Skip to content
← Back to Point

Point Privacy Policy

Version: 1.0
Effective date: July 7, 2026
Entity: Advanced Mail Solutions, Inc., a Delaware corporation, DBA “Point”, with primary offices in California.
Privacy contact: privacy@getpoint.ai
Website: getpoint.ai

This Privacy Policy explains how Point (“Point,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information.


1. Scope

This Policy applies to personal information we process when we act as a controller or business, including in connection with:

  1. Point websites, landing pages, blogs, and online properties;
  2. Point web, desktop, mobile, and other client applications;
  3. direct individual accounts;
  4. account registration, authentication, billing, support, security, sales, marketing, events, and business operations;
  5. connected-account authorization and account administration;
  6. use of the Services by Individual Customers; and
  7. personal information relating to representatives of prospects, customers, suppliers, partners, and other business contacts.

For Organization Customers, the organization may be the controller or business for Customer Content processed in the Services. In that case, Point generally acts as a processor, service provider, contractor, or similar role under the Agreement and Data Processing Addendum. If you use Point through an organization, direct privacy requests about Customer Content to that organization unless Point tells you otherwise.

This Policy does not apply to third-party websites, services, providers, app stores, email providers, calendar providers, or integrations that have their own privacy notices.


2. Summary

Point is designed to help users manage professional communication, email, calendar, tasks, search, summaries, scheduling, and automation. To provide these features, Point may process communications and connected-account data that users authorize, including email and calendar content.

Point may use Google as Point’s initial advertising, analytics, measurement, attribution, and retargeting technology vendor on public websites, marketing pages, and other non-authenticated or marketing properties where lawful. Point does not sell Customer Content, does not use Customer Content or connected-account content for cross-context behavioral advertising or retargeting, and does not use Customer Content to train generalized third-party large language models unless you expressly authorize it. Point may use Google advertising and retargeting technologies for website, app, and marketing measurement as described in this Policy, but not using Customer Content.


3. Personal information we collect

The information we collect depends on how you interact with Point.

3.1 Identity and contact information

Examples include name, email address, phone number, job title, employer, organization, role, avatar, country, and business contact details.

3.2 Account and authentication information

Examples include usernames, account IDs, organization IDs, user IDs, roles, admin status, login events, session data, authentication method, email verification status, security settings, device identifiers, and access logs.

3.3 Connected-account information

If you connect an email, calendar, identity, messaging, or other third-party account, we may collect provider account IDs, email addresses, OAuth tokens or token references, scopes, authorization status, sync state, provider metadata, folder or label metadata, and related account information.

3.4 Communications and content

Depending on your settings and Connected Accounts, Point may process:

  1. emails, messages, threads, recipients, senders, headers, metadata, attachments, files, and folders;
  2. calendar events, invitations, availability, RSVPs, reminders, participants, meeting links, and scheduling pages;
  3. contacts, identities, relationships, circles, labels, and organization membership;
  4. tasks, reminders, watch tasks, follow-up rules, notes, and activity logs;
  5. drafts, replies, notifications, automation actions, and audit records;
  6. search queries, search indexes, embeddings, summaries, points, generated titles, generated descriptions, and other AI Output;
  7. prompts, instructions, preferences, memory/imprints, autonomy settings, and style settings;
  8. voice audio, voice transcripts, and voice-session data when you use voice mode; and
  9. support messages, feedback, call notes, chat messages, and related correspondence.

3.5 Device, usage, and technical information

Examples include IP address, device type, operating system, browser, app version, language, timezone, approximate location derived from IP address, pages or screens viewed, referral source, event logs, performance data, crash reports, cookies, similar identifiers, advertising identifiers, campaign identifiers, and diagnostic data.

3.6 Billing and transaction information

Examples include billing name, billing address, payment method details handled by our payment processor, invoice details, tax information, subscription plan, purchase history, payment status, renewal status, and account credits.

3.7 Sales, marketing, and relationship information

Examples include communications preferences, marketing interactions, event attendance, lead source, demo requests, trial participation, survey responses, customer relationship records, Google advertising-cookie choices, retargeting audiences, conversion events, Customer Match or audience-exclusion records if enabled, campaign attribution, and lawful opt-out or suppression records.

