Skip to content
How it works Languages MCP Pricing Docs
Sign in Get API key
How it works Languages MCP Pricing Docs Sign in Get API key

Privacy Policy

Last updated: May 15, 2026

PausePoint Labs ("PausePoint," "we," "us," or "our") operates the PausePoint API and related services (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Your name and email address
  • A hashed password (we do not store your password in plain text)
  • Billing information processed by Paddle (we do not store full card numbers)

Recipient Contact Data

When you use the Service to send notifications, you provide phone numbers and/or email addresses of human recipients. This data is used solely to deliver notifications on your behalf. You are responsible for ensuring you have a lawful basis for providing this data to PausePoint.

API Usage Data

We collect logs of all API calls made with your API key, including:

  • Pause request parameters (message text, options, timeout settings)
  • Timestamps of requests and responses
  • Notification delivery status (sent, delivered, failed)
  • Human response choices and response timestamps
  • IP addresses of API callers

This data forms the immutable audit log that is a core feature of the Service.

Technical Data

We automatically collect certain technical information when you access the Service or landing page, including IP address, browser type, operating system, referring URL, and pages visited. This data is used for security monitoring, analytics, and service improvement.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Deliver SMS and email notifications to recipients you designate
  • Authenticate your API requests and prevent unauthorized access
  • Process payments and manage your subscription via Paddle
  • Provide you with access to your audit log and usage analytics
  • Send transactional emails (account confirmations, billing receipts, API key rotation alerts)
  • Respond to your support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with applicable legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising or behavioral profiling.

3. Third-Party Services

The Service relies on the following third-party providers. Each processes data subject to their own privacy policies and data processing agreements:

  • Twilio:SMS notification delivery. Recipient phone numbers and message content are transmitted to Twilio to send text messages. Twilio is a GDPR-compliant processor.
  • Resend:Email notification delivery. Recipient email addresses and message content are transmitted to Resend for email delivery.
  • Paddle:Billing and payment processing. Paddle acts as Merchant of Record and processes your payment information under Paddle's privacy policy. PausePoint does not receive or store full card details.
  • Supabase:Database hosting. Your account data, API usage logs, and pause records are stored in a Supabase-managed PostgreSQL database. Data is hosted in EU and/or US regions depending on project configuration. Supabase is SOC 2 Type II certified and GDPR compliant.
  • Railway:API hosting and infrastructure. Your API requests are processed on Railway's cloud infrastructure.
  • Sentry:Error tracking and performance monitoring. Sentry receives error reports and stack traces that may include request metadata. Personally identifiable information is scrubbed from Sentry payloads where possible.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained for the duration of your account and deleted within 30 days of account closure, unless required to be retained longer by law.
  • Pause request and audit log data: Retained for 12 months on Free and Starter plans, and 36 months on Pro plans. Enterprise customers may negotiate custom retention.
  • Recipient contact data: Phone numbers and email addresses are retained only for as long as needed to deliver the notification and confirm delivery, after which they are not retained in a recoverable form separate from the audit log.
  • Billing records: Retained as required by applicable tax and financial regulations (typically 7 years).

You may request deletion of your data at any time by contacting us at hello@pausepoint.dev.

5. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right to erasure: You may request that we delete your personal data, subject to any legal obligations we have to retain it.
  • Right to data portability: You may request a machine-readable export of the personal data you have provided to us.
  • Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
  • Right to object: You may object to processing of your personal data where we rely on legitimate interests as our legal basis.

To exercise any of these rights, please contact us at hello@pausepoint.dev. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority in your country of residence.

Our lawful basis for processing personal data is: contract performance (providing the Service), legitimate interests (security, fraud prevention, service improvement), and legal obligation (financial record-keeping).

6. Cookies

The PausePoint landing page and dashboard use a limited number of cookies:

  • Strictly necessary cookies: Session tokens required for authentication. These cannot be disabled without breaking core functionality.
  • Analytics cookies: We may use privacy-respecting analytics (without advertising identifiers) to understand how visitors use our site. These can be disabled via your browser settings without affecting core service functionality.

We do not use third-party advertising cookies or tracking pixels.

7. Data Security

We take reasonable technical and organizational measures to protect your data, including:

  • API keys stored as SHA-256 hashes, never in plain text
  • Response tokens signed with HMAC-SHA256 and expire upon single use
  • All data transmitted over TLS (HTTPS)
  • Database access restricted to application services with least-privilege credentials

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

9. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

  • Email: hello@pausepoint.dev
  • Company: PausePoint Labs, Isle of Man

A pause button for autonomous agents. Built in 2026.

Product
How it works Use cases Integrations Security Pricing
Developers
Documentation Webhooks Error reference llms.txt for AI assistants
Company
Contact Privacy policy Terms of service Refund policy

© 2026 PausePoint Labs. Pure REST. No SDK required.

SOC 2 in progress GDPR compliant