Privacy Policy

This Privacy Policy explains what information Pipelio ("we," "us," "our") collects, how we use it, and the choices you have. By using the Service, you agree to this policy.

1. What we collect

Information you provide

• Account info: name, email, password (hashed), profile photo, workspace name
• Lead data: contact details, property information, notes, and any other fields you enter about your leads. This is your business data; you control it.
• Billing info: handled by our payment processor (Lemon Squeezy); we do not store full payment details.

Information collected automatically

• Usage data: pages visited, actions taken, features used. Used to improve the Service and debug issues.
• Device info: browser type, operating system, IP address, timestamps
• Error reports: via Sentry, stripped of personal data (phone numbers and emails are redacted before sending)

2. How we use it

• Provide, maintain, and improve the Service
• Authenticate you and keep your account secure
• Process payments and send receipts
• Send transactional emails (sign-in verification, password reset, invitation, billing)
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not sell your personal data or use your lead data to train AI models.

3. Who we share it with

We share data only with service providers who help us run the Service:

• Supabase (database and authentication hosting)
• Vercel (app hosting)
• Lemon Squeezy (payment processing)
• Sentry (error tracking)
• Google (optional: only if you use Google Sign-In)

Each provider is contractually required to protect your data. We may also disclose information if required by law, to enforce our Terms, or to protect rights and safety.

4. Where your data is stored

Data is stored on servers operated by Supabase in the United States. If you are located outside the US, your data will be transferred to the US for processing.

5. How long we keep it

• Active accounts: for the duration of your subscription
• Cancelled accounts: 30 days after cancellation, then deleted
• Backups: retained for up to 30 days for disaster recovery
• Legal retention: some data may be retained longer where required by law (e.g., tax records)

6. Your rights

You can:

• Access your data by logging into your account
• Export your leads as CSV from the Leads page
• Correct any inaccurate information from your profile
• Delete your account from Settings → Danger zone. This permanently removes your data.
• Opt out of non-transactional emails (we currently only send transactional emails)

Residents of the EU, UK, and California have additional rights under GDPR / UK GDPR / CCPA. To exercise them, email support@pipelio.io.

7. Security

We use industry-standard security measures: encrypted connections (TLS), hashed passwords, row-level access controls, and regular security reviews. No system is perfectly secure, so we cannot guarantee absolute security, but we take it seriously.

8. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from children.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be emailed to account holders at least 14 days before they take effect.

10. Contact

Questions? Email support@pipelio.io.