard request logs (IP, user agent, path, timestamp, response code) retained for security and debugging.

2. How we use information

• To provide the PinpointIQ service to you and your team.
• To authenticate sign-ins, send transactional emails (password reset, invites, security notices), and enforce organization access controls.
• To diagnose errors and improve product quality.
• To bill paying customers.
• To respond to your support requests.

We do not sell your data. We do not use your uploaded business lists or saved dashboards to train AI models, build aggregate datasets sold to other parties, or for any purpose outside providing the service to your organization.

3. Third-party processors

We rely on the following third-party services to operate PinpointIQ. Each is bound by their own privacy terms and our service agreement with them.

4. Data retention

• Account and product data are kept while your organization has an active account. If your organization cancels, we delete account-identifiable data within 90 days, except where retention is required by law.
• Server and security logs are kept for 90 days.
• Backups may persist for up to 30 days beyond deletion before being overwritten.

5. Security

We protect your data in transit with TLS, store passwords as salted bcrypt hashes, and scope every database query to your organization. Access tokens expire and are invalidated on password change. We rate-limit sensitive endpoints, cap upload sizes, and run regular security reviews. No system is perfectly secure, but we treat your data as if it were our own.

6. Your rights

You can request the following at any time by emailing us at privacy@pinpointiq.app:

• A copy of the personal data we hold about you.
• Correction of inaccurate data.
• Deletion of your account and associated data (subject to legal retention requirements).
• Export of your dashboards, layers, and saved metrics in a machine-readable format.

If you are in the EU/UK or California, you have additional rights under the GDPR and CCPA respectively. We honor those rights for all users.

7. Cookies

We use one essential cookie (pinpoint_token) to keep you signed in. We do not use marketing or cross-site tracking cookies. Product analytics events sent to PostHog use a randomized identifier rather than a tracking cookie.

8. Children

PinpointIQ is a B2B tool intended for use by professionals. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we will delete the account.

9. Changes to this policy

When we make material changes we will update the “Effective” date at the top of this page and notify users in-app or by email. The current version is always available at pinpointiq.app/privacy.

10. Contact

Questions or requests: privacy@pinpointiq.app.