We're strictly complaint with the CAN-SPAM Act 2003 and other applicable anti-spam regulations. When you sign up you can specify what types of emails you want to receive. You can change your settings or unsubscribe from our mailing lists at any time.
When you complete surveys and other offers from our advertisers, we don't receive that information. We are only sent a simple notification when an offer has been completed successfully.
We never sell personal information about you to third parties. We're compliant with data protection regulations and try to minimise the data we store wherever possible.
We don't require you to supply a password when creating your account. This actually protects your privacy, since many casual users use the same password on multiple websites. Instead, your settings and prize claims are secured using a randomly-generated account key.
As a European company, we are bound by the General Data Protection Regulation (GDPR).
This policy describes in detail how your personal data is stored, processed and shared. It also describes the control you have over your data.
Your Email Address is a unique address, which can be used to send you electronic mail.
We need to store your email address, so we can identity or contact you.
Furthermore, may need to store additional email addresses, if you provide them to us as payment settings.
|Processing||We need to process your email address, so we can identity or contact you.||Enabled||Required|
We may need to display a partially obfuscated version of your email address to other users, as part of our social proof. For example, we might display email@example.com as firstname.lastname@example.org.
Additionally, in order to ensure you cannot be identified, we only share the domain names of widely used mailbox providers. For example, we might display email@example.com as john****@****.com.
We may need to share your email address with trusted third parties such as Google and Facebook, in order to link your account, or target you with relevant advertisements in the future.
We do not, under any circumstances, sell your email address to any third parties.
Your IP Address is a unique return address, which is transmitted whenever you access our website or apps. We can use this data to determine which country you are in with around a 99% level of accuracy. Towns and cities can be identified with around an 80% level of accuracy, depending on the country you are in.
However, only your Internet Service Provider (ISP) knows your exact location. They manage the connection between your local internet exchange and your household.
|Storage||We need to store your IP Addresses, in order to detect fraudulent activity.||Enabled||Required|
|Processing||We need to process your IP Addresses, in order to detect fraudulent activity.||Enabled||Required|
|Sharing||We never share your historical IP Addresses with any third parties, although they may choose to share your current IP Address with us.||Disabled||Required|
When you use any of our apps we may receive your Device ID. This is a unique code, which can be used to identify your device.
|Storage||We need to store your Device IDs, in order to detect fraudulent activity and to allow conversions to be tracked.||Enabled||Required|
|Processing||We need to process your Device IDs, in order to detect fraudulent activity.||Enabled||Required|
|Sharing||We may need to share your Device IDs with any third parties, in order to allow conversions to be tracked.||Enabled||Required|
When you connect to a website using a web browser a User Agent field is also usually transmitted. This contains information about what type of device you are using, your operating system type and version, your browser type and version, and other metadata which can be used to identify your device.
|Storage||We need to store your User Agents, in order to detect fraudulent activity.||Enabled||Required|
|Processing||We need to process your User Agents, in order to detect fraudulent activity.||Enabled||Required|
|Sharing||We never share your User Agents with any third parties.||Disabled||Required|
When you create an account we will assign it a unique integer value, called your Account ID. We may then use this to identify your account with third parties, without having to expose any of your personal data.
|Storage||We need to store your Account ID, in order to identify your account.||Enabled||Required|
|Processing||We need to process your Account ID, in order to identify your account.||Enabled||Required|
|Sharing||We need to share your Account ID, in order to identify your account.||Enabled||Required|
Additionally, we provide you with a third party verification code. This is similar to your Account ID, and you can use it to verify non-personal statistics about your account via our API, with non-trusted third parties.
Article 9 of the GDPR identifies certain special categories of data that require explicit consent. These concern highly sensitive data such as sexual orientation and political affiliations.
We do not store, process or share any data categories that might be considered highly sensitive.
|Data Category||Level of Consent|
Please note that you may be asked highly sensitive questions, as part of offers or surveys on third party sites, which we may link to. We urge you to exercise caution and to read third party privacy policies carefully, before deciding to share your data.
You have the right to view all the personal data we have about you. This can be achieved simply, by typing the email address you used to register your account and pressing the 'Email My Data' button below.
We will then send you an email, containing all the personal data we have about you including: Email Addresses, IP addresses, Device IDs, User Agents and your Account ID.
Please note that if you failed to register using a valid email address, or have since deleted your account, then we will be unable to confirm your identity. Therefore, in order to protect your privacy, it will not be possible for us to grant you access to your data.
If your account remains completely inactive for an extensive period of time (greater than 3 months) we may delete it, in order to protect your privacy and ensure you are eventually forgotten.
Additionally, at any time you may delete your account yourself, by typing the word 'DELETE' in the settings tab and then updating your settings. Note that it may take several weeks for us to completely purge your personally identifiable data from all of our servers and backups.
Please note that, in order for us to monitor and prevent future fraud, we must continue to store some anonymous metadata such as IP Addresses. However, any data retained will no longer be associated with any personally identifiable data, such as email addresses or payment information.
If you delete your account you will lose all the points you have earned. Therefore you should consider this carefully before choosing to delete your account.
You have further rights, such as the right to amend your personal data and the right to request that we stop processing your data.
Wherever possible we allow you to change your privacy settings, in order to control how your data is used.
However, in order to prevent fraud, in many cases we cannot allow you to amend your data, and it must also continue to be processed. Therefore, in order to exercise these additional rights, you may delete your account.
Here is a list of parties which handle your sensitive personal data and a description of their role:
|Data Controller||SAS POINTSPRIZES||Overall control over data.|
|Primary Data Processor||AMAZON WEB SERVICES, INC||Secure storage and processing of relational data in the cloud.|
|Secondary Data Processor||SENDGRID, INC||Secure storage and processing of email data.|
|Secondary Data Processor||MAILGUN TECHNOLOGIES, INC||Secure storage and processing of email data.|
|Secondary Data Processor||ZENDESK, INC||Secure storage and processing of customer support data.|
|Secondary Data Processor||MAXMIND, INC||Secure storage and processing of data.|
|Secondary Data Processor||PAYPAL HOLDINGS, INC||Secure storage and processing of payment transaction data.|
Additionally, some personal data such as payment records may be disclosed with other trusted third parties in order to ensure our compliance with taxation, as a mandatory requirement for necessary auditing, or if legally obliged to do so by an empowered government agency.
Your relational data is stored and processed in multiple, highly secure data centers, all located within the United States. You can learn more about the security compliance standards achieved by our primary data processor here.
|pp_ref||This cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the account which referred you, using their Account ID.||Clicking a referral link||1 Year||Yes|
|pp_ldr||This cookie is essential to the operation of our referral program. It cannot be used to identify you personally. Instead it merely identifies the type of referral link you clicked on.||Clicking a referral link||1 Year||Yes|
|pp_act||This cookie is essential to the operation of account sessions on our website. This cookie identifies you by your Account ID.||Logging in or registering||1 Week||Yes|
Additionally, insecure cookies may be saved by trusted third party scripts, such as Google Analytics. By using our website with cookies enabled, you consent to all cookies.