3.8 Security and compliance information

Examples include authentication logs, security events, audit logs, abuse reports, rate-limit events, fraud indicators, sanctions or export screening results, suspected policy violations, quarantine and flagging records, and other information used to protect Point, users, customers, and third parties.

3.9 Inferences and derived information

Point may derive information to provide the Services, such as message priority, urgency, summaries, points, labels, circles, suggested tasks, reminders, scheduling suggestions, style preferences, relationship importance, and activity recommendations.

3.10 Sensitive personal information

Point does not require sensitive personal information to create an account. However, emails, messages, files, calendar events, or other Customer Content may contain sensitive personal information if users or their contacts include it.

Sensitive personal information may include account credentials or tokens, communications content, financial information, tax-related content, health-related references, precise meeting locations, government identifiers, or other sensitive content. Point uses sensitive personal information only to provide and secure the Services, comply with law, and for other permitted purposes described in this Policy.


4. Sources of personal information

Point may collect personal information:

  1. directly from you;
  2. from your organization, workspace admins, or other users;
  3. from Connected Accounts you authorize;
  4. from third-party providers, such as email, calendar, identity, payment, security, analytics, support, communications, and hosting providers;
  5. from recipients, senders, participants, contacts, customers, suppliers, and other people who communicate with you or your organization;
  6. from your use of the Services;
  7. from publicly available business sources, professional networking platforms, and corporate directories;
  8. from app stores and device platforms; and
  9. from legal, compliance, fraud-prevention, or security sources.

5. Purposes of processing

Point may process personal information to:

  1. provide, operate, maintain, and improve the Services;
  2. create, authenticate, secure, administer, and support accounts;
  3. connect, sync, search, summarize, prioritize, and organize email, messages, calendar, tasks, contacts, and related content;
  4. generate AI Output, drafts, summaries, points, tasks, scheduling proposals, labels, circles, notifications, and other user-facing features;
  5. enable automations, autonomy settings, review flows, approvals, undo functions, and activity logs;
  6. provide semantic search and indexing;
  7. send, receive, classify, and route communications where authorized;
  8. schedule meetings, manage availability, send scheduling links, and process RSVPs;
  9. provide customer support and respond to requests;
  10. process payments, subscriptions, renewals, taxes, invoicing, and account administration;
  11. communicate about accounts, security, transactions, service updates, product changes, and legal notices;
  12. personalize the Services based on settings, preferences, and usage;
  13. measure, debug, analyze, and improve reliability, security, performance, and user experience;
  14. detect, investigate, prevent, and respond to spam, fraud, abuse, security incidents, prompt-injection attempts, unauthorized access, and unlawful activity;
  15. enforce terms, policies, and legal rights;
  16. comply with legal, regulatory, tax, accounting, audit, sanctions, export, and recordkeeping obligations;
  17. conduct business-to-business sales and marketing where lawful;
  18. measure advertising effectiveness, attribute campaigns, build or exclude marketing audiences, and conduct retargeting or targeted advertising where lawful and subject to required choices; and
  19. carry out mergers, acquisitions, financing, reorganization, or similar business transactions.

6. AI, connected-account data, and advertising limits

6.1 User-facing use

Point uses connected-account data and Customer Content to provide user-facing features requested or enabled by users, such as inbox organization, summarization, task extraction, semantic search, scheduling, drafting, notifications, and automation.

6.2 No sale of Customer Content

Point does not sell Customer Content.

6.3 Advertising and retargeting limits

Point may use advertising, analytics, measurement, attribution, and retargeting cookies or similar technologies on public websites, landing pages, blogs, marketing pages, and other non-authenticated or marketing properties where lawful. Point may use website activity, cookie identifiers, advertising identifiers, device data, approximate location, referral source, campaign data, conversion events, and business contact information for marketing measurement, attribution, audience creation, audience exclusion, retargeting, and cross-context behavioral advertising where permitted by law.

Point does not use Customer Content, connected email content, connected calendar content, message content, files, attachments, prompts, AI Output, search indexes, embeddings, summaries, points, OAuth tokens, or Google/Microsoft API data for cross-context behavioral advertising, targeted advertising, retargeting, Customer Match, enhanced conversions, advertising measurement, or advertising profile creation.

