Privacy Policy

PointBreak Business ("PointBreak", "we", "us", or "our") provides tools that help independent businesses manage operations, scheduling, documents, client workflows, and related business activity with a privacy-first and local-first approach.

This Privacy Policy explains what data we access, how we use it, how we store and protect it, how long we retain it, and how users can request deletion. It also explains how PointBreak interacts with Google user data when a user chooses to connect Google services, including Google Calendar and Gmail.

1. Scope of this policy

This policy applies to PointBreak Business, our website, and the connected product features we provide. It covers information we receive directly from users, operational data required to provide the service, and Google user data that a user explicitly authorizes us to access.

2. Data we access

Depending on the features you choose to use, PointBreak may access the following categories of data:

Account and service data

• Authentication and identity-related technical data required to sign in and secure access.
• Device and session-related technical data needed to protect the service and maintain authorized access.
• Operational and configuration data necessary to provide PointBreak product features.
• Technical logs, security signals, and audit records needed to operate, secure, and troubleshoot the service.

Google Calendar data

If you choose to connect Google Calendar, PointBreak may access calendar events and related event metadata only for the calendar functionality you authorize. This may include event titles, dates and times, locations, descriptions, recurrence information, attendees or related calendar metadata when available through the authorized scope.

Google Calendar data is used to let the user connect Google Calendar, import relevant calendar events into PointBreak, and, where enabled by the user, create PointBreak-related events in the user's Google Calendar.

Gmail data

If you choose to connect Gmail for document import, PointBreak may access Gmail data only through the Gmail scopes you authorize. The Gmail import feature is designed to help the user find and review business-related documents such as invoices, receipts, bills, and similar accounting or operational documents.

Depending on the authorized Gmail scope and the documents available in the user's mailbox, PointBreak may access message and attachment metadata, message identifiers, attachment identifiers, MIME information, PDF attachment bytes, and related technical information needed to locate, download, and prepare a document for user review.

PointBreak does not use Gmail access to read unrelated personal messages for advertising, marketing, profiling, or sale. Gmail access is used only to support the user-requested document import workflow.

Local business data

PointBreak stores and processes the user's business workflow data locally in the app where practical. This may include local events, documents, money entries, drafts, settings, and review state that the user creates or confirms in the product.

3. How we use data

We use data solely to provide, secure, maintain, and improve the PointBreak service for the user who requested it.

• To authenticate users and protect access to the product.
• To provide scheduling, workflow, document, and business operations features.
• To enable connected-service features that the user explicitly activates.
• To prepare imported documents for user review and user-approved saving inside PointBreak.
• To support troubleshooting, security monitoring, abuse prevention, and service integrity.
• To comply with applicable legal obligations.

How Google user data is used

• Google Calendar data is used to connect the user's Google Calendar, import relevant events into PointBreak, and support user-enabled calendar write features.
• Gmail data is used to locate business-related PDF attachments, prepare them for local review, and allow the user to decide whether to save them as PointBreak business records.
• Gmail message and attachment identifiers may be used as technical references to avoid duplicate processing and to continue a user-requested import workflow.

We do not use Google user data for advertising. We do not sell Google user data. We do not use Google user data to determine creditworthiness, eligibility, employment decisions, or other unrelated purposes.

4. Gmail import processing

Gmail document import is initiated by the user. PointBreak scans for candidate documents within the product's configured import window and prepares candidate documents for review. A document is not saved as a PointBreak money or business record unless the user reviews and confirms the action inside the app.

The Gmail import workflow is designed so that Gmail message content, PDF attachment content, OCR text, and document interpretation are processed locally on the user's device where practical. PointBreak's server does not need to receive Gmail message bodies, PDF attachment bytes, OCR text, invoice text, receipt text, or extracted document contents for the Gmail import workflow.

The server may be used for technical control-plane functions such as authentication, connection authorization, token vending, security checks, and technical audit records. These server-side functions are intended to avoid storing human-readable Gmail content.

5. AI / machine learning use of Google user data

PointBreak does not use Google Workspace API data to develop, improve, or train generalized, non-personalized artificial intelligence or machine learning models.

If PointBreak uses automation, OCR, classification, or machine-assisted processing inside the product, that processing is limited to delivering the specific user-facing feature requested by the user and is not used to build generalized models from Google user data.

6. Data sharing

We do not sell personal data, and we do not sell Google user data.

We do not share Google user data with third parties except in the limited circumstances below:

• With service providers that help us operate, secure, or maintain the service.
• When required by applicable law, regulation, legal process, or enforceable governmental request.
• To protect the rights, security, and integrity of PointBreak, our users, or the public.
• As part of a merger, acquisition, financing, or similar corporate transaction, subject to applicable safeguards.

Where third-party service providers are involved, they are expected to process data only as necessary to provide services to us and not for their own unrelated purposes.

7. Data storage and protection

PointBreak is designed with a privacy-first and local-first architecture intended to minimize unnecessary exposure of user data.

Our design goal is to keep business interpretation and ongoing business workflow as local to the user as practical, while the server side is limited to technical control-plane, transport, security, storage, backup, restore, and audit-related functions.

• We use access controls and authentication protections to restrict access to authorized users and systems.
• We use technical safeguards designed to protect data in transit and at rest where applicable.
• We limit operational exposure of connected-service data and aim to minimize unnecessary server-side retention.
• We maintain technical logs and audit records only as needed for service operation, reliability, and security.
• Where possible, business documents and imported artifacts are stored locally on the user's device rather than as human-readable server records.

When connected Google services are used, PointBreak is designed to avoid unnecessary long-term storage or broad redistribution of Google user data.

8. Data retention and deletion

We retain data only for as long as needed to provide the service, maintain service integrity, comply with legal obligations, resolve disputes, and enforce our agreements.

Google-connected data

• Users may revoke Google-connected access through their Google account permissions or by discontinuing the connected feature.
• If a user disconnects Google access, PointBreak will no longer access Google data through that revoked authorization going forward.
• Locally stored imported drafts, documents, runtime summaries, and user-confirmed business records remain under the user's PointBreak local data and deletion controls.
• Technical audit records may be retained where needed for security, integrity, legal, fraud-prevention, backup, or compliance reasons.

Deletion requests

Users may request deletion of their PointBreak-related data by contacting us at Ofer@pointbreaktechs.com.

Upon receiving a valid deletion request, we will review it and take reasonable steps to delete or de-identify applicable data, unless retention is required for legal, security, fraud-prevention, audit, backup, or compliance reasons.

9. User choices and controls

• You may choose whether to connect Google services.
• You may choose whether to run Gmail document import.
• You may review imported Gmail documents before saving them as PointBreak records.
• You may revoke Google access through your Google account permissions.
• You may stop using connected features at any time.
• You may contact us to request deletion or ask privacy-related questions.

10. Compliance with Google API Services User Data Policy

PointBreak's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

11. Children’s privacy

PointBreak Business is not directed to children, and we do not knowingly collect personal data from children.

12. International transfers

Depending on where you use PointBreak, data may be processed in jurisdictions other than your own. Where applicable, we take reasonable measures designed to ensure data is handled with appropriate safeguards.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we may update the date above and take other appropriate steps to notify users where required.

14. Contact

For privacy-related questions, deletion requests, or Google data handling questions, contact Ofer@pointbreaktechs.com.