← Back to PointsAssessment

Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains what personal information TM Profits Solutions Ltd, a company organized under the laws of the Republic of Cyprus and operating the brand PointsAssessment ("PointsAssessment," "we," "us"), collects when you use our Points Strategy Assessment, why we collect it, how we store it, who we share it with, and the choices you have. The data controller is TM Profits Solutions Ltd, Andrea Araouzou 2, Stefano Plaza, 1st floor, Flat/office 101, Kato Polemidia, 4150, Limassol, Cyprus. Contact: hello@pointsassessment.com.

Our service is offered to business owners based in the United States. We have written this policy primarily around US privacy law, and because our company is established in Cyprus we also describe the rights available under EU/Cyprus law (GDPR) for anyone to whom it applies.

For details about the cookies and similar technologies on our website, see our Cookie Policy.

1. Information we collect

Contact and account information — your name, business name, email address, phone number, and similar details you give us when you book and pay for an assessment.

Business and spending information — information you describe during your assessment call: your industry, approximate revenue, number of employees, your monthly spending by category, the credit cards you currently use, your rewards balances, your goals, and any other information related to your business that you choose to share with us.

Call recordings and transcripts — your assessment call with Claire is recorded and transcribed in full. The recording and transcript contain everything you say during the call.

Payment information — when you pay your assessment fee, our payment processor, Stripe, collects and processes your payment details directly. Stripe typically collects your cardholder name, card or other payment details, billing address or postal code, email address, and information about the transaction (such as amount, currency, date, payment status, and the type and last four digits of your card). We do not store full payment card numbers on our own systems. Through our Stripe account we can access the customer, payment, and transaction information Stripe makes available to us (for example, your name, email, billing location, payment status, transaction history, and a partial card descriptor), which we use to manage your purchase, refunds, accounting, and fraud prevention. Stripe processes payment data as an independent controller under its own privacy policy.

Technical and usage information — when you visit our website, standard information such as IP address, browser type, the pages you view, and which version of a page you were shown (for our A/B testing) may be collected through cookies and analytics. See our Cookie Policy for the specific cookies we use and your choices.

2. Why we collect it (purposes)

We use this information to: - deliver the service — conduct your assessment call and produce your written assessment; - have a member of our team review your assessment for quality and compliance; - communicate with you about your assessment and follow-up questions; - process your payment and any refund; - improve Claire and our assessment process, and review calls for quality and training; - meet legal, accounting, tax, and compliance obligations; - send you marketing communications (such as our newsletter) where you have agreed to receive them — you can opt out at any time.

3. Legal bases for processing (EU/Cyprus — GDPR)

Because PointsAssessment is established in Cyprus, the EU General Data Protection Regulation (GDPR) applies to our processing of personal data. We rely on these legal bases: performance of a contract (to deliver the assessment you paid for); consent (for call recording and for marketing emails); legitimate interests (improving our service, quality review, and securing our systems); and legal obligation (accounting and tax records).

4. How and where we store it

We store your information in our customer relationship management system and associated cloud services. Information is protected by access controls and is available only to people who need it to deliver or review your service. Call recordings and transcripts are stored with our voice provider and/or our CRM. Because our service providers operate internationally, your information may be processed in the United States, the European Union, and other countries. Where personal data of EU/EEA individuals is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

5. Third parties we share information with

We do not sell your personal information to data brokers. We share your information in the limited ways described below.

Service providers who run the service for us, each acting under contract:

  • GoHighLevel (CRM, email, automations) — stores your contact details, assessment data, your assessment, and communications, and sends all of our email, both transactional and (where you opted in) marketing.
  • Retell AI (voice agent platform) — powers Claire and handles your call audio and transcript.
  • Stripe (payments) — processes your payment and any refund.
  • Google Analytics — measures website traffic and performance.
  • Advertising platforms (Meta Pixel and LinkedIn Insight Tag) — help us measure and target our advertising on Facebook, Instagram, and LinkedIn. See our Cookie Policy for what these set and how to opt out.

