Pointpol logoPointpol

Privacy Policy

Effective date: 17 May 2026

1. Data controller

The data controller for Pointpol is Nicolas Christen, established in France. For any privacy question or to exercise your rights, contact contact@pointpol.com.

2. What data we collect

  • Account data: email address, hashed password (or Google OAuth identifier), display name, account creation date.
  • Profile & preferences: optional bio, avatar, language preference, notification preferences.
  • Content: questions, arguments and sources you post; votes, likes and saves.
  • Technical data: IP address and user-agent in server logs (kept short-term for security and abuse prevention).
  • Contact form: name, email and message you submit.

3. Why we use your data (purposes & legal bases)

  • Provide the Service (account, posting, voting, notifications) — performance of the contract (Art. 6(1)(b) GDPR).
  • Security & abuse prevention (rate limiting, log review, moderation) — legitimate interest (Art. 6(1)(f)).
  • Legal compliance (responding to lawful requests, retaining moderation records) — legal obligation (Art. 6(1)(c)).
  • Product improvement via aggregated, non-identifying analytics — legitimate interest (Art. 6(1)(f)).

4. Who we share data with (sub-processors)

We use the following service providers, each bound by GDPR-compliant agreements:

  • Lovable Cloud / Supabase — application hosting, database, authentication and file storage (EU region where available).
  • Google (OAuth) — only if you choose to sign in with Google. Google receives your identifier to confirm your sign-in.
  • Email provider — to send transactional emails (account confirmation, password reset, notifications).

We do not sell your personal data. We do not share it for advertising.

5. International transfers

Our sub-processors may operate in the EU and, in some cases, outside the EU. When data leaves the EU, transfers rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. Retention

  • Account data: kept while your account is active.
  • Posted content (questions, arguments): kept while the account exists; on deletion, content is removed or anonymised within 30 days, except where retention is required by law.
  • Server logs: up to 30 days.
  • Contact form messages: up to 24 months.

7. Your rights (GDPR)

You have the right to access, rectify, erase, restrict or object to the processing of your data, and the right to data portability. Where processing is based on consent, you can withdraw it at any time. You may lodge a complaint with a supervisory authority — in France, the CNIL.

To exercise any right, email contact@pointpol.com. We respond within one month.

8. Security

We use HTTPS, hashed passwords, server-side authorization (Row-Level Security) and least-privilege access. No system is perfect; we will notify affected users and the CNIL within 72 hours of any personal data breach likely to result in risk to your rights.

9. Children

Pointpol is not directed to children under 15. If we learn we have collected data from a child under 15 without parental consent, we will delete it.

10. Cookies

See our Cookie Notice for details on what we store on your device.

11. Changes

We will announce material changes to this policy in the app and update the effective date above.