How OnPoint protects your data.

1. Introduction

OnPoint Authority Systems, Inc. ("OnPoint", "we", "us", or "our") respects your privacy and is committed to safeguarding the personal information of every executive, institution, and visitor that engages with onpointauthoritysystems.com (the "Site") and our protected portals.

This Privacy Policy explains what information we collect, how we use and protect it, and the rights you have over your data. By using the Site, you agree to the practices described below.

2. Information We Collect

We collect the minimum data necessary to support institutional engagement and platform integrity:

• Identification & Contact Data. Name, title, work email, institution, phone, optional message — submitted via Priority Access, Authority Review, NDA, and Contact forms.
• Institutional Profile. Institution type (G-SIB, asset manager, etc.), tier interest, annual revenue range, and engagement context, when voluntarily provided.
• Authenticated Portal Activity. Documents accessed, NDA execution timestamps, and download events within /portal and the Deal Room.
• Technical & Engagement Telemetry. Anonymized event signals (page views, video impressions, map zoom clicks), generated session identifiers stored in your browser, IP address and user-agent at the moment of submission.

3. How We Use Your Information

Your information is used exclusively to operate, secure, and improve the OnPoint engagement substrate:

• Service Delivery. Respond to inquiries, dispatch NDAs, provision Deal Room access, and execute the Strategic Authority Review.
• Transactional Communication. Send branded acknowledgement and status emails (e.g., Priority Access confirmation, NDA receipt). We do not send unsolicited marketing.
• Operational Integrity. Detect abuse, maintain audit logs, comply with SOC-2 controls, and support GCP Partner Case #71129532 telemetry obligations.
• Aggregate Analytics. Measure engagement at the institutional cohort level — never to profile or sell to third parties.

4. How We Share Information

OnPoint does not sell, rent, or barter your personal data. We share information only with the following categories of processors, each bound by written confidentiality and data-protection terms:

• Infrastructure Providers. Google Cloud Platform (compute, IAM, BigQuery) and MongoDB Atlas (encrypted data-at-rest storage).
• Transactional Email. Resend, used to deliver acknowledgement and notification emails from ops@onpointauthoritysystems.com.
• Legal & Compliance. Disclosure may occur where required by law, subpoena, or to protect the rights and safety of OnPoint or its institutional partners.

5. Data Security

We apply layered, institutional-grade controls: TLS 1.3 transport encryption, AES-256 encryption at rest, JWT-based authentication, role-segregated access, audited download logs, and ZKP-verified provenance within the Authority OS™ substrate. The Deal Room operates on non-custodial cryptographic boundaries — by design, no single operator can unilaterally exfiltrate documents.

6. Data Retention

Form-submission records are retained for the duration of the engagement relationship plus a regulatory tail of seven (7) years to satisfy financial-services audit standards. Engagement telemetry (page-level events) is retained in aggregated form for up to twenty-four (24) months. You may request earlier deletion as outlined in Section 8.

7. Cookies & Local Storage

The Site uses strictly necessary browser storage (`sessionStorage`) to generate an anonymous session identifier for engagement analytics, and `localStorage` to hold authentication tokens for signed-in buyer-portal users. We do not deploy third-party advertising cookies or cross-site tracking pixels.

8. Your Rights

Depending on your jurisdiction (including GDPR for EU/UK residents and CCPA/CPRA for California residents), you have the right to access, correct, port, restrict, or delete the personal information we hold about you, and to opt out of any non-essential processing. To exercise these rights, contact us using the details in Section 10. We will respond within thirty (30) days.

9. Children

OnPoint serves institutional principals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Contact & Data Steward

Privacy questions, deletion requests, and regulatory inquiries should be directed to our operations desk:

11. Updates to this Policy

We may amend this Policy from time to time to reflect operational, legal, or regulatory change. Material updates will be announced on this page with a revised "Last Updated" date. Continued use of the Site after such updates constitutes acceptance of the revised terms.