TeapotBack home

Privacy Policy

Last updated: April 24, 2026

Pointhaven Labs, LLC (“Pointhaven,” “we,” “us,” or “our”) operates the Teapot service (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service, you agree to the practices described here.

1. Information we collect

Account information

When you sign up, our authentication provider (Clerk) collects your email address and, if you use Google sign-in, your name and Google profile identifier. We store a minimal record in our database linking your Clerk user ID to your email and plan tier.

Content you upload

When you create a project, the CSV file you upload is parsed on our servers and stored as a Parquet file in our object storage (Cloudflare R2). Your uploads are accessible only to your account. We do not read, analyze, or disclose the contents of your uploads for any purpose other than operating the Service for you.

Usage data

We collect limited technical information about how you use the Service: IP address, browser type, device information, pages viewed, and timing. We use this information to operate, secure, and improve the Service.

Error and performance data

If the Service encounters an error, we use Sentry to capture diagnostic information (stack traces, the URL you were on, your user ID). This helps us find and fix bugs. Sentry is configured to scrub obvious secrets before sending.

Billing information

Payment details are collected and stored by our payment processor (Lemon Squeezy). We do not receive or store your full card number or bank credentials. We do receive a subscription identifier, your current plan tier, and billing status.

2. How we use your information

  • To operate the Service and provide the features you request
  • To authenticate you and secure your account
  • To bill you for paid plans and manage subscriptions
  • To communicate with you about the Service (operational emails, security notices, significant changes to Terms or Policy)
  • To detect, prevent, and address fraud, abuse, or technical issues
  • To comply with legal obligations

3. How we share information

We do not sell your personal information. We share information only with the service providers we use to run the Service (“sub-processors”), and only to the extent needed for them to perform their role. Current sub-processors:

  • Clerk — authentication, account management
  • Cloudflare — object storage (R2) for your uploaded files; DNS
  • MongoDB Atlas — metadata database (user records, project records)
  • Vercel — hosting for the web application
  • Railway — hosting for the backend API
  • Lemon Squeezy — payment processing, billing, tax handling
  • Sentry — error and performance monitoring
  • Google — optional OAuth sign-in (only if you choose to sign in with Google)

Each sub-processor has its own privacy and security commitments; most are SOC 2 certified or similar. We may update this list as we change providers; material changes will be noted in the “Last updated” date above.

We may also disclose information if we are required to by law, court order, or valid legal process, or to protect the rights, property, or safety of Pointhaven, our users, or others.

4. Data retention

We retain your account information and Your Content for as long as your account is active. When you delete a project, we delete its Parquet file from object storage and its metadata from our database, usually within a day. When you delete your account, we delete or anonymize your records within thirty (30) days, subject to any obligation to retain them for legal, tax, or accounting reasons.

5. Data security

We take reasonable steps to protect your information, including TLS encryption in transit, encryption at rest (via Cloudflare R2 and MongoDB Atlas), and scoped access credentials. No system is perfectly secure, and we cannot guarantee the security of data transmitted over the internet.

6. International transfers

Our servers and sub-processors are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where privacy laws may differ from those in your country.

7. Your choices and rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate information
  • Deletion — request that we delete your personal information
  • Portability — request a copy of Your Content in a machine-readable format (CSV export is already available in-app)
  • Opt-out of sale or sharing — we do not sell personal information, so there is nothing to opt out of

To exercise any of these rights, email pointhavenlabs@gmail.com from the email address associated with your account. We will respond within thirty (30) days.

8. Cookies and similar technologies

We use cookies and local storage only for essential purposes: authentication session tokens (set by Clerk) and UI preferences (theme, table density). We do not use third-party advertising or tracking cookies.

9. Children

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have, please contact us and we will delete it.

10. California privacy rights (CCPA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights described in Section 7. We do not “sell” personal information as that term is defined in the CCPA.

11. European privacy rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, Pointhaven is the “controller” of your personal information and our sub-processors are “processors.” Our legal bases for processing are: (a) performance of a contract (to provide the Service), (b) legitimate interests (to secure and improve the Service), and (c) consent (where required, such as optional marketing emails). You have the rights described in Section 7. You also have the right to lodge a complaint with your local supervisory authority.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and, for significant changes, notify you through the Service or by email.

13. Contact

Questions or requests about your privacy? Email pointhavenlabs@gmail.com.

Pointhaven Labs, LLC · A Wyoming limited liability company · 30 N Gould St Ste N, Sheridan, WY 82801, USA