Digital Point LLC operates AI agent infrastructure on behalf of B2B clients. This page explains what data we process on digitalpointllc.com and on the engagements that follow. Written plain, no dark patterns.
Digital Point LLC is a US-LLC registered in Wilmington, Delaware. We operate production AI agent stacks for B2B SaaS, e-commerce, and professional-services clients. This policy covers personal information we collect through digitalpointllc.com, the audit form, the diagnostic tool, and the Cosmo on-site chat.
Contact for privacy questions: reach a co-founder via the audit form at /audit. We do not operate a generic support inbox.
Audit form submissions (/audit): name, email, company name, current ad spend range, and a free-text challenge description you choose to share. We collect a UTM source/medium/campaign trio when present in the URL.
Cosmo chat (/api/chat): the conversation transcript and a session-scoped identifier. Transcripts are retained for service-quality review for 30 days, then deleted.
Newsletter submissions (/api/newsletter): email only.
Diagnostic tool (/diagnostic): runs entirely in your browser. We do not collect or store your answers or score unless you submit them through a follow-up form.
Technical: IP address (for rate-limiting on POST routes only), user-agent string, viewport size for responsive rendering. We do not maintain persistent IP logs beyond the rate-limit window (60 minutes).
Analytics: Vercel Analytics + Vercel Speed Insights, gated behind the cookie consent banner. If you decline, neither runs. We do not load Google Analytics, Facebook Pixel, or any other third-party tracking.
Service delivery. To reply to your audit request, route it to the right co-founder, send written deployment plans, and operate any engagement you commit to.
Improving the service. Aggregated, identifier-removed analytics on which pages get used and where users drop off. Never resold.
Legal and security. To comply with subpoenas, court orders, and tax obligations. To defend against fraud and abuse on our forms.
We do not sell, rent, or share personal information with advertisers or data brokers.
We use a small set of vendors to deliver the service. Each is bound by a Data Processing Agreement.
All traffic served over HTTPS with HSTS preload (max-age 2 years, includeSubDomains).
Content Security Policy headers restrict inline scripts to a documented allowlist (Vercel Analytics, Vercel Speed Insights, BotID).
API endpoints (audit, founder, leads) protected by BotID + per-IP rate limiting.
Database access is service-account-scoped. Co-founder review on every audit submission before any operational handoff.
For engagement deployments: a DPA is signed with you at pilot stage. Agents run with read-only or least-privilege credentials. PII is redacted from live observability streams (Slack Connect) before posting.
GDPR-equivalent rights apply to all users regardless of geography. You may request access to, correction of, or deletion of personal information we hold about you.
To exercise any right, submit the request through the audit form at /audit with subject line "Privacy request." We respond within 30 days, usually within 5 business days.
You may opt out of analytics at any time by clicking the cookie banner reset link in /cookies or by clearing the dpl_cookie_consent localStorage value.
The service is B2B and not directed to anyone under 16. We do not knowingly collect information from children.
We revise this policy as the service evolves. Material changes are dated at the top of this page and announced via the next monthly engagement report to active clients. The most recent revision date is in the header.