Mission Point Holdings LLC ("we", "us", "our") is committed to protecting the personal data of everyone who uses missionpointholdings.com and the Mission Point Holdings International platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and applicable national data protection laws.

1. Who We Are (Data Controller)

• Entity: Mission Point Holdings LLC
• Trading as: Mission Point Holdings International
• Website: missionpointholdings.com
• Contact: [email protected]
• Address: [REGISTERED ADDRESS]

2. Data We Collect

2.1 Data You Provide Directly

• Identity data: first name, last name, job title, company name.
• Contact data: email address, phone number (where provided).
• Investment profile data: investment budget range, markets of interest, investment goals.
• Payment data: billing name and address. Full card numbers are processed and stored by Stripe and are never held by us.
• Communication data: messages, enquiries, and feedback you send to us.
• Retainer engagement data: information shared as part of an advisory engagement.

2.2 Data Collected Automatically

• Usage data: pages visited, time on page, features used, report downloads, links clicked.
• Device and technical data: IP address, browser type, operating system, screen resolution.
• Concierge conversation data: conversation logs from interactions with the AI Concierge.
• Cookie and tracking data: see Risk Disclosure (Cookie Policy) for full details.

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Provide the Services you have requested	Identity, contact, payment, investment profile	Contractual necessity
Send the Intelligence Briefing and content updates	Email address, content preferences	Consent / Legitimate interests
Personalise the AI Concierge and platform experience	Conversation data, investment profile	Legitimate interests
Process payments and manage billing	Payment data, identity data	Contractual necessity
Manage and improve our Services	Usage data, device data, feedback	Legitimate interests
Comply with legal obligations	Identity, financial, communication data	Legal obligation
Prevent fraud and ensure platform security	Identity, device, usage data	Legitimate interests / Legal obligation

4. Cookies and Tracking

We use cookies and similar tracking technologies on our website. For full details, please see our Cookie Policy.

5. Third-Party Data Processors

Processor	Location	Purpose
GoHighLevel (GHL)	United States	CRM, email delivery, automation workflows, pipeline management, calendar bookings.
Voiceflow	United States / Canada	AI Concierge hosting and conversation processing.
Supabase	United States / EU	Database hosting for conversation logs, lead scores, and investor profiles.
PostHog	United States / EU	Product analytics, session tracking, funnel analysis.
Stripe	United States	Payment processing and billing management.
Google	United States	Search Console verification and website analytics.

6. International Data Transfers

Some of our processors are located in the United States. Where we transfer data from the European Economic Area or United Kingdom to the US, we rely on the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or the UK International Data Transfer Agreement (IDTA) as applicable.

7. Data Retention

• Active subscriber data: retained for the duration of the subscription plus 24 months.
• Retainer client data: retained for the duration of the engagement plus 7 years.
• Concierge conversation logs: retained for 12 months, then anonymised.
• Payment records: retained for 7 years as required by applicable financial regulations.
• Marketing data (non-subscribers): retained for 24 months from last interaction, then deleted.
• Analytics data: retained in aggregated, anonymised form; identifiable data deleted after 26 months.

8. Your Rights

• Right of Access (GDPR Art. 15) — Request a copy of the personal data we hold about you.
• Right to Rectification (GDPR Art. 16) — Request correction of inaccurate or incomplete data.
• Right to Erasure (GDPR Art. 17) — Request deletion of your data, subject to legal retention obligations.
• Right to Restriction (GDPR Art. 18) — Request that we limit how we use your data.
• Right to Data Portability (GDPR Art. 20) — Receive your data in a structured, machine-readable format.
• Right to Object (GDPR Art. 21) — Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.
• CCPA Rights (California residents) — Right to know, delete, opt-out of sale, and non-discrimination. We do not sell personal data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect your personal data including SSL/TLS encryption, access controls, regular security reviews, Supabase row-level security, and PCI-DSS compliant payment processing via Stripe.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the "Last Updated" date and, where changes are material, notify subscribers by email.

12. Contact

Data protection enquiries: [email protected]
Address: [REGISTERED ADDRESS]