Legal
Privacy Policy
Effective date: 1 July 2026
At Pipely we take your privacy seriously. This Privacy Policy explains what personal data we collect when you use Pipely ("Service"), how we use and protect it, and what rights you have over it.
Pipely ("we", "our", or "us") is the data controller responsible for your personal data. If you have questions, contact us at privacy@pipely.app.
1. Data We Collect
We collect data in the following ways:
1.1 Account & Identity Data
When you register or sign in, we collect:
- Name — to personalise your experience.
- Email address — to identify your account, send transactional emails (password resets, important notices), and for support.
- Authentication provider data — if you sign in via Google, we receive a Google user ID, name, email, and profile picture URL.
1.2 Pipeline & Inbox Data
The core of Pipely is the data you create or import:
- Pipeline items — job applications, sales leads, companies, contacts, stages, notes, and any other content you add to your boards.
- Connected inbox data — if you connect Gmail, we read email metadata (sender, subject, date, snippet) for emails that match your pipeline. We do not store the full body of emails on our servers; email content is processed transiently to extract pipeline signals and is then discarded.
1.3 Usage & Technical Data
- Log data — IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and other diagnostic data.
- Device data — device type, operating system, and screen resolution.
- Cookies & similar technologies — see Section 5.
1.4 Communications
If you contact us for support or send us feedback, we retain that correspondence to resolve your query and improve the Service.
2. How We Use Your Data
We use your data on the following legal bases:
Contract performance
To create and manage your account, deliver the core features of the Service (boards, pipeline tracking, inbox sync), process payments, and provide customer support.
Legitimate interests
To improve and secure the Service, detect and prevent fraud or abuse, analyse usage patterns (in aggregated / anonymised form), and send product update notifications. We balance these interests against your rights and will not override them.
Legal obligation
To comply with applicable laws, respond to lawful requests from public authorities, and enforce our Terms of Service.
Consent
For optional marketing communications or any processing not covered above. You can withdraw consent at any time.
3. Google API Data — Limited Use Disclosure
Pipely's use of data obtained from Google APIs is subject to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the features you explicitly requested (inbox syncing for pipeline tracking).
- We do not use Google user data for advertising, or to serve ads.
- We do not sell Google user data to third parties.
- We do not allow humans to read your Gmail data unless you have given us explicit permission, doing so is necessary for security purposes (e.g. investigating a bug or abuse report), or we are required to do so by law.
- We do not use Google user data to train machine-learning or artificial intelligence models.
4. Data Sharing & Disclosure
We do not sell your personal data. We may share your data only in the following circumstances:
4.1 Service Providers
We work with carefully selected third-party vendors who process data on our behalf under written data-processing agreements:
- Cloud infrastructure — hosting, storage, and database services (e.g. AWS, Vercel).
- Authentication — identity and session management providers.
- Payments — payment processors (we never store full card details).
- Analytics — privacy-respecting, aggregated usage analytics.
- Email delivery — transactional email services for account and system notifications.
4.2 Legal Requirements
We may disclose your data if required to do so by law, court order, or government authority, or if we believe in good faith that such action is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
If Pipely is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5. Cookies & Tracking
We use the following types of cookies:
| Type | Purpose | Can be declined? |
|---|---|---|
| Essential | Session management, CSRF protection, authentication tokens. | No — required for the Service to function. |
| Preference | Remembering your theme (light / dark) and UI preferences. | Yes, but the Service will revert to defaults. |
| Analytics | Aggregated, anonymised usage statistics to improve the Service. | Yes — opt out via our cookie banner or settings. |
We do not use advertising or cross-site tracking cookies.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:
- Account & pipeline data — retained until you delete your account, after which it is permanently deleted within 30 days.
- Log data — retained for up to 90 days for security and debugging purposes.
- Backup data — may persist for up to 60 days after deletion in encrypted backups before being permanently purged.
- Financial records — retained for 7 years to comply with tax and accounting obligations.
7. Data Security
We implement industry-standard technical and organisational measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256.
- Access to personal data is restricted to employees and contractors who need it to perform their job, and is governed by the principle of least privilege.
- We conduct periodic security reviews and promptly address vulnerabilities.
Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. If you believe your account has been compromised, contact us at security@pipely.app immediately.
8. International Data Transfers
Your data may be stored and processed in countries outside your own, including the United Kingdom, European Economic Area, and United States. Where we transfer data from the EEA to third countries, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, email us at privacy@pipely.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or a EU supervisory authority).
California Residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of its "sale" or "sharing" (we do neither). We do not discriminate against you for exercising these rights. To submit a verified request, email privacy@pipely.app.
10. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by placing a prominent notice in the Service before the changes take effect. The updated policy will include a revised effective date. We encourage you to review this policy periodically.
12. Contact & Data Protection Officer
For any privacy-related questions, requests, or complaints:
Pipely — Privacy Team
Email: privacy@pipely.app
See also our Terms of Service.