Pointer

Security

Last updated on May 31, 2025

Pointer uses industry-leading technologies and services to protect your data against unauthorized access, disclosure, use, and loss.

All Pointer administrators undergo background checks and are routinely trained on security practices both during company onboarding and on a quarterly basis.

Security at Pointer is directed and maintained by our founders.

SOC 2 Type I Compliance

Pointer is SOC 2 Type I compliant. This certification evaluates the design and implementation of our internal controls at a specific point in time, ensuring they align with the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Achieving this compliance demonstrates our commitment to maintaining a robust security posture and provides assurance to our customers regarding the safeguarding of their data.

Infrastructure and Network Security

Physical Access Control

Our platform is hosted on both Google Cloud Platform (GCP) and Amazon Web Services (AWS), both of which maintain rigorous physical security measures and compliance certifications.

Google Cloud Platform:

Their data centers include:

  • Vehicle access barriers
  • Perimeter fencing
  • Biometric access control
  • 24/7 security monitoring
  • Advanced electronic access control systems

GCP maintains ISO 27001 certificates and SOC 2/3 reports.

Amazon Web Services:

AWS data centers are designed to deliver 99.999999999% (11 9s) durability and include:

  • Redundant storage across multiple devices and facilities
  • Comprehensive security and compliance programs, including PCI-DSS, HIPAA/HITECH, FedRAMP, EU Data Protection Directive, and FISMA
  • Encryption of all object uploads by default
  • S3 Block Public Access to prevent unauthorized access

Pointer employees do not have physical access to any data centers, servers, networking equipment, or storage media.

Logical Access Control

We maintain strict controls over infrastructure access:

  • Limited administrator access to authorized employees
  • Two-factor authentication requirement
  • Detailed audit logging
  • Private network administration
  • Regular certificate rotation

Authentication Security

Our authentication system provides enterprise-grade security through multiple mechanisms:

  • OAuth2 integration with Google and GitHub
  • Session-based authentication with automatic token rotation
  • Comprehensive token refresh and expiry management
  • Scope-based authorization controls
  • Active session validation and monitoring

With Single Sign-On (SSO), we allow users to access multiple applications with a single set of credentials, simplifying user management and reducing password-related vulnerabilities.

IP Security

We maintain robust location-based security through continuous monitoring and verification. Our system includes:

  • Location tracking and verification for all access attempts
  • Known IP address monitoring and validation
  • Automatic notifications for new location access
  • Account locking after multiple suspicious attempts
  • Comprehensive location-based risk assessment
  • Real-time email alerts for security events

Data Flow

Data Arriving from Customers

We maintain strict security standards for incoming data:

  • HTTPS encryption using TLS 1.2 or above
  • Rejection of connections using TLS below 1.2
  • Zero-trust network with full traffic encryption
  • Regular SSL configuration testing via SSL Labs
  • Rule and anomaly-based request monitoring

Data Leaving the System

Customers can access their data through multiple secure channels:

  • Web Application (app.pointer.so)
  • Mobile Applications (iOS and Android)
  • REST API (api.pointer.so)

All data access methods ensure TLS 1.2+ encryption in transit.

Application Security

Authentication Methods

We support multiple secure authentication options:

Sign In with Google

  • Google/GSuite account integration
  • Annual Google Security Assessment
  • Third-party security audit

Sign In with GitHub

  • GitHub OAuth integration
  • Enterprise-grade security standards
  • Secure token handling and validation

REST API Authentication

  • Brute force resistant API keys with rate limiting
  • Self-service token management
  • Secure key storage and transmission
  • Session-based request validation with automatic rotation
  • Origin validation and environment-specific controls

Verification for Destructive Operations

To prevent accidental or unauthorized destructive actions, we implement verification codes for major operations such as deleting a project or a user. Additionally, we provide comprehensive user permission management to control access to sensitive functionalities.

Business Continuity

High Availability

Our platform operates on redundant servers with regular maintenance rotation.

Backup Systems

We maintain comprehensive backup procedures:

  • Daily and weekly backups
  • Multiple geographic locations
  • Encrypted storage
  • Regular integrity verification
  • Routine restoration testing

Disaster Recovery

We maintain ready-to-deploy recovery procedures:

  • Multi-region deployment
  • Documented recovery processes
  • Regular testing
  • Incident response protocols

Monitoring

We provide comprehensive security monitoring:

  • Real-time event logging
  • Suspicious activity alerts
  • Activity tracking
  • Security audit trails
  • User notifications

For security concerns or vulnerability reports, contact team@pointer.so.

Turn blockers into
product wins.

Pointer helps you reduce tickets, boost retention, and guide more users to that "wow" moment.