Privacy Policy

Last updated: February 2026

1. Introduction

Pointer ("we", "our", or "us") is an AI-powered database agent developed by VertexIT, a subsidiary of the Pixelnest Group. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application, visit our website at getptr.com, or interact with our services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable.

2. Data Controller

The data controller responsible for your personal data is:

VertexIT
https://vrxt.de
A subsidiary of the Pixelnest Group

For questions regarding this Privacy Policy or our data practices, please contact us via the contact details provided on our Legal / Imprint page.

3. Information We Collect

3.1 Information You Provide

  • Account information: When you create an account, we collect your email address, name (if provided), and password (stored in encrypted form).
  • API keys and credentials: If you connect Pointer to third-party AI providers (e.g., OpenAI, Google Gemini), you may store API keys locally in the application. We do not transmit your API keys to our servers unless explicitly required for a specific feature you opt into.
  • Database connection details: Connection strings, hostnames, and credentials for your databases are stored locally on your device. We do not access or store your database credentials on our servers.
  • Queries and prompts: When you use Pointer to ask questions or generate SQL, your natural language prompts may be sent to configured AI providers to generate responses. The extent of data sharing depends on your AI provider choice and their respective privacy policies.
  • Schema information: Database schemas (table names, column names, types) may be sent to AI providers to enable accurate SQL generation. We do not transmit actual row data unless you explicitly include it in a prompt.
  • Communication: If you contact us (e.g., support, feedback), we collect the content of your messages and contact information you provide.

3.2 Information Collected Automatically

  • Usage data: We may collect anonymized or aggregated usage statistics (e.g., feature usage, crash reports) to improve the product. We do not link this data to your identity unless you opt into detailed analytics.
  • Device information: Operating system, application version, and device identifiers may be collected for compatibility and licensing purposes.
  • Website data: When you visit getptr.com, we may collect IP address, browser type, referral source, and pages visited. We use cookies and similar technologies as described in Section 6.

3.3 Information We Do Not Collect

  • We do not collect the actual data stored in your databases (row contents) unless you voluntarily include it in a prompt.
  • We do not sell your personal data to third parties.
  • We do not use your data for advertising purposes.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Pointer and related services
  • Process your requests and generate SQL queries via AI providers
  • Authenticate your identity and manage your account
  • Send transactional emails (e.g., account confirmation, password reset)
  • Respond to support requests and feedback
  • Detect, prevent, and address security incidents and abuse
  • Comply with legal obligations and enforce our Terms of Service
  • Conduct anonymized analytics to improve our product (where permitted)

5. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to perform our contract with you (e.g., providing the service).
  • Legitimate interests: Processing necessary for our legitimate interests (e.g., security, fraud prevention, product improvement), where such interests are not overridden by your rights.
  • Consent: Where required by law, we obtain your explicit consent (e.g., optional marketing emails, detailed analytics).
  • Legal obligation: Processing necessary to comply with applicable law.

6. Third-Party Services and Data Sharing

Pointer integrates with third-party AI providers. When you use these integrations:

  • AI providers (OpenAI, Google, etc.): Your prompts and schema information may be sent to the AI provider you configure. Each provider has its own privacy policy. We recommend reviewing the policies of any AI provider you use:
  • Cloud infrastructure: We may use cloud providers (e.g., for hosting, email) that process data on our behalf under data processing agreements.
  • Analytics: Our website may use analytics tools. We use privacy-respecting configurations and do not share personally identifiable information without consent.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. Data Retention

  • Account data: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations.
  • Support communications: Retained for up to several years as needed for support history and legal compliance.
  • Usage and analytics: Aggregated data may be retained indefinitely in anonymized form.
  • Logs: Server logs may be retained for a limited period (e.g., 90 days) for security and troubleshooting.

When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest where feasible
  • Access controls and authentication
  • Regular security assessments
  • Secure development practices

Database credentials and API keys stored locally in Pointer are protected by your operating system's security mechanisms. We recommend using strong passwords and keeping your system updated.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Where we transfer data to such countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other mechanisms permitted under applicable law

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise these rights, please contact us using the details on our Legal page. You also have the right to lodge a complaint with a supervisory authority in your country.

California residents (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of the "sale" of your information (we do not sell personal information). You may designate an authorized agent to make requests on your behalf.

11. Cookies and Similar Technologies

Our website (getptr.com) may use cookies and similar technologies:

  • Essential cookies: Required for the website to function (e.g., session management).
  • Analytics cookies: Help us understand how visitors use the site (anonymized where possible).
  • Preference cookies: Remember your settings (e.g., language, theme).

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

12. Children

Pointer is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email or through the application.

Your continued use of Pointer or our website after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

For questions about this Privacy Policy or our data practices:

VertexIT
Website: https://vrxt.de
Legal / Imprint: https://vrxt.de/imprint