Point11
  • Demo
  • Pricing
  1. Home
  3. Privacy

Privacy Policy

Last updated: April 26, 2026

Introduction

Point11, Inc. (“Point11,” “we,” “us,” or “our”) is committed to building trustworthy AI-powered products for enterprise organizations. We believe that strong privacy practices are foundational to the responsible deployment of AI, and we design our systems with privacy, security, and transparency as core principles.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our products, or engage with our services.

Scope and Roles

Point11 operates in different capacities depending on the context:

  • Data controller — when you visit our website, fill out forms, or interact with our marketing materials, Point11 determines the purposes and means of processing your personal data.
  • Data processor— when we process data on behalf of our enterprise clients (for example, when end users interact with an AI agent deployed on a client's website), the client is the controller and Point11 acts as a processor under the terms of a Data Processing Agreement (DPA).

When Point11 acts as a processor, the enterprise client's privacy policy governs how end-user data is collected and used. This Privacy Policy primarily describes our practices when we act as a controller. Our processing of customer content and enterprise platform data is governed by the applicable DPA and service agreement.

Information We Collect

We may collect the following types of information:

  • Contact information — name, email address, phone number, and company name when you fill out forms, request a demo, or contact us.
  • Usage data — information about how you interact with our website and products, including pages visited, features used, and session duration.
  • Device information — browser type, operating system, IP address, and device identifiers collected automatically through cookies and similar technologies.
  • Business information — company size, industry, and role provided during onboarding or sales conversations.
  • AI interaction data — when you interact with our AI agents (chat or voice) on the Point11 website, we may collect conversation content, session metadata, and any information you voluntarily provide during the conversation.

How We Use Your Information

  • Provide, maintain, and improve our products and services.
  • Respond to inquiries, provide support, and communicate with you about your account.
  • Send marketing communications, product updates, and promotional offers (you may opt out at any time).
  • Analyze usage patterns to improve user experience and develop new features.
  • Comply with legal obligations and enforce our terms of service.
  • Generate aggregated, de-identified, or anonymized data for benchmarking, analytics, and product improvement. This data cannot reasonably be used to identify you.

AI Data Practices

Point11 provides AI-powered products and services to enterprise clients. We are committed to transparent and responsible data practices in all of our AI systems:

  • No model training on customer data — we do not use customer data, client content, or end-user interactions to train or fine-tune AI models. This commitment extends to all of our subprocessors and AI infrastructure providers, who are contractually prohibited from using customer data for model training.
  • Zero data retention by AI providers — our agreements with third-party AI model providers require that prompts, inputs, and completions are not retained by the provider beyond the duration of the API request. No provider personnel have access to customer prompts or completions.
  • Data isolation— enterprise client data is logically separated and is not shared across accounts or clients. Each client's data is processed independently and is inaccessible to other clients.
  • AI-generated outputs — content generated by our AI systems (such as recommendations, search results, or voice responses) is produced in real time and is not stored beyond the duration of the session unless explicitly configured by the client.
  • Content safety — our AI systems include automated safety measures to detect and prevent misuse. Conversations may be flagged by automated systems for policy violations. Flagged content may be reviewed to enforce our acceptable use policies and improve safety.
  • Data processing agreements — enterprise clients may enter into a Data Processing Agreement (DPA) that governs how we process data on their behalf, including data subject rights procedures, subprocessor management, and international transfer mechanisms.

Automated Decision-Making

Our AI-powered products generate recommendations, search results, and conversational responses using automated processing. These outputs are informational and advisory in nature. Point11 does not use solely automated processing to make decisions that produce legal effects or similarly significant effects on individuals.

Where our AI agents facilitate actions such as scheduling meetings or capturing contact information, these actions are initiated by the user and require user confirmation. For enterprise clients using AI agents in commerce contexts, final purchase decisions remain with the end user or are subject to the client's own approval workflows.

You have the right to request human review of any AI-driven recommendation or decision. To make such a request, contact us at privacy@point11.com.

Responsible AI

We are committed to developing and deploying AI responsibly. Our approach is guided by the following principles:

  • Transparency — we clearly disclose when users are interacting with AI systems, and we provide meaningful information about how our AI processes data.
  • Human oversight — our AI products are designed to augment human decision-making, not replace it. Enterprise clients maintain control over how AI outputs are used within their organizations.
  • Accuracy and reliability — AI-generated content may contain errors or inaccuracies. Outputs should not be relied upon as professional, legal, financial, or medical advice.
  • Fairness — we work to identify and mitigate potential biases in our AI systems and monitor outputs for equitable treatment across user groups.
  • Regulatory compliance — we monitor and evaluate emerging AI legislation and regulatory frameworks to ensure our practices remain compliant as the legal landscape evolves.

Content Ownership

You retain ownership of any content or data you provide to us. For enterprise clients, all input provided to and output generated by our AI systems remains the property of the client. Point11 claims no intellectual property rights over customer content or AI-generated outputs, and we receive only a limited license to process such content as necessary to deliver our services.

This license terminates upon expiration or termination of the applicable service agreement.

Cookies and Tracking Technologies

We use cookies, local storage, web beacons, and similar technologies to collect usage data and improve our services. These include authentication state (WorkOS session cookie), CSRF protection, rate-limit counters, product analytics (PostHog), page-view and Core Web Vitals telemetry (Vercel Analytics, Vercel Speed Insights), and Google Ads conversion tracking (gtag.js).

