Privacy Policy

Effective: April 2, 2026 · Last updated: May 22, 2026

1. Information We Collect

1a. Account Information

When you create an account, we collect your email address. This is used solely for authentication via magic link sign-in. We do not collect your name, phone number, or physical address. Payment information is handled entirely by Stripe. We do not store or process credit card numbers or banking information.

1b. Game Data

When you upload PBVision game exports (or data from other compatible sources), raw shot-level data is processed in your browser. Core analysis (coaching insights, gel scores, scouting) is processed by our secure API. Structured results — ratings, statistics, coaching insights — are sent to the API and stored in your personal cloud account so you can access them across devices.

1c. Technical & Usage Data

We do not use third-party analytics services, tracking pixels, advertising cookies, or fingerprinting. We may collect minimal server-side data for security and operational purposes: IP addresses in request logs (retained for up to 30 days), request timestamps, and error logs. This data is used solely for abuse prevention, rate limiting, and debugging.

2. How We Use Your Information

• Authentication: Your email is used to send magic link sign-in emails. We do not send marketing, promotional, or newsletter emails unless you explicitly opt in to such communications in the future.
• Service delivery: Your game data is stored and processed to provide dashboard analytics, coaching priorities, matchup scouting, performance tracking, and drill recommendations.
• Security: We use rate limiting, session management, and server logs to protect your account and the Service from unauthorized access and abuse.
• Product improvement: We use anonymized, aggregated data (see Section 5) to improve the Service, develop new features, and train machine learning models.
• Game import: If you use the email import feature, we process the content of emails sent to your personal PointIQ inbox address (games+{token}@inbound.vibral.org) solely to extract PBVision game links and import them to your library. Email content is not stored beyond the import transaction.

3. Data Storage & Security

Your data is stored in Cloudflare R2 object storage, distributed across Cloudflare's global edge network. Your email address is hashed using SHA-256 to create your storage namespace — your plaintext email is not visible in storage keys or file paths.

Sessions are managed via HttpOnly, Secure cookies that expire after 30 days. Magic link tokens are single-use and expire after 15 minutes. All data is transmitted over HTTPS/TLS.

While we implement reasonable security measures, no system is perfectly secure. We encourage you to use a secure email account for authentication, as your email inbox is the primary access vector to your PointIQ account.

If you use the email import feature, you are assigned a personal inbox address (games+{token}@inbound.vibral.org) where {token} is a unique opaque identifier. This address is not tied to your personal email address in storage and can be rotated by contacting us.

4. Data Processing

All game analysis — coaching insights, shot accuracy, rating calculations, matchup scouting, heatmaps, and drill recommendations — is performed entirely in your web browser using client-side JavaScript. Raw game data files are never uploaded to or processed on our servers.

The structured output (processed statistics, computed ratings, shot records) is synced to your personal cloud storage. This is the only data that leaves your browser.

5. Anonymized & Aggregated Data

We may create anonymized, aggregated, de-identified datasets derived from usage of the Service. This process involves:

• Removing all personally identifiable information (email, account IDs, player names)
• Hashing or discarding any identifiers that could be used to re-identify individuals
• Aggregating data across many users so individual patterns cannot be isolated

We use this anonymized data to improve the Service, develop features (such as benchmarks, percentile rankings, and skill-level analytics), train machine learning models, and conduct internal research.

We never sell, license, or share data that identifies you. Anonymized data cannot be traced back to any individual user. This right is described in our Terms of Service (Section 3c).

6. Data Sharing

We never sell your personal data. We do not share your personal information or identifiable game data with third parties except as required to operate the Service:

• Cloudflare: Our infrastructure provider that hosts data storage, the API, and the website. Subject to Cloudflare's Privacy Policy.
• Resend: Our email delivery provider, used solely to send authentication emails (magic links). Subject to Resend's Privacy Policy.
• Stripe: Payment processing for paid subscriptions. We pass only the information Stripe requires to complete the transaction. Subject to Stripe's Privacy Policy.
• Mailgun: Email delivery infrastructure for the game import feature. Processes inbound emails sent to your personal PointIQ inbox address. Subject to Mailgun's Privacy Policy.

We may also disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of Vibral or others.

7. Your Rights

You have the right to:

• Access: Your full game data and analytics are accessible through the app at any time.
• Export: You can export your game library and data from the app.
• Correction: Contact us to correct any inaccurate account information.
• Deletion: Contact us at support@vibral.org to request complete account and data deletion. We will process deletion requests within 30 days.
• Portability: You may request a copy of your data in a standard machine-readable format.

If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Contact us to exercise these rights.

8. Cookies

We use a single essential cookie (pointiq_session) for authentication. This cookie is HttpOnly (not accessible to JavaScript), Secure (transmitted only over HTTPS), and expires after 30 days.

We do not use advertising cookies, tracking cookies, analytics cookies, or third-party cookies of any kind. We do not participate in ad networks or cross-site tracking.

9. Children's Privacy

PointIQ is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account or provided us with personal information, please contact us immediately at support@vibral.org and we will delete the account and data.

10. International Data Transfers

Your data is stored on Cloudflare's global network, which may process data in multiple jurisdictions. By using the Service, you consent to the transfer and processing of your data outside your country of residence. Cloudflare maintains appropriate data protection safeguards as described in their privacy policy.

11. Data Retention

We retain your account data and game data for as long as your account is active. After account deletion, we retain data for up to 30 days (to allow recovery if deletion was accidental), after which it is permanently deleted. Server logs are retained for up to 30 days. Anonymized, aggregated data is retained indefinitely.

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you via email or through the app at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

Questions or concerns about this Privacy Policy or your data? Contact us at support@vibral.org.

PointIQ is operated by Vibral.