Pinpoint
Add to Chrome

Privacy Policy

Last updated June 16, 2026

Pinpoint is a browser extension and companion service that helps you hand UI context to AI coding agents. This policy explains what we collect, what we don’t, and why. Our guiding principle: inspection runs locally and we collect the minimum.

What stays on your device

When you inspect and capture an element, everything — the selector, computed styles, DOM context, fonts, colors, and source location — is computed locally in your browser. We do not receive, store, or transmit the content of the pages you inspect. It leaves your device only if you explicitly:

  • send a pick to your own locally-run MCP server (it never leaves your machine); or
  • use “Ask Claude” with your own Anthropic API key — in which case the context goes directly from your browser to Anthropic under your key. Your API key is stored locally and is never sent to us.

What we collect

  • Account data — your email, optional display name, and a securely hashed password (or a Google account identifier if you sign in with Google).
  • Subscription data — your plan, status, and the customer/subscription identifiers from our payment processor. We never see or store your card details.
  • Usage counters — aggregate counts (e.g. picks per day) used to enforce the free limit and your entitlements. Not the content of picks.
  • Device/session data — a device identifier and browser user-agent for managing signed-in sessions, plus standard server logs.

Third parties

  • Dodo Payments — our merchant of record; processes payments and handles global tax. Subject to their privacy policy.
  • Resend — sends transactional email (verification, password reset).
  • Anthropic — only when you use bring-your-own-key AI actions, and only with your key, directly from your browser.
  • Error/uptime monitoring — we use error reporting to keep the service reliable; it does not receive your page content.

Cookies

On this website we use strictly-necessary cookies to keep you signed in. We don’t use advertising cookies. If we add product analytics, it will be consent-gated.

Data retention & security

We keep account and billing data while your account is active and as required for legal and accounting purposes, then delete it. Data is encrypted in transit (HTTPS), passwords are hashed, secrets are kept server-side only, and access is restricted.

Your rights

You can access, correct, export, or delete your account data — sign in to your dashboard or email us. We honor applicable rights under GDPR/CCPA and similar laws.

Children

Pinpoint is not directed to children under 13 and we do not knowingly collect their data.

Changes

We’ll update this policy as the product evolves and revise the “last updated” date. Material changes will be announced.

Contact

Questions about privacy? Email privacy@pinpoint.dev.