Pointa Logo
Pointa
Get Pointa

Privacy Policy

Last Updated: November 26, 2025

Introduction

Pointa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our Chrome Extension and local server collect, use, and safeguard your information when you use Pointa for local development annotation and AI-assisted coding.

Core Privacy Principle

Everything stays local. Pointa operates entirely on your computer. All data is stored locally in your browser and on your file system (~/.pointa directory). We do not operate any cloud servers, and your data never leaves your machine unless you explicitly share it with AI coding assistants that you have configured.

Information We Collect

1. Annotation Data (Localhost Pages Only)

When you create annotations on your local development pages (localhost, 127.0.0.1, file://, *.local, *.test, *.localhost):

  • Your Comments: Text feedback and descriptions you provide
  • Element Context: CSS selectors, element position, and HTML structure of annotated elements
  • Visual Changes: CSS property modifications when using Design Mode
  • Page Context: Page URL, viewport dimensions, timestamp
  • Screenshots: Optional screenshots you capture and attach (stored locally only)
  • Reference Images: Optional images you upload (stored locally only)

2. Bug Report Data (When Bug Recording is Active)

When you actively record a bug (user-initiated), we capture:

  • User Description: Your written description of the bug and expected behavior
  • Console Logs: JavaScript console messages during the recording session (errors, warnings, info)
  • Network Activity: HTTP/HTTPS requests, responses, and failures during recording
  • User Interactions: Clicks, keyboard input, navigation events (timing and type, not sensitive content)
  • Screenshots: Visual state of the page when bug occurred
  • Page Context: URL, page title, viewport size
  • Browser Metadata: User agent, platform, language (for debugging compatibility issues)

Important: Bug recording is manual and session-based. We only record when you explicitly start a recording session (maximum 30 seconds) and stop it. No passive background recording occurs.

3. Performance Investigation Data (User-Initiated)

When you record a performance investigation:

  • Resource Metrics: Loading times, file sizes, resource types
  • Device Information: CPU/memory usage statistics during investigation
  • User Interactions: Timing of clicks and interactions
  • Performance Insights: Automatically detected slow resources and bottlenecks
  • Screenshots: Visual state during performance issue

4. Inspiration Captures (Any Website)

When you use Inspiration Mode to capture design elements:

  • Element Screenshots: Visual captures of selected UI elements
  • CSS Styles: Computed styles of captured elements
  • HTML Structure: Element structure and attributes
  • Hover States: Optional hover state screenshots
  • Responsive Views: Optional mobile/tablet/desktop screenshots
  • Source URL: Domain where element was captured

Note: Unlike other features that only work on localhost, Inspiration Mode can capture from any website you visit. All captures are stored locally on your machine.

5. Local Browser Storage

We store minimal data in your browser's local storage:

  • Onboarding Status: Whether you've completed initial setup
  • Settings: Your preferences and extension configuration
  • Update Information: Version info for update notifications

What We DO NOT Collect

  • No Source Code: We do not capture or store your application's source code
  • No Browsing History: We do not track your browsing activity outside of active extension usage
  • No Personal Files: We do not access files outside the extension's scope
  • No Analytics or Tracking: We do not send data to third-party analytics services
  • No Telemetry: We do not collect usage statistics or telemetry
  • No Form Data: We do not capture sensitive form inputs (passwords, credit cards, etc.)
  • No Cloud Sync: We do not store or sync your data to any remote servers

How We Use Your Information

All collected information is used exclusively for:

  • Annotation Management: Displaying and organizing your annotations
  • AI Integration: Providing context to locally-configured AI coding assistants
  • Bug Debugging: Helping you understand and reproduce bugs
  • Performance Analysis: Identifying performance bottlenecks
  • Design Inspiration: Organizing captured design elements for reference
  • Feature Functionality: Enabling core extension features to work properly

Data Storage and Security

Local Storage Architecture

Pointa uses a two-component local storage system:

  • Browser Storage (chrome.storage.local): Minimal settings and preferences stored in your browser
  • Local File System (~/.pointa/): All annotations, bug reports, screenshots, and inspirations stored in your home directory via our local server
  • Local Server (127.0.0.1:4242): Runs entirely on your machine, accessible only via localhost, manages data storage and MCP integration

Security Measures

  • Local-Only Operation: No data transmission to external servers
  • Localhost Restriction: Server only accepts connections from 127.0.0.1 (your machine)
  • CORS Protection: Strict origin checking for API requests
  • File System Permissions: Data stored in your user directory with standard OS permissions
  • No Authentication Required: Since everything is local, no passwords or accounts needed

