Privacy Policy — Point (Chrome Extension)

Last updated: March 23, 2026

Operator: Point Labs ("we", "us").
Contact: mradul.master@gmail.com

This policy describes how the Point browser extension ("Point", "the extension") and its associated online services handle information when you use Point. Point lets you highlight text on web pages, add comments, connect with friends, and receive notifications when others share content with you.

Summary

Point works with a backend service hosted on Convex (a third-party cloud provider). When you use Point, we process account data, content you create (highlights and comments), friend relationships, and notification data as described below. The extension also stores a small amount of data locally in your browser.

Information we collect and process

Account and authentication

• Username and password are submitted when you sign in or create an account. Passwords are processed using industry-standard hashing on the server; we do not store plaintext passwords in a recoverable form.
• Session token issued by the server after login is stored locally in the extension (chrome.storage.local, key pointAuth) so you stay signed in until you log out.

Content and activity on web pages

• Highlights include the page URL, page title (when available), the selected text, and DOM location data (XPath and offsets) so highlights can be shown in the correct place.
• Comments are text you attach to a highlight; they are stored with your account on the backend.
• "Points" (notifications) may include preview text, source URL, sender identity, and related metadata.

Friends and social features

We process friend requests, accept/reject actions, friend lists, and identifiers needed to connect accounts.

Optional local-only data in your browser

• API base URL override: If set, stored under pointApiBase in chrome.storage.local.
• UI preferences: Panel position and similar settings in localStorage.

We do not sell your personal information.

Where data is stored

• Convex (third-party processor): User accounts, authentication tokens, highlights, comments, friend relationships, and notification records are stored and processed in our Convex deployment.
• Your device: Session and settings in chrome.storage.local, and optional localStorage keys.

How we use information

• To authenticate you and keep your session.
• To store and display highlights and comments you create.
• To operate friend requests, friend lists, and notifications.
• To troubleshoot, secure the service, and comply with law when required.

Sharing

• We use Convex to host backend data and HTTP APIs.
• Highlights and comments are visible to other users according to application rules.
• We may disclose information if required by law or to protect rights and safety.

Data retention and deletion

You may request deletion or export of personal data by contacting mradul.master@gmail.com. Clearing extension data in Chrome or logging out removes local storage.

Security

We use HTTPS for API traffic and protect passwords with hashing on the server.

Children

Point is not directed at children under 13. We do not knowingly collect personal information from children.

International users

Data may be processed in the United States or other regions where Convex operates.

Changes

We may update this policy from time to time. Changes will be posted with a new "Last updated" date.

Contact

Questions: mradul.master@gmail.com

This privacy policy is provided for Chrome Web Store compliance. Review with qualified counsel before publication if needed.