pointeron
FeaturesUse CasesPricingStoreDocsAPI
Sign UpLog in

Security

How we protect your data

Location data is sensitive. We treat security as a fundamental requirement, not an afterthought. Here is how we protect your data across every layer of the Pointeron platform.

Infrastructure

Data Residency

All data is stored and processed within the European Union. Our infrastructure runs on EU-based servers with no data transferred outside the EU except through GDPR-compliant mechanisms (Standard Contractual Clauses) with select processors.

Encryption

  • In transit — All connections use TLS 1.2 or higher. HTTP requests are automatically upgraded to HTTPS. HSTS is enforced.
  • At rest — All databases use AES-256 encryption. Backups are encrypted before storage.
  • Secrets — API keys, iCloud credentials, and webhook secrets are encrypted using application-level encryption before database storage.

Network Security

  • Firewalled infrastructure with deny-by-default rules
  • Internal services communicate over private networks only
  • Public endpoints are served through a reverse proxy with automatic HTTPS
  • DDoS protection at the infrastructure level

Application Security

Authentication

  • Password hashing — All passwords are hashed using Argon2id (memory-hard algorithm)
  • Session management — Sessions expire after 120 minutes of inactivity. Only API requests extend sessions (not page views).
  • CSRF protection — All state-changing requests require a valid CSRF token
  • API authentication — API keys use bearer token authentication with scoped permissions

Authorization

  • Role-based access control (RBAC) — Four roles (Owner, Admin, Manager, Member) with hierarchical permissions
  • Organization isolation — Each organization's data is completely isolated. Users can only access data within their organization.
  • API key scopes — API keys are granted specific scopes (e.g., assets:read, locations:write) following the principle of least privilege
  • Consent-based admin access — Platform administrators cannot access your organization's data without your explicit approval (see below)

Input Validation

  • All user input is validated server-side using type-safe form validation
  • SQL injection prevented through parameterized queries (Eloquent ORM)
  • XSS prevented through automatic output escaping
  • Rate limiting on all endpoints to prevent abuse

Dependency Management

  • Automated dependency scanning for known vulnerabilities
  • Regular updates of all frameworks and libraries
  • Lock files ensure reproducible builds with verified dependencies

Data Protection

iCloud Credentials

When you connect Apple devices via iCloud, your Apple ID credentials are:

  • Encrypted using application-level AES-256 encryption before database storage
  • Only used to poll Find My location data — no other iCloud data is accessed
  • Immediately deleted when you remove the device or delete your account
  • Never logged, exported, or accessible to our team

Location Data

  • Location data is stored in a dedicated time-series database (TimescaleDB) optimized for high-volume GPS data
  • Automatic data retention policies — old data is compressed and eventually deleted based on your plan settings
  • Location data is never sold, shared, or used for advertising

Backup and Recovery

  • Automated daily backups with point-in-time recovery
  • Backups encrypted and stored in a separate physical location within the EU
  • Regular backup restoration testing

Operational Security

Monitoring

  • Real-time application monitoring and alerting
  • Centralized logging with structured JSON logs (no sensitive data in logs)
  • Error tracking via self-hosted GlitchTip (no data leaves our infrastructure)
  • Performance monitoring with Grafana dashboards

Incident Response

In the event of a security incident:

  • We follow a documented incident response procedure
  • Supervisory authority notification (GDPR Article 33) — The Slovenian Information Commissioner (Informacijski pooblaščenec) is notified within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms
  • Data subject notification (GDPR Article 34) — Affected individuals are notified without undue delay when a breach is likely to result in a high risk to their rights and freedoms
  • Post-incident reports are conducted to prevent recurrence

Access Control

  • Production infrastructure access is restricted to authorized personnel only
  • All administrative access is logged and audited
  • Principle of least privilege applied across all systems

Administrative Data Access

Unlike most platforms where support staff have unrestricted access to customer data, Pointeron implements a consent-based data access system that puts you in control.

How It Works

  • Request — When support needs to access your data (e.g., to troubleshoot an issue), they submit a formal Data Access Request specifying the reason, which data categories they need, and for how long
  • Approve — You receive a notification and can review the request. You choose to approve or deny, and can reduce the requested duration
  • Time-Limited Session — Once approved, the administrator starts a session with a countdown timer. Access automatically expires when the time runs out
  • Scope-Limited — Access is restricted to only the data categories you approved (e.g., "Assets" and "Devices" but not "Billing" or "Location History")
  • Revocable — You can revoke access at any time during an active session

Audit Trail

Every step is recorded in an immutable activity log visible to you:

  • When the request was created and by whom
  • When you approved or denied it
  • When the session started and ended
  • Which data categories were accessed
  • If access was revoked and why

This audit trail is available in the Activity Log section of your dashboard and within the linked support ticket conversation, providing full traceability.

Support Integration

Data Access Requests are integrated with the built-in support ticket system. When an administrator requests access from within a support ticket, the request and its status changes appear directly in the ticket conversation — so you always have context for why access was requested and what happened.

Consent Audit Trail

When you use Pointeron to track individuals, every consent-related action is recorded in an immutable audit log that cannot be modified or deleted.

Tracked Actions

  • Consent requested — A consent request was sent to the tracked individual
  • Consent accepted — The individual accepted the consent request
  • Consent declined — The individual declined the consent request
  • Tracking paused — The individual paused tracking via their consent page
  • Tracking resumed — The individual resumed tracking after a pause
  • Consent withdrawn — The individual withdrew their previously given consent
  • Consent revoked — The organization revoked tracking for the individual
  • Consent expired — The consent period expired without renewal

What Is Recorded

  • Precise timestamp of every action
  • Who performed the action (organization member or tracked individual)
  • The source of the action (dashboard, consent page, API, or system automation)

Compliance Guarantees

  • Organization owners can review the full consent timeline for any tracked individual from the dashboard
  • Consent records are never deleted — revoked and withdrawn consents are preserved for legal compliance
  • The audit trail provides the documentation required by GDPR Article 7 to demonstrate that valid consent was obtained

Data Subject Requests

Tracked individuals can submit data access and deletion requests directly from their consent page — no email required. Each request includes:

  • Automatic processing — Data access requests generate a JSON export; deletion requests permanently remove all location data
  • 30-day deadline — Every request is tracked against the GDPR-mandated 30-day response window
  • Full audit trail — Submission, fulfillment, denial, and response notes are all recorded
  • Dual visibility — Both the tracked person and the organization owner can see request status at all times

Webhook Security

All webhook deliveries include an HMAC-SHA256 signature in the X-Pointeron-Signature header, allowing you to verify that payloads originate from Pointeron and have not been tampered with. See our webhook documentation for implementation details.

Compliance

  • GDPR — Full compliance with the EU General Data Protection Regulation
  • ZVOP-2 — Compliance with Slovenian Personal Data Protection Act
  • PCI DSS — Payment processing handled by Stripe (PCI DSS Level 1 certified)
  • ePrivacy Directive — Minimal cookie usage, no tracking cookies

Reporting a Vulnerability

If you discover a security vulnerability in Pointeron, please report it responsibly:

  • Email: security@pointeron.com
  • Do not disclose the vulnerability publicly until we have had a chance to address it
  • We will acknowledge your report within 48 hours
  • We will not take legal action against researchers who report vulnerabilities in good faith

Contact

For security-related questions:
revelbit d.o.o.
Email: security@pointeron.com
Address: Jesenje 23D, 1281 Kresnice, Slovenia

Security | Pointeron