Third-Party Integrations

AI Coding Assistants (Local Only)

Pointa integrates with AI coding assistants (Cursor, Claude, Windsurf, etc.) through the Model Context Protocol (MCP). This integration is:

  • Locally Configured: You manually set up and control the connection
  • Localhost-Based: AI tools connect to your local server (127.0.0.1:4242)
  • User-Initiated: Data is only accessed when you explicitly ask your AI assistant to process annotations
  • No Direct Transmission: Pointa does not send data directly to AI services; your AI assistant reads from your local server

Important: Once your AI assistant accesses annotation data through MCP, that data is subject to the privacy policy of your AI provider (Anthropic, OpenAI, Codeium, etc.). We recommend reviewing their policies regarding code and development data.

Permissions Justification

Our Chrome Extension requests the following permissions:

  • activeTab: Required to detect page elements for annotation and capture screenshots. Only active when you use annotation features.
  • storage: Required to save your preferences and settings locally in your browser.
  • notifications: Used to show update notifications for new extension versions.
  • tabs: Required to manage badge counters showing annotation counts and handle multi-tab functionality.
  • debugger: Required for responsive viewport control when capturing screenshots at different screen sizes (mobile, tablet, desktop). Only used during explicit screenshot capture in Inspiration Mode.
  • scripting: Required to inject annotation overlays and UI elements into your local development pages.
  • host_permissions (<all_urls>): Required for Inspiration Mode to capture design elements from any website. Other features (annotations, bugs, performance) only work on localhost. This broad permission is necessary because we cannot predict which websites you'll want to capture inspiration from.

Why <all_urls> Permission? While most features are restricted to localhost, Inspiration Mode allows you to capture design patterns from any website for reference. This requires broad host permissions. We use this permission responsibly and only when you actively use Inspiration Mode.

Your Rights and Control

You have complete control over your data:

  • Access: View all your annotations, bug reports, and captures at any time through the extension
  • Export: Export your annotations in JSON, CSV, or MCP format
  • Delete Individual Items: Remove specific annotations, bug reports, or inspirations
  • Delete All Data: Remove all extension data by:
    1. Uninstalling the extension (removes browser data)
    2. Running rm -rf ~/.pointa (removes file system data)
    3. Running npm uninstall -g pointa-server (removes server)
  • Pause Recording: Bug and performance recording only occur when you manually start them
  • Disable Inspiration Mode: Stop capturing design elements at any time by exiting Inspiration Mode

Data Retention

All data is retained locally until you choose to delete it. We do not automatically delete or expire data. Your annotations, bug reports, and inspirations remain in the ~/.pointa directory and browser storage until you remove them manually or uninstall the extension.

Children's Privacy

Pointa is a developer tool not intended for use by children under 13. We do not knowingly collect information from children. If you believe a child has used Pointa and provided information, please contact us at julien@argil.io.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal compliance. Changes will be posted on this page with an updated "Last Updated" date. Continued use of Pointa after changes constitutes acceptance of the updated policy.

Chrome Web Store Compliance

This extension complies with Chrome Web Store Developer Program Policies:

  • Limited Use Disclosure: We clearly disclose what data we collect and how we use it
  • Local Storage Priority: All data is stored locally; no remote transmission
  • Minimal Permissions: We request only permissions necessary for functionality
  • User Control: Users maintain complete control over their data
  • Secure Handling: Data is handled securely with no external exposure
  • Transparent Operation: All data collection is explicit and user-initiated

Open Source

Pointa is open source software. You can review our complete codebase, including all data collection and storage mechanisms, at: https://github.com/AmElmo/pointa-app

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: julien@argil.io
Website: https://pointa.dev
GitHub: Report Issues

Technical Details for Developers

For transparency, here are additional technical details:

  • Local Server: Node.js Express server running on port 4242
  • MCP Implementation: Standard Model Context Protocol over HTTP/SSE
  • Data Format: JSON files in ~/.pointa/ directory
  • Screenshot Format: PNG files stored in ~/.pointa/bug_screenshots/ and ~/.pointa/inspiration_screenshots/
  • Network Usage: Only localhost (127.0.0.1) connections; no external network calls
  • Browser APIs Used: chrome.storage, chrome.tabs, chrome.debugger, chrome.scripting, chrome.runtime