Privacy Policy

Last updated: May 8, 2026

1. Introduction

Points Compass ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services. This policy complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA).

2. Information We Collect

2.1 Information You Provide

  • Account information — name, email address, province of residence
  • Spending profile data — monthly spending amounts by category (groceries, dining, gas, travel, etc.) that you enter into our calculator
  • Payment information — processed securely by Stripe; we do not store your credit card numbers

2.2 Information Collected Automatically

  • Usage data — pages visited, features used, report generation history
  • Device information — browser type, operating system, screen resolution
  • Log data — IP address, access times, referring URLs

2.3 Information We Do NOT Collect

  • Credit card numbers or full financial account details
  • Loyalty program login credentials
  • Social Insurance Numbers (SIN)
  • Actual transaction-level banking data

3. How We Use Your Information

We use your personal information to:

  • Provide and improve our credit card optimization tools
  • Generate personalized AI strategy reports based on your spending profile
  • Process subscription payments
  • Send service-related communications (account confirmation, plan changes, security alerts)
  • Analyze usage patterns to improve the Service

We will never sell your personal information to third parties.

4. Data Sharing & Third Parties

We share your data only with the following service providers, who process it on our behalf:

  • Supabase — database hosting and authentication (servers in North America)
  • Stripe — payment processing (Stripe Privacy Policy)
  • Lovable AI Gateway — AI report generation (your spending data is sent to generate reports; no data is retained by the AI provider after processing)

We may also disclose your information if required by law, court order, or to protect the rights and safety of our users.

5. Data Retention

  • Account data — retained while your account is active and for 30 days after deletion
  • Spending profiles — retained while your account is active
  • AI reports — retained for your access; deleted when you delete your account
  • Payment records — retained as required by Canadian tax law (up to 7 years)

6. Data Security & Backups

We protect your data using:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-Level Security (RLS) ensuring users can only access their own data
  • Secure authentication with email verification
  • Regular security reviews
  • Automated daily backups of the production database with point-in-time recovery, retained on a rolling 7-day window. Backups are stored encrypted in the same North American region as the primary database.
  • Service monitoring via uptime checks and error logging so issues affecting your account can be detected and addressed quickly

You may request an export of your personal data at any time by emailing ptscompass@gmail.com; we will deliver a machine-readable copy within 30 days.

No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies & Tracking

We use essential cookies for:

  • Authentication session management
  • Remembering your preferences

We do not use third-party advertising cookies or cross-site tracking pixels.

8. Your Rights Under PIPEDA

As a Canadian user, you have the right to:

  • Access — request a copy of your personal information
  • Correction — request correction of inaccurate data
  • Withdrawal of consent — withdraw consent for data processing (may limit Service functionality)
  • Deletion — request deletion of your account and associated data
  • Complaint — file a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at ptscompass@gmail.com. We will respond within 30 days.

9. Children's Privacy

Points Compass is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International Users

Points Compass is designed for the Canadian market. Your data is stored and processed in North America. By using the Service, you consent to the transfer and processing of your data in Canada.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact our Privacy Officer:

Points Compass
Email: ptscompass@gmail.com