Privacy Policy

Things we never do

Send spam emails, or sell email addresses

We're strictly complaint with the CAN-SPAM Act 2003 and other applicable anti-spam regulations. When you sign up you can specify what types of emails you want to receive. You can change your settings or unsubscribe from our mailing lists at any time.

Collect personal data via offers

When you complete surveys and other offers from our advertisers, we don't receive that information. We are only sent a simple notification when an offer has been completed successfully.

Sell personal data

We never sell personal information about you to third parties. We're compliant with data protection regulations and try to minimise the data we store wherever possible.

Require passwords

We don't require you to supply a password when creating your account. This actually protects your privacy, since many casual users use the same password on multiple websites. Instead all changes to your account are confirmed via a confirmation email.

GDPR Compliance

As a European company, we are bound by the General Data Protection Regulation (GDPR).

This policy describes in detail how your personal data is stored, processed and shared. It also describes the control you have over your data.

We last updated this Privacy Policy to Version 3, on the 12th October 2018.

Email Addresses

Your Email Address is a unique address, which can be used to send you electronic mail.

UsageDescriptionDefaultOptional?
Storage

We need to store your email address, so we can identity or contact you.

Furthermore, may need to store additional email addresses, if you provide them to us as payment settings.

EnabledNo
ProcessingWe need to process your email address, so we can identity or contact you.EnabledNo
Sharing

We may need to display a partially obfuscated version of your email address to other users, as part of our social proof. For example, we might display johnsmith@gmail.com as john*****@gmail.com.

Additionally, in order to ensure you cannot be identified, we only share the domain names of widely used mailbox providers. For example, we might display johnsmith@johnsbakery.com as john****@****.com.

We may need to share your email address with trusted third parties such as Google and Facebook, in order to link your account, or target you with relevant advertisements in the future.

We do not, under any circumstances, sell your email address to any third parties.

EnabledNo

Passwords

Your Password is a secret string of characters, which can be used to prevent others from accessing your account.

UsageDescriptionDefaultOptional?
Storage

We never store a raw version of your password. Instead it is converted into a cryptographically secure hash before storage. A hashed password is almost impossible to convert back into its raw version, particularly if you use a difficult enough password, containing a broad range of characters.

DisabledYes
Processing

We need to process your raw password, so we can convert it into a cryptographically secure hash.

This takes place on secure servers operated by our Primary Data Processor.

DisabledYes
Sharing

We never share your password with any third party.

DisabledNo

IP Addresses

Your IP Address is a unique return address, which is transmitted whenever you access our website or apps. We can use this data to determine which country you are in with around a 99% level of accuracy. Towns and cities can be identified with around an 80% level of accuracy, depending on the country you are in.

However, only your Internet Service Provider (ISP) knows your exact location. They manage the connection between your local internet exchange and your household.

UsageDescriptionDefaultOptional?
StorageWe need to store your IP Addresses, in order to detect fraudulent activity.EnabledNo
ProcessingWe need to process your IP Addresses, in order to detect fraudulent activity.EnabledNo
SharingWe never share your historical IP Addresses with any third parties, although they may choose to share your current IP Address with us.DisabledNo

Device IDs

When you use any of our apps we may receive your Device ID. This is a unique code, which can be used to identify your device.

UsageDescriptionDefaultOptional?
StorageWe need to store your Device IDs, in order to detect fraudulent activity and to allow conversions to be tracked.EnabledNo
ProcessingWe need to process your Device IDs, in order to detect fraudulent activity.EnabledNo
SharingWe may need to share your Device IDs with any third parties, in order to allow conversions to be tracked.EnabledNo

User Agents

When you connect to a website using a web browser a User Agent field is also usually transmitted. This contains information about what type of device you are using, your operating system type and version, your browser type and version, and other metadata which can be used to identify your device.

UsageDescriptionDefaultOptional?
StorageWe need to store your User Agents, in order to detect fraudulent activity.EnabledNo
ProcessingWe need to process your User Agents, in order to detect fraudulent activity.EnabledNo
SharingWe never share your User Agents with any third parties.DisabledNo

Account IDs

When you create an account we will assign it a unique integer value, called your Account ID. We may then use this to identify your account with third parties, without having to expose any of your personal data.

UsageDescriptionDefaultOptional?
StorageWe need to store your Account ID, in order to identify your account.EnabledNo
ProcessingWe need to process your Account ID, in order to identify your account.EnabledNo
SharingWe need to share your Account ID, in order to identify your account.EnabledNo

Additionally, we provide you with a third party verification code. This is similar to your Account ID, and you can use it to verify non-personal statistics about your account via our API, with non-trusted third parties.

