Privacy Policy

Introduction

DoubleXL LLC, doing business as SavepointHQ ("Company," "we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our gaming retail management platform and related services (collectively, the "Services").

Our Services operate as a multi-tenant platform, meaning we provide services to business customers ("Tenants") who in turn may serve their own customers ("End-Customers"). This Privacy Policy addresses how we handle data for both Tenants and End-Customers.

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, business name, and location when you create an account or sign up for early access
• Business Data: Store information, inventory data, transaction records, and customer information you input into our platform
• Communications: Information you provide when you contact us for support, feedback, or inquiries
• Payment Information: Billing details processed through our secure payment provider, Stripe (see "Payment Processing" section below)
• Communication Preferences: Your preferences for receiving SMS, email, and phone communications from us

Information Collected Automatically

• Usage Data: Information about how you interact with our Services, including features used, pages visited, and actions taken
• Device Information: Browser type, operating system, device identifiers, and IP address
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience and gather analytics
• Log Data: Server logs that record your activity on our platform

Information for Tenants (Business Customers)

If you are a Tenant using our platform to manage your retail business, we collect:

• Business registration information and tax identification numbers
• Store locations, operating hours, and business settings
• Employee/staff account information you create within our platform
• Inventory, pricing, and product catalog data
• Sales transactions, trade-ins, and repair ticket data
• Integration credentials for third-party services (e.g., Shopify, PriceCharting)

Information About End-Customers

When Tenants use our platform to serve their customers, we may process End-Customer data on behalf of the Tenant, including:

• Contact information (name, email, phone number) collected by the Tenant
• Purchase history and loyalty program data
• Trade-in and repair ticket information
• Communication preferences and consent records

Note: For End-Customers, the Tenant is the data controller and we act as a data processor. End-Customers should refer to their retailer's privacy policy for information about how their data is used.

Communications (SMS, Email, Phone)

We may communicate with you through various channels. Here's what you need to know about each:

SMS/Text Messages

By providing your phone number and opting in to SMS communications, you consent to receive text messages from DoubleXL LLC dba SavepointHQ. These may include:

• Transactional Messages: Order confirmations, appointment reminders, security alerts, and account notifications
• Service Messages: Platform updates, feature announcements, and support communications
• Marketing Messages: Promotional offers and special announcements (only with your explicit consent)

To opt out of SMS messages:

• Reply STOP to any SMS message from us
• Update your preferences in your account settings
• Contact us at privacy@savepointhq.com

Note: Opting out of marketing SMS will not affect transactional messages necessary for service delivery.

Email Communications

We send emails for the following purposes:

• Transactional Emails: Account verification, password resets, billing receipts, and security notifications (required for service operation)
• Service Emails: Platform updates, feature announcements, scheduled maintenance notices, and support responses
• Marketing Emails: Newsletters, promotional offers, product updates, and educational content (only with your consent)

To manage email preferences:

• Click the "Unsubscribe" link at the bottom of any marketing email
• Update your preferences in your account settings under "Notifications"
• Contact us at privacy@savepointhq.com

Note: You cannot opt out of transactional emails necessary for account security and service operation.

Phone Communications

We may contact you by phone for:

• Customer Support: In response to your support requests or to resolve account issues
• Onboarding Assistance: To help new Tenants set up their accounts and configure the platform
• Account Security: To verify identity for sensitive account changes or suspected fraudulent activity
• Sales Inquiries: To follow up on demo requests or service inquiries (only if you've requested contact)

To opt out of promotional phone calls:

• Inform the representative during the call
• Update your preferences in your account settings
• Contact us at privacy@savepointhq.com

Payment Processing

We use Stripe, Inc. as our third-party payment processor to handle all payment transactions securely. When you make a payment:

• Your payment card details are collected and processed directly by Stripe
• We do not store your full credit card number, CVV, or PIN on our servers
• We receive and store a tokenized reference, last four digits, card type, and expiration date for your records
• We store billing address information for invoicing and tax purposes

Stripe's Data Practices: Stripe is certified as a PCI Level 1 Service Provider, the most stringent level of certification in the payments industry. Stripe may collect additional information as described in their privacy policy.

