Privacy Policy

Last updated: February 18, 2026

This Privacy Policy describes how Checkpoint Labs, LLC ("we," "us," or "our") collects, uses, and shares information when you use our website, CLI tools, browser extensions, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and profile photo. You may sign up using a third-party provider (e.g., Google, GitHub), in which case we receive basic profile information from that provider.
  • Project & Workspace Data: Names, descriptions, and configuration of projects, tasks, milestones, and invoices you create within the Service.
  • Comments & Feedback: Text content, position metadata, and thread replies you create when reviewing tunnels.
  • Payment Information: If you use paid features, payment is processed by Stripe. We do not store your full credit card number. We receive a transaction identifier, last four digits, and billing details from Stripe.
  • Communications: If you contact us for support, we retain the correspondence and any information you provide.

Information Collected Automatically

  • Tunnel Metadata: When you create a tunnel, we collect the tunnel URL, connection status, timestamps, and associated project or share settings. We do not inspect or store the content of traffic passing through your tunnel.
  • Source Anchor Data: When a reviewer leaves a comment on a tunneled site, our tracking script captures metadata about the target element (component name, source file, line number) to enable developer tooling. This data is derived from source maps exposed by your development server and is stored alongside the comment.
  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, timestamps, and referring URLs.
  • Device & Connection Information: Browser type, operating system, IP address, and general geographic location inferred from IP.
  • Cookies & Similar Technologies: See our Cookie Policy for details.

Information from Third-Party Integrations

When you connect integrations (GitHub, Linear, Jira, Slack), we receive OAuth tokens and limited profile data necessary to perform actions on your behalf (e.g., creating issues). We do not access repositories, code, or data beyond what is required by the specific integration.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process transactions and send related notices
  • Enable tunnel sharing, commenting, and collaboration features
  • Facilitate third-party integrations you authorize
  • Send service-related communications (e.g., security alerts, product updates)
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations

We do not sell your personal information.

3. How We Share Your Information

We share information only in the following circumstances:

  • With Your Collaborators: Comments, tunnel share links, and project data are visible to users you invite or share with. Public share links make tunnel content accessible to anyone with the URL.
  • Service Providers: We use third-party services to operate the Service, including Supabase (database and authentication), Cloudflare (tunnel infrastructure), Stripe (payments), and Vercel (hosting). These providers access data only as necessary to perform services on our behalf and are bound by contractual obligations to protect it.
  • Third-Party Integrations: When you enable integrations, we share relevant data (e.g., comment content for issue creation) with the connected service as directed by you.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
  • With Your Consent: We may share information for other purposes with your explicit consent.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial records).

Tunnel data is retained for the lifetime of the tunnel. When a tunnel is deleted, associated metadata is removed.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for optional processing
  • Object to or restrict certain processing activities

To exercise any of these rights, contact us at hello@checkpoint.build. We will respond within 30 days.

California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

European Residents (GDPR)

Our legal bases for processing are: performance of a contract (providing the Service), legitimate interests (improving the Service, security), consent (optional analytics, marketing), and legal compliance. You may lodge a complaint with your local data protection authority.

7. International Data Transfers

Your information may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for cross-border transfers, including standard contractual clauses where applicable.

8. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at:

Checkpoint Labs, LLC
Email: hello@checkpoint.build