You can block third-party cookies through your browser settings; disabling certain cookies may limit functionality.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service providers and subprocessors — trusted third parties who assist us in operating our platform, including cloud hosting, analytics, AI model inference, voice synthesis, and customer relationship management providers. These providers are contractually obligated to protect your data, may only use it to perform services on our behalf, and are prohibited from using customer data for their own purposes, including model training. We maintain a list of our key subprocessors, which is available to enterprise clients and upon request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • Legal requirements — when required by law, regulation, or valid legal process. We evaluate all requests for legal validity, notify affected customers of government or law enforcement requests for their data unless we are legally prohibited from doing so, and disclose only the minimum information required.

Subprocessors

We use the following named third parties to deliver our services. Each is bound by a data-processing addendum prohibiting use of customer data for their own purposes (including model training):

  • Vercel — application hosting, edge compute, content delivery; Vercel Analytics (anonymized page-view counts) and Vercel Speed Insights (anonymized Core Web Vitals). United States.
  • Neon — managed Postgres database. United States.
  • Upstash — managed Redis (cache, rate limiting, ephemeral session counters). Global.
  • WorkOS — identity, single sign-on, organization directory. United States.
  • Anthropic — large language model inference for chat agents. Zero-retention policy: prompts and completions are not stored beyond the request, not used for model training. United States.
  • ElevenLabs — voice agent speech synthesis and recognition (Convai). United States.
  • Stripe — payment processing, subscription lifecycle, invoicing. Global.
  • HubSpot — CRM and marketing-contact routing. Forms submitted on this site (contact, demo, talk-to-sales, partner-inquiry, score-review, scan-unlock, ai-chat-lead, general-inquiry) sync into HubSpot for sales follow-up. United States.
  • Apollo — outbound prospect data enrichment. United States.
  • PostHog — product analytics. Visitor IDs only; no PII (email is hashed before identify). United States, EU.
  • Google — Gmail API for transactional email (welcome, scan-notify, deletion-confirmation); Google Ads conversion tracking via gtag.js. United States.
  • Mapbox — map tiles for the careers and jobs pages (no user PII passed; only viewport coordinates). Global.

Form-message → HubSpot disclosure: when you submit a contact form on this site, the entire form payload — including any free-text message you write — is forwarded to HubSpot as a contact note so our sales team can respond in context. Do not include sensitive personal data (financial, health, government IDs) in form messages.

We provide at least 30 days' advance notice before engaging a new subprocessor. Enterprise clients may object to a new subprocessor in accordance with the terms of their DPA.

To request deletion of your personal data from our systems, email us at privacy@point11.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our primary data processing occurs in the United States. For questions about international transfers, contact us at privacy@point11.com.

Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption — AES-256 encryption at rest and TLS 1.2 or higher in transit.
  • Access controls — role-based access, multi-factor authentication, and least-privilege principles for all personnel.
  • Security assessments — regular security audits, vulnerability assessments, and penetration testing.
  • Employee training — all personnel with access to customer data receive security awareness training and are bound by confidentiality obligations.

However, no method of transmission over the Internet is completely secure.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities in accordance with applicable law, and no later than 72 hours after becoming aware of the breach where required. Enterprise clients will be notified as specified in their DPA.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include:

  • AI session data — conversation content and agent memory from AI interactions on the Point11 website are retained for the life of your account or until you delete them. When you delete a conversation, it is soft-deleted and permanently purged from our systems within 90 days. For non-authenticated users, conversation data is retained for up to 90 days for quality and safety purposes, then automatically deleted. Enterprise client AI session data is retained as specified in the applicable DPA.
  • Account and contact data — retained for the duration of our business relationship and for up to 3 years after your last interaction for follow-up and legal compliance purposes.
  • Usage and analytics data — retained in aggregate or anonymized form for up to 2 years for product improvement purposes.
  • Account deletion — when you delete your account, all associated data — including conversation history, agent memory, and profile information — is permanently purged from our active systems within 90 days.
  • Post-termination — upon termination of an enterprise service agreement, we will make customer data available for export for 30 days, after which it is deleted from our active systems. Backup copies are purged within 90 days of termination.

When information is no longer needed, we securely delete or anonymize it. We may retain certain data beyond these periods where required by law, regulation, or ongoing legal proceedings.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict processing of your data.
  • Request data portability.
  • Withdraw consent at any time.
  • Request human review of automated decisions.
  • Opt out of marketing communications by clicking the “unsubscribe” link in any email.

To exercise these rights, contact us at privacy@point11.com. We will verify your identity before processing your request and respond within 30 days (or 45 days for CCPA requests).

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know — you may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request deletion of your personal information, subject to certain exceptions.
  • Right to correct — you may request that we correct inaccurate personal information.
  • Right to opt out— we do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
  • Right to limit use of sensitive information — we do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at privacy@point11.com. We will verify your identity before processing your request and respond within 45 days.

Additional U.S. State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, or another U.S. state with comprehensive privacy legislation, you may have rights similar to those described above, including the right to access, correct, and delete your personal data, the right to opt out of targeted advertising, and the right to appeal a denial of your privacy request. To exercise these rights, contact us at privacy@point11.com.

Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@point11.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date. For material changes that affect how we process enterprise customer data, we will provide advance notice to affected clients.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@point11.com.

Point11

Analytics

  • Signal
  • Inspector
  • Journeys

Infrastructure

  • Site
  • Chat
  • Voice

Insights

  • Blog
  • Case Studies
  • Podcast
  • Learn
  • Benchmarks

Company

  • About
  • Careers
  • Contact
  • Partners
  • Pricing

Industries

  • Automotive
  • Education
  • Energy
  • Financial Services
  • Government
  • Healthcare
  • Insurance
  • Legal
  • Manufacturing
  • Media
  • Real Estate
  • Retail
  • Technology
  • Travel

Demo

  • Analytics
  • Retail
  • Government
© 2026 Point11 · Patent Pending
© 2026 Point11 · Patent PendingLegalPrivacyTermsSystem Status
System Status