Select partners. From time to time we may share your information with a limited number of carefully selected partner businesses whose products or services we believe may genuinely benefit your business — for example, when we refer you to a partner (see our Affiliate & Referral Disclosure). We do this selectively, not indiscriminately, and we do not share with data brokers. Where the law gives you a right to consent to, or opt out of, this kind of sharing, we will honor it — you can opt out at any time by emailing hello@pointsassessment.com.

Legal and business transfers. We may also disclose information when required by law, to enforce our Terms, or to protect the rights and safety of our customers, our staff, or the public. If our business is sold or reorganized, customer information may transfer as part of that transaction.

6. Call recording consent

Your assessment call is recorded and transcribed. We tell you this before the call (in these documents and at booking) and again at the start of the call. By continuing with the call after being notified, you consent to the recording and transcription. If you do not wish to be recorded, do not proceed with the call and contact us for a refund. You may ask us to delete your recording after your assessment is delivered, subject to Section 8.

7. Marketing communications

If you opt in, we may send you our newsletter and other marketing email. Every marketing email includes an unsubscribe link, and you can opt out at any time. Opting out of marketing does not stop transactional messages about your assessment.

8. Data retention

We keep your information for as long as it is needed for the purposes described above and for our legitimate business interests — including providing ongoing and repeat service to you, improving our service, and defending or resolving any dispute — and we are not required to delete it before then. Specifically: - Contact and assessment data, and your assessment — retained for the life of your relationship with us and afterward to support ongoing and repeat service, unless you ask us to delete it (see Sections 9 and 10). - Call recordings and transcripts — retained for up to 24 months, and longer where needed to handle a refund, dispute, or legal requirement; you may ask us to delete a recording sooner. - Payment and accounting records — kept for at least six (6) years, as required by applicable Cyprus tax and accounting law.

Where you exercise a valid right to deletion, we will delete or anonymize your information except to the extent we are legally required or permitted to retain it.

9. Your rights — EU/Cyprus (GDPR)

If you are in the EU/EEA, or where GDPR otherwise applies, you have the right to: access the personal data we hold about you; correct inaccurate data; request erasure; restrict or object to certain processing; data portability; and withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with a supervisory authority — in Cyprus, the Office of the Commissioner for Personal Data Protection. To exercise any right, email hello@pointsassessment.com.

10. Your rights — United States (including California / CCPA)

Most of our customers are US-based business owners. Depending on your state, you may have rights under state privacy law, including the California Consumer Privacy Act as amended (CCPA/CPRA). These can include the right to know what personal information we collect and how we use it, the right to request deletion of your personal information, the right to correct it, and the right not to be discriminated against for exercising these rights, and — in some states — the right to opt out of the "sale" or "sharing" of your personal information.

We do not sell your personal information to data brokers. However, we may share your information with carefully selected partners (see Section 5), and we use advertising and analytics pixels (such as the Meta Pixel and LinkedIn Insight Tag) to measure and target our advertising. Depending on your state, some of this activity may be treated as a "sale" or "sharing" of personal information under state privacy law. You have the right to opt out — email hello@pointsassessment.com and tell us you wish to opt out of the sale or sharing of your personal information, and we will honor your request. To make this or any other request, email hello@pointsassessment.com; we will verify your identity before acting on it.

11. Children

Our service is for business owners and is not directed to children. We do not knowingly collect personal information from anyone under 18 (or under 16 in the EU/EEA).

12. Security

We use reasonable technical and organizational measures to protect your information, including access controls and reliance on reputable service providers. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

13. Changes to this Policy

We may update this Privacy Policy. When we do, we will change the "Last updated" date and, for material changes, take reasonable steps to notify customers.

14. Contact

Questions, or to exercise your rights: hello@pointsassessment.com, or write to us at TM Profits Solutions Ltd, Andrea Araouzou 2, Stefano Plaza, 1st floor, Flat/office 101, Kato Polemidia, 4150, Limassol, Cyprus.