Legal

Privacy policy

Effective May 9, 2026

This Privacy Policy describes how PointsGeek (“PointsGeek,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our website at pointsgeek.xyz, the PointsGeek browser extension, and any related products, features, or services (collectively, the “Services”). By using the Services, you agree to the practices described in this Policy.

If you have questions about this Policy or our practices, please see the “Contact Us” section at the end.

1. Information We Do Not Collect

Your bank, airline, and hotel login credentials never leave your device. PointsGeek does not access, store, or transmit your passwords or third-party session cookies anywhere. The extension operates entirely within the logged-in browser sessions you already have on supported financial websites and only reads the loyalty balance and card information visible on the page.

Specifically, the extension does not read, store, or transmit:

  • Your bank, airline, hotel, or other third-party site passwords;
  • Authentication cookies, session tokens, or similar credentials from third-party sites;
  • Full credit card numbers, CVVs, bank account numbers, or similar payment instrument data; or
  • Data from websites outside the supported financial domains listed in the extension’s manifest.

We may add support for additional domains or data types over time. Material changes will be reflected in this Policy.

2. Information We Collect

2.1 Information you provide to us

We collect information you provide directly, including:

  • Account information: when you create an account or sign in, we receive your name, email address, and (where provided) a profile image, either from the third-party identity provider you use to sign in (such as Google) or from information you submit directly.
  • Communications: messages, feedback, support requests, or other information you send us, including any attachments and contact information.
  • Preferences: settings you configure within the Services.

2.2 Information collected through the browser extension

The PointsGeek browser extension allows you to view your loyalty and rewards balances in a single dashboard. When you visit a supported financial website while signed in to that website and to the extension, the extension may collect:

  • Loyalty program balances (such as points or miles)
  • Loyalty program names, identifiers, and currency types (e.g., “Membership Rewards,” “SkyMiles”)
  • Credit card metadata where the site displays it, including issuer, product name, last four digits of a card, and card-art image URLs
  • Loyalty membership numbers, used to identify and group balances tied to the same loyalty account across visits
  • Cardholder display names where shown on the page
  • Sync timestamps, the supported domain that produced a sync, and status information (success, failure, error codes)

The extension transmits this information over an encrypted (HTTPS) connection to PointsGeek so it can be associated with your account and displayed on your dashboard.

2.3 Information collected automatically

When you use the Services, we and our service providers may automatically collect:

  • Usage information: pages or screens viewed, features used, actions taken, time spent, and similar engagement data.
  • Device and technical information: browser type and version, operating system, device identifiers, screen size, language, and time zone.
  • Log information: IP address, access times, and diagnostic information about requests and errors.
  • Cookies and similar technologies:see “Cookies and Similar Technologies” below.

2.4 Information from third parties

We may receive information about you from third parties, such as identity providers (when you sign in with Google), email delivery providers, hosting providers, and analytics providers, in connection with their respective services.

3. How We Use Information

We may use the information we collect to:

  • Provide, operate, maintain, secure, and improve the Services;
  • Authenticate users, prevent fraud, and protect the security and integrity of the Services and our users;
  • Display your aggregated balances and related information on your dashboard;
  • Communicate with you, including by sending sign-in codes, service updates, security alerts, transactional notices, and responses to your inquiries;
  • Send you news, marketing, promotional materials, and other information about PointsGeek, our products, our affiliates, and third parties we believe may be of interest to you (you may opt out at any time as described in “Your Choices”);
  • Personalize and customize the Services, including suggesting features, programs, partners, or content that may be relevant to you;
  • Perform research, analytics, statistical analysis, and product development;
  • Create aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, and use that data for any lawful purpose;
  • Comply with legal obligations, enforce our agreements, and respond to lawful requests; and
  • Carry out any other purpose described to you at the time the information is collected or with your consent.

4. How We Share Information

We may share information in the following circumstances:

4.1 Service providers

We share information with third parties that perform services on our behalf, such as cloud hosting, database hosting, authentication, email delivery, analytics, error reporting, fraud prevention, and customer support. These providers are required to handle information consistent with our instructions and applicable law.

4.2 Aggregated or de-identified information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for any purpose, including for research, analytics, marketing, advertising, industry reporting, partnership opportunities, and commercial use.

4.3 Business partners

We may share information with business partners, affiliates, or other organizations to offer co-branded experiences, promotions, integrations, or joint products and services, consistent with this Policy and applicable law.

4.4 Legal and safety

We may disclose information when we believe in good faith that disclosure is necessary to: (i) comply with applicable law, regulation, legal process, or governmental request; (ii) enforce our terms or other agreements; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of PointsGeek, our users, or others.

4.5 Business transfers

We may transfer or disclose information in connection with a merger, acquisition, financing, reorganization, sale of all or a portion of our assets, bankruptcy, or other change-of-control transaction, or in contemplation of such a transaction.

4.6 With your direction or consent

We may share information with other parties when you direct us to or otherwise consent to the sharing.

5. Cookies and Similar Technologies

We and our service providers use cookies, local storage, extension storage, and similar technologies to operate and improve the Services, remember your preferences, keep you signed in, secure your session, understand how the Services are used, and for analytics and marketing purposes. Most browsers allow you to control cookies through their settings; restricting cookies may affect the functionality of the Services.

6. Your Choices

  • Account information: you may review and update certain account information through your account settings.
  • Marketing communications: if you receive marketing communications from us, you may opt out by following the unsubscribe instructions in those communications or by contacting us. You may continue to receive transactional or service-related messages.
  • Cookies: you may configure your browser to refuse or delete cookies; certain features may not function as intended without them.
  • Account deletion: you may request deletion of your account and associated information using the methods described in Section 9.

7. Children

The Services are not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to remove it.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information, including HTTPS encryption in transit, encryption at rest, hashed authentication tokens, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

9. Data Retention and Deletion

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, and comply with our legal obligations. Retention periods may vary depending on the type of information and the purpose for which it is processed. You may request deletion of your account and associated information by emailing us at pointsgeekxyz@gmail.com from the email address associated with your account. We may retain certain information after deletion as permitted or required by law, including for fraud prevention, dispute resolution, security, and recordkeeping purposes.

10. Third-Party Services

The Services may interact with, link to, or rely on third-party websites, applications, or services (including the financial websites the extension reads from, identity providers used for sign-in, and other partner services). We are not responsible for the privacy practices of those third parties. Their use of your information is governed by their own privacy policies and terms.

11. International Users

PointsGeek is operated from the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate, and that data protection laws in those jurisdictions may differ from those in your country.

12. Your Rights

Depending on where you live, applicable law (such as the California Consumer Privacy Act/CPRA, the EU General Data Protection Regulation, or other state and national privacy laws) may give you rights to access, correct, update, port, restrict, or delete personal information about you, to opt out of certain uses or disclosures, or to lodge a complaint with a data protection authority. To exercise any rights you may have, please contact us at pointsgeekxyz@gmail.com. We may request information sufficient to verify your identity before acting on a request.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective” date at the top of this page and may provide additional notice (such as by email or in-product announcement). Your continued use of the Services after any update constitutes your acceptance of the updated Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our practices, please email us at pointsgeekxyz@gmail.com. You may also reach the developer of the PointsGeek browser extension through the contact information displayed on the extension’s listing in your browser’s extension store.

For our terms of service, see our Terms of Service.