Last updated: May 18, 2026
Point Eight AI Pte. Ltd. (“Point Eight”, “we”, “us”, or “our”) is a company incorporated in the Republic of Singapore. We are the data controller responsible for the processing of your personal data in connection with the Pipora website at pipora.pointeight.ai and associated services (collectively, the “Services”). Our registered address is 68 Circular Road, #02-01, Singapore 049422.
For data-protection inquiries, you may contact our Data Protection Officer at dpo@pointeight.ai.
| Data Type | Details |
|---|---|
| Account information | Name, email address, and a unique account identifier returned by your sign-in provider. Sign-in is handled by the shared Point Eight web account system, which supports Apple Sign-In, Google Sign-In, and email one-time-passcode (OTP). If you use Apple’s “Hide My Email”, we only receive the relay email address. |
| Pipora persona content (Owners) | The display name, biography, preset avatar selection, optional memories or knowledge inputs, visibility setting, and pricing you configure for each Pipora you create. |
| Chat content (Visitors and Owners) | The text of your messages, the text of AI-generated replies, and any per-conversation opt-in to share the conversation with the Pipora’s Owner. Owner-authored manual replies are also included. |
| Feedback and support | Information you provide when contacting us for support or submitting feedback. |
| Data Type | Details |
|---|---|
| Device and browser information | Browser type, operating-system version, language, and time zone, derived from the standard headers your browser sends. |
| Usage data | Pages viewed, features used, session duration, and (for Visitors) which Piporas you have opened or chatted with. |
| Approximate location | Country-level location derived from your IP address, used for abuse prevention, regional feature gating, and billing-tax purposes. We do not collect precise GPS location. |
| Log data | IP address, request times, response codes, and error logs for diagnostics and abuse prevention. |
| Cookies and similar technologies | See Section 12. |
When you sign in using Apple or Google, we receive the information described in Section 2.1 from the authentication provider, subject to the permissions you grant during sign-in. When you pay via Stripe, we receive transaction metadata (amount, status, last four digits of the card, country) but not your full card number or CVC.
We use your information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Services (account, Pipora creation, chat, ledger) | Performance of contract |
| Generate AI replies through third-party model providers | Performance of contract |
| Process subscriptions, per-Pipora passes, and creator earnings | Performance of contract |
| Apply rate-limits, detect abuse, and enforce safety policies | Legitimate interest / Legal obligation |
| Improve the Services (de-identified usage analytics, model-prompting iteration) | Legitimate interest |
| Communicate with you about the Services (account changes, billing, security alerts) | Legitimate interest / Performance of contract |
| Comply with legal obligations (record-keeping, tax, lawful requests) | Legal obligation |
When a Visitor sends a message to a Pipora, our edge service builds a compact prompt from the Pipora’s configured Persona Content (display name, biography, skill slots) and the recent conversation history, and sends that prompt to a third-party large-language-model provider to generate a reply. This processing involves:
By default, the Pipora’s Owner cannot read your chats. You may opt in per conversation to share the conversation history with the Owner. If you opt in:
You should treat any conversation in which you have opted in to Owner visibility as readable by another person. Do not share sensitive information you would not be willing to disclose to that Owner.
We do not use the textual content of private Pipora conversations to train AI models that are made available to other users, unless you explicitly opt in.
We may use:
We route AI chat requests through OpenRouter (openrouter.ai), an API routing intermediary. Depending on availability, quality, and cost, OpenRouter forwards messages to one of the following model providers for processing:
Note on data routing: Conversation text is sent only to OpenRouter and the underlying provider that OpenRouter selects for a given request. We never make direct API calls to the underlying model providers ourselves. We may add or change providers over time and will update this Privacy Policy when we make material changes. The provider list above is accurate as of the “Last updated” date.
All providers are bound by data-processing agreements that require them to process data only for the purpose of returning responses to us, not to use your data to train their own publicly available models, to implement appropriate security measures, and to delete data after processing in line with their stated retention policies.
We do not sell your personal data. We may share your information only in the following circumstances:
Persona Content that an Owner publishes to a public-visibility Pipora is visible to anyone who finds that Pipora. Unlisted Piporas are reachable only by their link; private Piporas are reachable only by the Owner. As a Visitor, your chats are visible only to you, except where you opt in to share a conversation with the Owner as described in Section 4.2.
We share data with service providers who assist in operating the Services, including:
All service providers are bound by data-processing agreements and are required to protect your data.
We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
Point Eight is incorporated in Singapore. Your data may be processed in:
When we transfer your data outside of your jurisdiction, we ensure appropriate safeguards are in place, including:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion, plus up to 30 days for backup removal |
| Persona Content (Pipora bio, memories, settings) | Until the Pipora is deleted by you, or account deletion |
| Chat content (messages and AI replies) | Until you delete the conversation, the Owner deletes the Pipora, or account deletion |
| Owner-visible opt-in records | Same retention as the underlying conversation |
| Browser and usage data | Up to 12 months from collection |
| Log data and abuse-prevention records | Up to 90 days, except where retention is required for a security investigation |
| Subscription, pass, and creator-ledger records | As required by applicable tax and accounting laws (typically 5–7 years) |
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (for example, financial records) or for legitimate business purposes (for example, an active fraud investigation).
We implement industry-standard technical and organizational measures to protect your data, including:
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. If we become aware of a security breach affecting your personal data, we will:
Regardless of your location, you have the right to:
If you are located in Singapore, you have rights under the Personal Data Protection Act 2012 (PDPA), including the right to access and correct your personal data, and to withdraw consent for data processing. We will process your requests in accordance with the PDPA. Note that withdrawal of consent may affect our ability to provide certain Services to you.
If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:
Our legal bases for processing are described in Section 3 above.
If you are located in Japan, we process your personal data in accordance with the Act on the Protection of Personal Information (APPI). We obtain your consent before providing personal data to third parties located outside Japan, except where permitted by APPI.
If you are located in a jurisdiction with data-protection laws that grant you specific rights, we will honour those rights to the extent required by applicable law. Please contact us if you have questions about your rights.
To exercise your privacy rights, you may:
We will respond to your request within 30 days (or the timeframe required by applicable law). We may need to verify your identity before processing your request.
You must be at least 18 years old to create a Pipora persona, and at least 13 years old to chat with one. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at dpo@pointeight.ai and we will delete that information. For users between 13 and 18, we recommend parental guidance when using AI chat features. Parents or guardians may contact us to request access to or deletion of their child’s data.
The Services integrate with third-party services whose privacy practices are governed by their own policies:
The Pipora website uses only essential cookies necessary to operate the Services:
We do not use third-party advertising trackers or third-party analytics cookies on the Pipora website. We do not share your data with advertising networks.
We use automated systems for the following purposes:
These automated systems do not make decisions that produce legal effects or similarly significant effects on you. Safety decisions are subject to human review upon appeal. If you believe an automated decision has adversely affected you, please contact dpo@pointeight.ai.
We may update this Privacy Policy from time to time. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.
Point Eight AI Pte. Ltd.
Data Protection Officer: dpo@pointeight.ai
General inquiries: contact@pointeight.ai
Legal: legal@pointeight.ai
Website: pointeight.ai