6.4 Google advertising technology

Point’s initial advertising technology vendor is Google. Depending on the property, campaign, geography, and Point configuration, Point may use Google LLC, Google Ireland Limited, or another applicable Google affiliate, and Google advertising or measurement products such as Google Ads, Google Analytics, Google Tag, Google Tag Manager, Google Ads conversion tracking, remarketing tags, Enhanced Conversions, Customer Match, Campaign Manager, Display & Video 360, Search Ads 360, or comparable Google advertising and measurement services.

For these Google advertising and measurement activities, Point may disclose or make available public website or marketing-property activity, URL and referral information, IP address, approximate location, device and browser information, cookie or similar identifiers, advertising identifiers, campaign identifiers, conversion events, demo or trial status, plan or purchase events, hashed business contact information, and opt-out, suppression, or audience-exclusion records.

Point will not disclose Customer Content, connected-account data, Google API data, Microsoft connected-account data, prompts, AI Output, search indexes, embeddings, summaries, points, OAuth tokens, message content, email content, calendar content, files, or attachments to Google for advertising, retargeting, Customer Match, enhanced conversions, audience building, or advertising profile creation.

If Point uses Customer Match, Enhanced Conversions, or similar Google audience or conversion products, Point will use only Point-controlled sales, account, lead, trial, billing, or marketing relationship data for which Point has determined it has appropriate rights, notices, consent where required, and opt-out handling. Point will not build Google advertising audiences from Customer Content or connected-account data.

Google’s privacy role may vary by product and configuration. For some advertising and measurement activities, Google may act as an independent controller or controller-controller partner. For certain analytics, measurement, or restricted-data-processing configurations, Google may act as a processor, service provider, or similar restricted role. Point will configure consent, restricted data processing, ads personalization, retention, redaction, and regional settings where Point determines they are required or appropriate, and Point will treat disclosures to Google as sale, sharing, targeted advertising, or profiling where applicable law requires.

6.5 Model training

Point does not use Customer Content to train generalized third-party large language models or generalized foundation models unless you expressly authorize it. Point may use Customer Content to provide and improve the Services for you or your organization, including improving user-facing features, safety, security, reliability, and quality.

6.6 Google API Limited Use statement

Point’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Point does not use Google API data for advertising, retargeting, sale, or sharing, and does not transfer Google API data except as necessary to provide or improve user-facing Services, comply with law, secure the Services, or as otherwise permitted by Google’s applicable policies and user authorization. This restriction applies even though Point separately uses Google advertising and measurement services on public marketing properties: Google API user data from Gmail, Google Calendar, Google Sign-In, Google OAuth, Google Workspace APIs, or related Connected Account integrations is not sent to Google adtech services for advertising, retargeting, Customer Match, Enhanced Conversions, audience creation, or advertising measurement.

6.7 Microsoft connected-account data

Point uses Microsoft Graph, Microsoft 365, Outlook, Microsoft Entra ID, and related Microsoft connected-account data only to provide and improve user-facing Services, operate and secure the Services, comply with law, and act on user or Customer instructions. Point does not use Microsoft connected-account data for advertising, retargeting, sale, or sharing.

6.8 Human access

Point limits human access to Customer Content to circumstances such as providing support at your request, security and abuse investigation, legal compliance, troubleshooting, service operation, or with your consent.


Where GDPR, UK GDPR, or similar laws apply, Point relies on one or more of the following legal bases:

  1. Contract. To provide the Services, administer accounts, process payments, provide support, and take steps requested before entering a contract.
  2. Legitimate interests. To operate, secure, improve, and market our business; prevent fraud and abuse; communicate with business contacts; maintain records; and enforce rights, where those interests are not overridden by applicable rights and interests.
  3. Consent. Where required, such as for non-essential cookies, advertising or retargeting technologies, marketing communications, optional integrations, or optional processing.
  4. Legal obligations. To comply with tax, accounting, sanctions, regulatory, privacy, consumer-protection, security, and other legal obligations.
  5. Vital interests or public interest. Rarely, where necessary under applicable law.

You may withdraw consent where processing is based on consent, without affecting processing that occurred before withdrawal.


