Point11

Privacy Policy

Last updated: February 18, 2026

Introduction

Point11, Inc. (“Point11,” “we,” “us,” or “our”) is committed to building trustworthy AI-powered products for enterprise organizations. We believe that strong privacy practices are foundational to the responsible deployment of AI, and we design our systems with privacy, security, and transparency as core principles.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our products, or engage with our services.

Scope and Roles

Point11 operates in different capacities depending on the context:

  • Data controller — when you visit our website, fill out forms, or interact with our marketing materials, Point11 determines the purposes and means of processing your personal data.
  • Data processor — when we process data on behalf of our enterprise clients (for example, when end users interact with an AI agent deployed on a client's website), the client is the controller and Point11 acts as a processor under the terms of a Data Processing Agreement (DPA).

When Point11 acts as a processor, the enterprise client's privacy policy governs how end-user data is collected and used. This Privacy Policy primarily describes our practices when we act as a controller. Our processing of customer content and enterprise platform data is governed by the applicable DPA and service agreement.

Information We Collect

We may collect the following types of information:

  • Contact information — name, email address, phone number, and company name when you fill out forms, request a demo, or contact us.
  • Usage data — information about how you interact with our website and products, including pages visited, features used, and session duration.
  • Device information — browser type, operating system, IP address, and device identifiers collected automatically through cookies and similar technologies.
  • Business information — company size, industry, and role provided during onboarding or sales conversations.
  • AI interaction data — when you interact with our AI agents (chat or voice) on the Point11 website, we may collect conversation content, session metadata, and any information you voluntarily provide during the conversation.

How We Use Your Information

  • Provide, maintain, and improve our products and services.
  • Respond to inquiries, provide support, and communicate with you about your account.
  • Send marketing communications, product updates, and promotional offers (you may opt out at any time).
  • Analyze usage patterns to improve user experience and develop new features.
  • Comply with legal obligations and enforce our terms of service.
  • Generate aggregated, de-identified, or anonymized data for benchmarking, analytics, and product improvement. This data cannot reasonably be used to identify you.

AI Data Practices

Point11 provides AI-powered products and services to enterprise clients. We are committed to transparent and responsible data practices in all of our AI systems:

  • No model training on customer data — we do not use customer data, client content, or end-user interactions to train or fine-tune AI models. This commitment extends to all of our subprocessors and AI infrastructure providers, who are contractually prohibited from using customer data for model training.
  • Zero data retention by AI providers — our agreements with third-party AI model providers require that prompts, inputs, and completions are not retained by the provider beyond the duration of the API request. No provider personnel have access to customer prompts or completions.
  • Data isolation — enterprise client data is logically separated and is not shared across accounts or clients. Each client's data is processed independently and is inaccessible to other clients.
  • AI-generated outputs — content generated by our AI systems (such as recommendations, search results, or voice responses) is produced in real time and is not stored beyond the duration of the session unless explicitly configured by the client.
  • Content safety — our AI systems include automated safety measures to detect and prevent misuse. Conversations may be flagged by automated systems for policy violations. Flagged content may be reviewed to enforce our acceptable use policies and improve safety.
  • Data processing agreements — enterprise clients may enter into a Data Processing Agreement (DPA) that governs how we process data on their behalf, including data subject rights procedures, subprocessor management, and international transfer mechanisms.

Automated Decision-Making

Our AI-powered products generate recommendations, search results, and conversational responses using automated processing. These outputs are informational and advisory in nature. Point11 does not use solely automated processing to make decisions that produce legal effects or similarly significant effects on individuals.

Where our AI agents facilitate actions such as scheduling meetings or capturing contact information, these actions are initiated by the user and require user confirmation. For enterprise clients using AI agents in commerce contexts, final purchase decisions remain with the end user or are subject to the client's own approval workflows.

You have the right to request human review of any AI-driven recommendation or decision. To make such a request, contact us at privacy@point11.com.

Responsible AI

We are committed to developing and deploying AI responsibly. Our approach is guided by the following principles:

  • Transparency — we clearly disclose when users are interacting with AI systems, and we provide meaningful information about how our AI processes data.
  • Human oversight — our AI products are designed to augment human decision-making, not replace it. Enterprise clients maintain control over how AI outputs are used within their organizations.
  • Accuracy and reliability — AI-generated content may contain errors or inaccuracies. Outputs should not be relied upon as professional, legal, financial, or medical advice.
  • Fairness — we work to identify and mitigate potential biases in our AI systems and monitor outputs for equitable treatment across user groups.
  • Regulatory compliance — we monitor and evaluate emerging AI legislation and regulatory frameworks to ensure our practices remain compliant as the legal landscape evolves.

Content Ownership

You retain ownership of any content or data you provide to us. For enterprise clients, all input provided to and output generated by our AI systems remains the property of the client. Point11 claims no intellectual property rights over customer content or AI-generated outputs, and we receive only a limited license to process such content as necessary to deliver our services.

