PinpointPinpointPrivacy Policy · Last updated May 2026

Privacy Policy

This policy explains how Greyfeathers Studios Pvt Ltd collects, uses, and protects your information when you use Pinpoint.

Overview

Pinpoint is a visual feedback tool that lets teams drop pins on any webpage, capture screenshots, and leave contextual comments. We are committed to handling your personal data with care, transparency, and respect.

This Privacy Policy applies to the Pinpoint web application, Chrome browser extension, and any related services operated by Greyfeathers Studios Pvt Ltd. By using Pinpoint you agree to the practices described here.

Who we are

CompanyGreyfeathers Studios Pvt Ltd
ProductPinpoint – Visual Feedback
Websitecommenting-app-two.vercel.app
Contactsupport@greyfeathers.io

We are the data controller for personal information you provide directly to us. For information stored on your behalf (screenshots, comments) we act as data processor on your instruction.

What we collect

We only collect what is necessary to provide the service.

Name & emailCollected when you sign up, accept an invite, or are added to a project.
ScreenshotsCaptured when you explicitly drop a comment pin. Never collected passively.
Comments & repliesThe feedback text you write inside the product.
Page URLsThe URL of the page where feedback was left.
Pin coordinatesThe x/y position of each comment pin on the page.
Auth tokensStored in your browser to keep you signed in.
Usage eventsBasic product usage (e.g. comments created) for product improvement. No third-party analytics.

How we use your information

  • To create and manage your account.
  • To display your name and avatar inside shared projects.
  • To send transactional emails — invite links, password resets, and access request notifications.
  • To send in-app notifications when comments or replies are posted.
  • To deliver Slack notifications if you connect a Slack workspace.
  • To resolve bugs and improve the product based on aggregated usage patterns.

We do not sell your data. We do not use your data for advertising. We do not share your data with any third party except as described below.

How we share your information

We share your data only with the service providers necessary to operate Pinpoint, all of whom are bound by confidentiality obligations:

SupabaseDatabase and file storage (screenshots). Data is stored in encrypted, access-controlled environments.
MailerooTransactional email delivery (invites, password resets).
VercelApplication hosting and edge infrastructure.
SlackOptional — only if you connect a Slack workspace for notifications. Only project names and comment summaries are sent.

We will disclose your data if required by law or to protect the rights, property, or safety of Greyfeathers Studios, our users, or the public.

Chrome extension permissions

The Pinpoint Chrome extension requests the following browser permissions. None of these are used passively — the extension only activates when you explicitly click the extension icon and start a review session.

Access to all URLsRequired so you can leave feedback on any website you are reviewing, regardless of domain.
Active tabTo capture a screenshot of the current page only when you drop a pin.
StorageTo persist your login session between popup opens so you do not need to sign in every time.
ScriptingTo inject the commenting toolbar and pin UI into the active tab.
TabsTo read the current tab URL for domain matching and project detection.
Web navigationTo detect page navigation and reset the session accordingly.
AlarmsTo schedule silent token refreshes so your session stays active.

Screenshots are captured only at the moment you right-click to leave a comment. The extension does not run in the background, does not read page content, and does not transmit any data unless you are in an active review session.

Data retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

  • Account data (name, email) is retained until you delete your account.
  • Project data (comments, screenshots, replies) is retained until the project owner deletes the project.
  • Auth tokens expire automatically and are rotated on each session.
  • On account deletion, all personal data is removed within 30 days.

Security

We take reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS/TLS.
  • Database access is protected by Row Level Security (RLS) — users can only access projects they belong to.
  • Screenshots are stored in private Supabase Storage buckets and served via signed URLs.
  • Passwords are never stored in plaintext — authentication is handled by Supabase Auth.
  • Service role keys are stored as server-side environment variables and never exposed to the browser.

No method of transmission over the internet is 100% secure. If you discover a security issue please contact us immediately at support@greyfeathers.io.

Cookies & local storage

Pinpoint uses browser storage (cookies and localStorage) solely for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

Auth session cookieSet by Supabase to keep you logged in. Expires when your session ends or after 7 days of inactivity.
localStorage tokenUsed by the Chrome extension to persist your login between popup opens.

Children's privacy

Pinpoint is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of Pinpoint after changes are posted constitutes your acceptance of the revised policy.

Contact us

For any questions, requests, or concerns about this Privacy Policy or your personal data, please reach out:

Emailsupport@greyfeathers.io
CompanyGreyfeathers Studios Pvt Ltd

We aim to respond to all privacy-related enquiries within 5 business days.

© 2026 Greyfeathers Studios Pvt Ltd. All rights reserved.

Back to Pinpoint