8. How we disclose personal information

Point may disclose personal information to:

  1. Affiliates for the purposes described in this Policy;
  2. service providers and processors that provide hosting, cloud infrastructure, storage, AI processing, embeddings, email and calendar integration, token storage, security, logging, monitoring, analytics, customer support, communications, payments, billing, accounting, and related services;
  3. advertising, retargeting, marketing, analytics, and measurement partners, including Google advertising and measurement services where enabled, where lawful and subject to required choices;
  4. third-party providers you authorize, such as email, calendar, identity, messaging, or app-store providers;
  5. organization admins and other users according to workspace settings, roles, and permissions;
  6. professional advisers, including legal, accounting, audit, tax, insurance, and compliance advisers;
  7. payment processors and financial institutions;
  8. business partners where relevant to the relationship and lawful;
  9. government, regulatory, judicial, law-enforcement, or supervisory authorities where required or appropriate under law;
  10. counterparties in business transactions, such as actual or prospective acquirers, investors, lenders, or transferees in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections; and
  11. others with your direction or consent.

Point does not disclose personal information except as described in this Policy, the Agreement, or as permitted or required by law.


9. International transfers

Point is based in the United States, and personal information may be processed in the United States and other countries where Point, its Affiliates, or service providers operate.

Where required, Point uses appropriate transfer mechanisms and safeguards, such as adequacy decisions, standard contractual clauses, the UK Addendum, the UK International Data Transfer Agreement, Swiss transfer safeguards, and supplementary measures.

For Organization Customers where Point acts as processor, international transfers are governed by the Agreement and Data Processing Addendum.


10. Retention

Point retains personal information only for as long as reasonably necessary for the purposes described in this Policy, including providing the Services, account administration, security, legal compliance, tax and accounting, dispute resolution, and enforcement.

Retention periods vary depending on the type of information, user settings, Customer instructions, legal requirements, and technical constraints.

CategoryTypical retention approach
Account profile and authentication recordsFor the life of the account, then for a reasonable period needed for security, legal, and backup purposes.
Customer Content in active accountsFor as long as the account or workspace is active, unless deleted earlier by users, settings, or Customer instructions.
Deleted Customer ContentDeleted from active systems within a reasonable period; backups may persist until overwritten under backup cycles.
Connected-account tokensUntil the account is disconnected, authorization expires, the account is deleted, or retention is required for security or legal reasons.
Search indexes, embeddings, summaries, points, and derived service dataGenerally retained while the related Customer Content or account is retained, unless separated for security, legal, or de-identified analytics.
Billing, tax, and transaction recordsAs needed for tax, accounting, audit, and legal obligations, often up to seven years or longer if required.
Security, fraud, audit, and system logsAs needed to protect the Services, investigate issues, and comply with law.
Marketing, advertising, and retargeting recordsUntil you opt out, withdraw consent where applicable, or the information is no longer needed, with suppression records retained to honor opt-outs.
Support communicationsAs needed to provide support, improve services, resolve disputes, and comply with law.

For Organization Customer processor data, retention and deletion may be governed by the Agreement, Data Processing Addendum, Service Documentation, and Customer instructions.


11. Security

Point uses administrative, technical, and organizational measures appropriate to the nature of the data and risks involved. These may include encryption in transit and at rest where supported, access controls, least privilege, logging, monitoring, vulnerability management, incident response, backups, credential controls, token handling controls, prompt-injection defenses, quarantine workflows, and human-access limitations.

No method of transmission, storage, or processing is completely secure, and Point cannot guarantee absolute security.


12. Your choices and rights

Depending on where you live and how you use Point, you may have rights to:

  1. access personal information;
  2. receive a copy of personal information;
  3. correct inaccurate personal information;
  4. delete personal information;
  5. restrict or object to processing;
  6. opt out of sale, sharing, targeted advertising, or certain profiling;
  7. limit use and disclosure of sensitive personal information;
  8. withdraw consent where processing is based on consent;
  9. appeal a denied privacy request where applicable; and
  10. lodge a complaint with a data protection authority.

To make a request, contact privacy@getpoint.ai or use any request method made available in the Services.

We may need to verify your identity and authority before responding. Authorized agents may submit requests where permitted by law and after verification.