What we collect for billing:

• Billing name and address
• Transaction history and amounts
• Subscription status and plan details
• Invoice records for accounting purposes

How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: To operate, maintain, and deliver our platform and features
• Improve Services: To understand usage patterns and improve our offerings
• Personalization: To customize your experience and provide AI-powered recommendations
• Communication: To send service updates, security alerts, and promotional materials (with your consent)
• Support: To respond to your questions and provide customer service
• Security: To detect, prevent, and address fraud and security issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Billing: To process payments, manage subscriptions, and send invoices

How We Share Your Information

We do not sell your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

Service Providers (Sub-processors)

We share information with trusted service providers who assist in operating our platform:

• Stripe: Payment processing and billing (payment data)
• Neon/PostgreSQL: Database hosting and data storage
• Cloudflare: Content delivery, security, and edge computing
• Analytics providers: Usage analytics and performance monitoring
• Communication services: Email delivery and SMS messaging

All service providers are contractually obligated to protect your data and use it only for the purposes of providing services to us.

Other Sharing Circumstances

• Between Tenant and End-Customer: Tenant data may be visible to their End-Customers as necessary for transactions (e.g., store name on receipts)
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the acquiring entity
• Legal Requirements: When required by law, subpoena, court order, or other legal process
• Safety and Protection: To protect the rights, property, or safety of DoubleXL LLC, our users, or the public
• With Your Consent: When you have given us explicit permission to share your information
• Aggregated/De-identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you

Multi-Tenant Data Responsibilities

Our platform operates as a multi-tenant system. Understanding data responsibilities is important:

For Tenants (Business Customers)

• You are the data controller for End-Customer data you collect through our platform
• You are responsible for obtaining appropriate consent from your End-Customers
• You must maintain your own privacy policy that discloses your use of our Services
• You must comply with all applicable data protection laws (GDPR, CCPA, etc.) for your jurisdiction
• You control access to your tenant data through user roles and permissions
• You are responsible for the accuracy and legality of data you input

For End-Customers

• Your data is collected by and controlled by the retail business (Tenant) you interact with
• We act as a data processor on behalf of the Tenant
• For questions about how your data is used, please contact the retailer directly
• Requests to access, correct, or delete your data should be directed to the retailer

Data Isolation

Each Tenant's data is logically isolated from other Tenants. We implement row-level security and access controls to ensure Tenants can only access their own data. No Tenant can access another Tenant's business data or End-Customer information.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security assessments and vulnerability testing
• Access controls and authentication requirements
• Secure data centers with physical security measures
• Employee training on data protection and privacy

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We may also retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records for legitimate purposes

When you request deletion of your data, we will remove it within 30 days, except where retention is required by law.

Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable, machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw previously given consent at any time

How to Exercise Your Rights

• Self-Service: Many rights can be exercised directly through your account settings
• Email: Contact privacy@savepointhq.com with your request
• Phone: Call (385) 396-4901 during business hours

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Account Deletion

You have the right to delete your account and associated data. Here's what you need to know:

For Individual Users / Staff Accounts

• Navigate to Account Settings > Privacy > Delete Account
• Your personal profile and preferences will be deleted within 30 days
• Transaction records you created may be retained in anonymized form for business records

For Tenant Accounts (Business Owners)

• Contact us at privacy@savepointhq.com to initiate tenant account deletion
• You will receive a data export of your business data before deletion
• All associated staff accounts will be deactivated
• End-Customer data collected through your tenant will be deleted
• Deletion is completed within 30 days of request confirmation

Data We Must Retain

Even after account deletion, we may retain certain data as required by law or legitimate business purposes:

• Financial transaction records (tax and accounting requirements)
• Data necessary to resolve disputes or enforce agreements
• Anonymized, aggregated data that cannot identify you
• Backup copies for up to 90 days (automatically purged)

Managing Communication Preferences

You can control how we communicate with you through several methods:

In Your Account Settings

• Navigate to Settings > Notifications to manage all communication preferences
• Toggle individual channels: Email, SMS, Phone, Push notifications
• Choose which types of communications you receive (marketing, product updates, etc.)
• Set quiet hours for non-urgent notifications

Quick Opt-Out Methods

• SMS: Reply STOP to any message
• Email: Click "Unsubscribe" at the bottom of any marketing email
• Phone: Request removal during any call or contact us
• All Marketing: Email privacy@savepointhq.com with subject "Opt Out All Marketing"

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information and improve our Services. Types of cookies we use:

• Essential Cookies: Required for the platform to function properly
• Analytics Cookies: Help us understand how visitors interact with our site
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.