Privacy Policy

Last updated: May 7, 2026

CrossPoint Cloud (the "Service") is a cloud sync service for users of the Korean firmware of the Xteink CrossPoint Reader. This policy describes the categories of personal information the Service collects, how it is used and stored, and the rights of users.

1. Scope

This Service is a cloud relay limited to the Korean firmware (crosspoint-reader-ko) of the CrossPoint Reader, providing remote browsing and management of files on the SD card. Other firmware variants and devices from other manufacturers are out of scope.

2. Information We Collect

The Service collects only the items listed below. Nothing else is collected.

  • Email address

    The email address you provide at sign-up and sign-in. Used solely for account identification and login authentication.

  • Xteink device MAC address

    The hardware identifier (MAC address) reported by the reader during pairing. Used solely to map your account to the correct device when relaying commands.

  • Social-login provider key and email

    When signing in via a social provider (e.g. GitHub), we store the unique identifier (sub / account id) issued by that provider and the email value. Used solely to recognize the same user and maintain login sessions.

Passwords are stored as one-way bcrypt hashes. Plaintext passwords are never stored under any circumstance.

3. Purpose of Use

  • Cloud sync and remote SD-card browsing for Korean-firmware users
  • User authentication and session maintenance
  • Mapping user accounts to their paired devices
  • Preventing abnormal access and abuse

4. Retention and Disposal

Personal information is deleted without delay when you close your account or unpair a device. Items required to be retained by applicable law are kept for the period mandated by that law and then securely disposed of.

5. Third-Party Disclosure

We do not share or sell user information with any third party, except where compelled by lawful request from law enforcement under applicable law.

6. Security Measures

User data is transmitted over HTTPS, and passwords are stored as bcrypt hashes. Pairing tokens and command channels travel only over authenticated WebSocket connections; no inbound port exposure on the reader is required.

7. Your Rights

You may request access, correction, deletion, or account closure at any time. The unpair function in the dashboard immediately deletes device information (including the MAC address).

8. Contact

Please contact IDLERECORD with any questions regarding this policy.