If your request relates to Customer Content controlled by an Organization Customer, we may direct you to that organization.


13. California Notice at Collection and state privacy disclosures

This Section applies to California residents and, where similar laws apply, residents of other U.S. states.

13.1 Categories collected, purposes, and retention

CategoryExamplesPurposesRetention
IdentifiersName, email, account ID, IP address, device identifiers, provider account IDs, cookie identifiers, advertising identifiersAccount creation, authentication, support, security, communications, billing, analytics, advertising, retargeting, and campaign measurementAs described in Section 10
California Customer Records informationContact details, billing information, account informationBilling, subscriptions, customer administration, support, sales, and marketingAs described in Section 10
Commercial informationPlan, purchases, renewals, invoices, trial status, usage recordsBilling, subscriptions, service administration, analytics, advertising, retargeting, and campaign measurementAs described in Section 10
Internet or electronic network activityDevice data, usage logs, pages/screens viewed, diagnostics, cookies, referral source, campaign identifiersSecurity, operations, analytics, debugging, improvement, advertising, retargeting, and campaign measurementAs described in Section 10
Geolocation dataApproximate location from IP address; timezoneSecurity, localization, timezone-aware schedulingAs described in Section 10
Audio, electronic, visual, or similar informationMessages, emails, files, attachments, support communications, and, when voice mode is used, voice audio (including raw voice audio streamed to Point’s AI voice provider during voice sessions) and voice transcriptsProviding Services, support, automation, securityAs described in Section 10
Professional or employment-related informationEmployer, title, business role, organization membershipAccount administration, business relationship management, workspace featuresAs described in Section 10
InferencesPreferences, priorities, relationship importance, summaries, labels, circles, style settings, marketing segments inferred from non-Customer-Content activityPersonalization, triage, automation, user-facing features, sales, advertising, and marketing where lawfulAs described in Section 10
Sensitive personal informationAccount credentials or tokens, contents of communications, precise details included in Customer Content, security logsProviding and securing Services, legal compliance, customer-authorized processingAs described in Section 10

13.2 Sale, sharing, targeted advertising, and retargeting

Point does not sell Customer Content and does not use Customer Content for cross-context behavioral advertising, targeted advertising, or retargeting.

Point may disclose identifiers, internet or electronic network activity, commercial information, and related inferences to advertising, analytics, and retargeting partners, including Google where enabled, for cross-context behavioral advertising, targeted advertising, retargeting, campaign attribution, frequency capping, audience creation, audience exclusion, Customer Match or similar audience products, enhanced conversions, and measurement. Some privacy laws may treat these disclosures as “sharing,” “targeted advertising,” or “sale” even if no money is exchanged.

Where required, Point will provide a “Do Not Sell or Share My Personal Information” or comparable opt-out method, cookie settings, and legally required opt-out preference signal handling. Point will configure Google tags, consent mode, restricted data processing, ads personalization, or comparable Google privacy controls to reflect legally required choices where supported and applicable. Opting out of sale, sharing, targeted advertising, or retargeting does not opt you out of service, transactional, security, or non-targeted contextual communications.

13.3 Sensitive personal information

Point does not use or disclose sensitive personal information to infer characteristics about you, or for advertising or retargeting, unless Point provides the required right to limit and other legally required notices or controls.

13.4 Rights

California residents may have rights to know, access, correct, delete, obtain a copy of, opt out of sale or sharing, limit sensitive personal information, and be free from discrimination for exercising rights.

13.5 Global Privacy Control

Where required by law, Point will honor browser-based opt-out preference signals, such as Global Privacy Control, for the browser or device that sends the signal. If Point processes such a signal on a public website or marketing property, Point will treat it as an opt-out of sale, sharing, and targeted advertising for that browser or device where legally required.

13.6 Minors

Point does not knowingly sell or share personal information of individuals under 16.


14. Cookies, analytics, advertising, retargeting, and “Do Not Track”

Point may use cookies, pixels, SDKs, local storage, device identifiers, and similar technologies for essential operations, authentication, security, preferences, analytics, performance, marketing, advertising, retargeting, attribution, and campaign measurement where lawful.