Your Consent

Article 9 of the GDPR identifies certain special categories of data that require explicit consent. These concern highly sensitive data such as sexual orientation and political affiliations.

We do not store, process or share any data categories that might be considered highly sensitive.

By registering an account you grant implicit consent for us to collect and use your data, as described in this Privacy Policy.

Data CategoryLevel of Consent
Email AddressesImplicit
PasswordsImplicit
IP AddressesImplicit
Device IDsImplicit
User AgentsImplicit
Account IDsImplicit

This Privacy Policy does not extend your consent to third parties, with the exception of the Responsible Parties described elsewhere.

Please note that you may be asked highly sensitive questions, as part of offers or surveys on third party sites, which we may link to. We urge you to exercise caution and to read third party privacy policies carefully, before deciding to share your data.

Your right to view your personal data

You have the right to view all the personal data we have about you. This can be achieved simply, by typing the email address you used to register your account and pressing the 'Email My Data' button below.

We will then send you an email, containing all the personal data we have about you including: Email Addresses, IP addresses, Device IDs, User Agents and your Account ID.

Please note that if you failed to register using a valid email address, or have since deleted your account, then we will be unable to confirm your identity. Therefore, in order to protect your privacy, it will not be possible for us to grant you access to your data.

Your right to be forgotten

If your account remains completely inactive for an extensive period of time (greater than 3 months) we may delete it, in order to protect your privacy and ensure you are eventually forgotten.

Additionally, at any time you may delete your account yourself, by typing the word 'DELETE' in the settings tab and then updating your settings. Note that it may take several weeks for us to completely purge your personally identifiable data from all of our servers and backups.

Please note that, in order for us to monitor and prevent future fraud, we must continue to store some anonymous metadata such as IP Addresses. However, any data retained will no longer be associated with any personally identifiable data, such as email addresses or payment information.

If you delete your account you will lose all the points you have earned. Therefore you should consider this carefully before choosing to delete your account.

Your right to control your data

You have further rights, such as the right to amend your personal data and the right to request that we stop processing your data.

Wherever possible we allow you to change your privacy settings, in order to control how your data is used.

However, peventing fraud is essential to the operation of our service. We cannot allow users to amend their data or block processing, as it would inhibit our ability to combat fraud. Therefore, in order to exercise these additional rights, you may delete your account.

Responsible Parties

Here is a list of parties which handle your sensitive personal data and a description of their role:

TypeEntityResponsibility
Data ControllerSAS POINTSPRIZESOverall control over data.
Primary Data ProcessorAMAZON WEB SERVICES, INCSecure storage and processing of relational data in the cloud.
Secondary Data ProcessorSENDGRID, INCSecure storage and processing of email data.
Secondary Data ProcessorMAILGUN TECHNOLOGIES, INCSecure storage and processing of email data.
Secondary Data ProcessorZENDESK, INCSecure storage and processing of customer support data.
Secondary Data ProcessorMAXMIND, INCSecure storage and processing of data.
Secondary Data ProcessorPAYPAL HOLDINGS, INCSecure storage and processing of payment transaction data.

Additionally, some personal data such as payment records may be disclosed with other trusted third parties in order to ensure our compliance with taxation, as a mandatory requirement for necessary auditing, or if legally obliged to do so by an empowered government agency.

Your relational data is stored and processed in multiple, highly secure data centers, all located within the United States. You can learn more about the security compliance standards achieved by our primary data processor here.

Cookie Policy

Our use of cookies has been limited to functions that are absolutely essential to the operation of our service. When we need to identify you, your Account ID is used instead of more sensitive data.

CookieDescriptionTriggerExpirySecure?
pp_ref

This cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the account which referred you, using their Account ID.

Clicking a referral link1 YearYes
pp_ldrThis cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the type of referral link you clicked on.Clicking a referral link1 YearYes
pp_cpaThis cookie is essential to the operation of our marketing. It cannot be used to identify you personally. Instead it merely identifies the marketer which told you about us.Clicking a marketing link1 MonthYes
pp_actThis cookie is essential to the operation of account sessions on our website. This cookie identifies you by your Account ID.Logging in or registering1 WeekYes

Additionally, insecure cookies may be saved by trusted third party scripts, such as Google Analytics. By using our website with cookies enabled, you consent to all cookies.

Pixel Policy

Affiliates of PointsPrizes may embed our Pixels into third party websites. These Pixels contain the cookie 'pp_ref'. We do not use Pixels to store or process any data regarding your activity on third party websites.

PointsPrizes Help Center

We recommend you check out our Help Center for detailed information about us.