This license terminates upon expiration or termination of the applicable service agreement.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to collect usage data and improve our services. These include:

  • Essential cookies — required for basic site functionality such as navigation and form submission.
  • Analytics cookies — help us understand how visitors interact with our website so we can improve it.
  • Marketing cookies — used to deliver relevant advertising and measure campaign performance.

You can control cookies through your browser settings. Disabling certain cookies may limit certain functionality of our website.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service providers and subprocessors — trusted third parties who assist us in operating our platform, including cloud hosting, analytics, AI model inference, voice synthesis, and customer relationship management providers. These providers are contractually obligated to protect your data, may only use it to perform services on our behalf, and are prohibited from using customer data for their own purposes, including model training. We maintain a list of our key subprocessors, which is available to enterprise clients and upon request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • Legal requirements — when required by law, regulation, or valid legal process. We evaluate all requests for legal validity, notify affected customers of government or law enforcement requests for their data unless we are legally prohibited from doing so, and disclose only the minimum information required.

Subprocessors

We use the following categories of subprocessors to deliver our services:

  • Cloud infrastructure — hosting, compute, and content delivery.
  • AI model providers — large language model inference and natural language processing.
  • Voice AI — speech synthesis and voice agent infrastructure.
  • CRM and communications — customer relationship management, email delivery, and lead routing.
  • Analytics — website analytics and product usage measurement.
  • Payment processing — secure handling of payment transactions.

A detailed subprocessor list with entity names, purposes, and processing locations is available to enterprise clients under their DPA. We provide at least 30 days' advance notice before engaging a new subprocessor, and clients may object to a new subprocessor in accordance with the terms of their DPA. To request the current subprocessor list, contact us at privacy@point11.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our primary data processing occurs in the United States. When we transfer data internationally, we use appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • The UK International Data Transfer Addendum (IDTA) for transfers from the United Kingdom.
  • Adequacy decisions where applicable.

For copies of the safeguards we use for international transfers, contact us at privacy@point11.com.

Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption — AES-256 encryption at rest and TLS 1.2 or higher in transit.
  • Access controls — role-based access, multi-factor authentication, and least-privilege principles for all personnel.
  • Security assessments — regular security audits, vulnerability assessments, and penetration testing.
  • Employee training — all personnel with access to customer data receive security awareness training and are bound by confidentiality obligations.

However, no method of transmission over the Internet is completely secure.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities in accordance with applicable law, and no later than 72 hours after becoming aware of the breach where required. Enterprise clients will be notified as specified in their DPA.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include:

  • AI session data — conversation content and agent memory from AI interactions on the Point11 website are retained for the life of your account or until you delete them. When you delete a conversation, it is soft-deleted and permanently purged from our systems within 90 days. For non-authenticated users, conversation data is retained for up to 90 days for quality and safety purposes, then automatically deleted. Enterprise client AI session data is retained as specified in the applicable DPA.
  • Account and contact data — retained for the duration of our business relationship and for up to 3 years after your last interaction for follow-up and legal compliance purposes.
  • Usage and analytics data — retained in aggregate or anonymized form for up to 2 years for product improvement purposes.
  • Account deletion — when you delete your account, all associated data — including conversation history, agent memory, and profile information — is permanently purged from our active systems within 90 days.
  • Post-termination — upon termination of an enterprise service agreement, we will make customer data available for export for 30 days, after which it is deleted from our active systems. Backup copies are purged within 90 days of termination.

When information is no longer needed, we securely delete or anonymize it. We may retain certain data beyond these periods where required by law, regulation, or ongoing legal proceedings.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict processing of your data.
  • Request data portability.
  • Withdraw consent at any time.
  • Request human review of automated decisions.
  • Opt out of marketing communications by clicking the “unsubscribe” link in any email.

To exercise these rights, contact us at privacy@point11.com. We will verify your identity before processing your request and respond within 30 days (or 45 days for CCPA requests).

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know — you may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request deletion of your personal information, subject to certain exceptions.
  • Right to correct — you may request that we correct inaccurate personal information.
  • Right to opt out — we do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
  • Right to limit use of sensitive information — we do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at privacy@point11.com. We will verify your identity before processing your request and respond within 45 days.

Additional U.S. State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, or another U.S. state with comprehensive privacy legislation, you may have rights similar to those described above, including the right to access, correct, and delete your personal data, the right to opt out of targeted advertising, and the right to appeal a denial of your privacy request. To exercise these rights, contact us at privacy@point11.com.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

  • Legal basis — we process your personal data based on: (a) your consent, (b) the performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests, provided those interests do not override your rights.
  • Data subject rights — in addition to the rights listed above, you may lodge a complaint with your local supervisory authority. You also have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
  • Data transfers — when your data is transferred outside the EEA, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or other approved transfer mechanisms.

For GDPR-related inquiries, contact us at privacy@point11.com.

Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@point11.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date. For material changes that affect how we process enterprise customer data, we will provide advance notice to affected clients.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@point11.com.