CategoryExamplesChoice approach
Essential and security technologiesLogin, session management, CSRF protection, fraud prevention, load balancing, service integrityRequired for the Services and generally cannot be disabled through Point cookie controls
Preference and functional technologiesLanguage, timezone, display preferences, saved settingsMay be configurable in browser, device, or Point settings
Analytics and performance technologiesProduct analytics, crash reporting, page or screen analytics, feature usage, diagnostics, Google Analytics where enabledSubject to consent or opt-out where required
Advertising and retargeting technologiesGoogle tags, Google Ads conversion tags, remarketing tags, ad cookies, campaign identifiers, conversion measurement, Customer Match or audience exclusions if enabled, enhanced conversions if enabled, retargetingSubject to consent or opt-out where required; may be treated as sale, sharing, or targeted advertising under some laws

Current initial advertising and measurement vendor:

VendorProducts or functionsCategories made availableRole and choices
Google LLC, Google Ireland Limited, or another applicable Google affiliateGoogle Ads, Google Analytics, Google Tag, Google Tag Manager, conversion tracking, remarketing, Enhanced Conversions, Customer Match, Campaign Manager, Display & Video 360, Search Ads 360, or comparable Google advertising and measurement services where enabledPublic website or marketing-property activity, URL/referral, IP address, approximate location, device/browser information, cookie or advertising identifiers, campaign identifiers, conversion events, demo/trial/account/plan events, hashed business contact information, and opt-out or suppression recordsGoogle’s role depends on product and configuration. Point will provide consent, opt-out, opt-out-preference-signal, restricted-data-processing, ads-personalization, and regional controls where required or appropriate. Customer Content and connected-account data are excluded.

Where required, Point will provide cookie notices, consent mechanisms, opt-out controls, or settings. In the EEA, UK, Switzerland, and other jurisdictions requiring opt-in consent for non-essential cookies, Point will seek consent before using advertising, retargeting, or non-essential analytics cookies. Point may implement Google Consent Mode or similar consent-signaling tools so Google tags adjust behavior based on consent choices, where configured.

Some browsers send “Do Not Track” signals. There is no uniform industry standard for responding to these signals. Point responds to legally required opt-out preference signals, such as Global Privacy Control, where applicable.


15. Marketing choices

Point may send business, product, event, and promotional communications where lawful. You may opt out of marketing emails using the unsubscribe link or by contacting us.

Even if you opt out of marketing, Point may still send transactional, service, security, legal, billing, and account communications.


16. Organization workspaces

If you use Point through an organization:

  1. your organization may control the workspace and Customer Content;
  2. admins may access, manage, export, delete, or restrict information associated with the workspace;
  3. your organization’s policies may apply; and
  4. Point may process Customer Content on your organization’s behalf under the Agreement.

Contact your organization for questions about its privacy practices.


17. Third-party services

The Services may link to or integrate with third-party services, including email providers, calendar providers, app stores, payment processors, identity providers, advertising partners, analytics providers, and AI providers. Third-party services have their own terms and privacy policies. Point is not responsible for their privacy practices.

When you or your organization connects Google, Microsoft, or another provider account, that provider may continue to process personal information under its own terms with you or your organization. Point’s access to that account is limited by the scopes, permissions, provider policies, and settings you authorize.

Point’s use of Google as an advertising technology vendor is separate from Point’s access to Google APIs for Gmail, Google Calendar, Google Sign-In, Google Workspace APIs, or other Connected Account functions. Point does not use Google API data or Customer Content for Google advertising, retargeting, Customer Match, enhanced conversions, or advertising profile creation.


18. Children

The Services are not directed to children under 13, and Point does not knowingly collect personal information from children under 13. If you believe a child has provided personal information to Point, contact us.


19. Changes to this Policy

Point may update this Policy from time to time. The updated version will become effective when posted or otherwise communicated, unless a later effective date is stated. If required by law, Point will provide additional notice of material changes.


20. Contact

For questions or requests about this Policy or Point’s privacy practices, contact:

Point
Advanced Mail Solutions, Inc.
4770 Duckhorn Dr, Sacramento, CA 95834
Email: privacy@getpoint.ai
Website: getpoint.ai

For EEA, UK, or Swiss individuals, Point may provide additional representative or data protection officer contact details if required by law.