Legal document
Pipefork Privacy Policy
Privacy Policy
Last updated: 2026-06-27 Effective date: 2026-06-27 Service: Pipefork Website: https://pipefork.com Controller: Lybeck Labs, 3560007-3, Finland Contact: support@pipefork.com
1. Overview
This Privacy Policy explains how Pipefork collects, uses, stores, shares, and protects personal data when you use Pipefork's website, dashboard, API builder, API runtime, documentation, support channels, and related services.
This Privacy Policy applies where Pipefork acts as a data controller. Where Pipefork processes personal data contained in Customer Content, API requests, API responses, logs, or upstream data on behalf of a customer, Pipefork generally acts as a processor and the customer acts as controller.
2. Personal Data We Collect
Pipefork may collect and process the following categories of personal data.
2.1 Account Data
- name;
- email address;
- authentication metadata;
- organization or workspace name;
- role and workspace membership;
- account settings;
- login and session metadata.
2.2 Usage and Technical Data
- IP address;
- browser and device information;
- timestamps;
- pages and features used;
- audit and security events;
- API usage counters;
- request metadata;
- error messages and diagnostic data.
2.3 API and Workspace Data
Depending on how you use the Service, Pipefork may process:
- API project names;
- endpoint paths and methods;
- request and response schemas;
- mapping and transformation configuration;
- environment names;
- API key metadata;
- upstream connection metadata;
- logs and execution metadata;
- test payloads or sample data you provide.
2.4 Runtime and Log Data
When a published API is called, Pipefork may process runtime metadata such as:
- timestamp;
- workspace or tenant;
- API project;
- environment;
- endpoint;
- HTTP method;
- status code;
- duration;
- API key identifier;
- step-level success or failure;
- error messages.
Depending on your configuration, logs, payloads, headers, query parameters, endpoint paths, or upstream responses may contain personal data. You are responsible for avoiding unnecessary personal data, secrets, credentials, or sensitive data in logs and API payloads.
2.5 Billing Data
If you use paid features, Pipefork may process billing-related metadata such as:
- plan;
- subscription status;
- billing email;
- payment provider customer ID;
- invoices and payment status.
Full payment card details are normally processed by the payment provider and not stored by Pipefork.
2.6 Support and Communication Data
- messages you send to Pipefork;
- support requests;
- feedback;
- email communications;
- information needed to respond to your request.
3. Purposes and Legal Bases
Pipefork processes personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Creating and managing accounts | Contract |
| Providing the Service | Contract |
| Running API builder and runtime functionality | Contract |
| Authentication and security | Contract / legitimate interests |
| Logging, debugging, abuse prevention, and service reliability | Legitimate interests |
| Billing and subscription management | Contract / legal obligation |
| Customer support | Contract / legitimate interests |
| Product analytics and improvement | Legitimate interests / consent where required |
| Legal compliance | Legal obligation |
| Marketing communications | Consent or legitimate interests, depending on context |
4. Customer Content and Processor Role
If you use Pipefork to process personal data belonging to your own users, customers, employees, partners, or third parties, you are responsible for ensuring that you have a lawful basis and the right to process that data through Pipefork.
For such Customer Content, Pipefork generally acts as your processor. You instruct Pipefork to process Customer Content only to provide, secure, maintain, troubleshoot, and improve the Service, and as otherwise required by law.
Pipefork provides a Data Processing Addendum for Customer Content processed on behalf of customers. The DPA should be reviewed with legal counsel before broad public launch or paid commercial launch.
5. Cookies and Similar Technologies
Pipefork may use cookies and similar technologies for:
- authentication;
- session management;
- security;
- remembering preferences;
- analytics;
- product improvement.
Essential cookies are required for the Service to work. Optional analytics or marketing cookies will be used only where legally permitted and, where required, with consent.
6. Subprocessors and Recipients
Pipefork may share personal data with service providers that help operate the Service, such as:
- cloud hosting providers;
- database providers;
- runtime infrastructure providers;
- cache and queue providers;
- email delivery providers;
- analytics providers;
- error monitoring providers;
- payment processors;
- customer support tools;
- security and abuse prevention providers.
Examples may include Vercel, Supabase or Neon, Upstash, Stripe, Google Cloud, GitHub, and similar infrastructure or SaaS providers, depending on the final production setup.
Pipefork maintains a subprocessor registry that identifies production providers, purposes, data categories, and transfer basis to confirm before launch.
Workspace-configured BYOK LLM providers are treated as customer-selected processors or subprocessors. Runtime LLM processing is disabled by default. If a workspace admin enables Runtime LLM processing and configures an LLM provider, LLM steps may send prompts, request-derived data, upstream response data, and generated outputs to that provider according to the customer configuration. Customers are responsible for their lawful basis, user notices, provider terms, and any transfer safeguards for those customer-selected providers.
Pipefork does not sell personal data.
7. International Transfers
Some service providers may process personal data outside Finland, the EU, or the EEA.
Where personal data is transferred outside the EEA, Pipefork uses safeguards required by applicable data protection law, such as adequacy decisions, Standard Contractual Clauses, or other appropriate mechanisms.
8. Retention
Pipefork retains personal data only as long as necessary for the purposes described in this Privacy Policy.
Indicative retention periods:
| Data type | Retention |
|---|---|
| Account data | Until account deletion, plus limited backup/legal retention |
| Legal acceptance records | Document type, version, locale, content hash, action, context, and timestamps are retained while the account exists and longer only where needed for legal defense. IP address and User-Agent acceptance metadata are cleared after 180 days unless a legal/security hold applies |
| Workspace and API configuration | While workspace is active, unless deleted earlier |
| Workspace secrets | Active until rotated, disabled, or deleted by workspace admins. Pipefork-owned encrypted secret values are overwritten on disable/delete; customer-owned external providers follow the customer's provider retention, version destruction, audit log, backup, and recovery-window configuration |
| Runtime request logs in the Pipefork database | Free: 7 days; Starter: 30 days; Pro: 90 days; Internal/admin workspaces: 365 days, unless a shorter workspace override applies |
| Runtime step response cache | Disabled by default in production unless explicitly enabled; when enabled, workspace/runtime TTL caps default to 5 minutes and never exceed 24 hours |
| Cloud provider console logs for Cloud Run and Vercel | 30 days or shorter for platform-owned production deployments, unless a legal hold or security incident exception applies |
| Security logs | As needed for security, abuse prevention, and legal protection; provider console security logs follow the 30-day cloud log cap unless an exception applies |
| Billing records | As required by accounting and tax law |
| Support messages and internal support notes | Support messages are retained as needed for support history and legal protection. Internal workspace support notes expire after 730 days unless a legal or security hold applies |
| Support notes and admin audit logs | Free-text fields are minimized before storage where practical. Admin audit logs are retained for up to 7 years unless a longer legal or security hold applies |
| Backups | Deleted or overwritten according to backup rotation |
Runtime cloud logs are minimized by default and should not contain request bodies, response bodies, headers, API keys, raw secrets, raw request paths, query strings, or user-controlled upstream error text. Request-log payload/body debug logging, if enabled for troubleshooting, should be explicit, short-lived, and disabled for production by default.
Runtime step response caching can store full upstream step outputs. It is disabled by default for production runtimes unless explicitly configured, uses short TTL caps, and is invalidated when related secrets or project deployments are withdrawn or deleted.
Workspace secret values are write-only in Pipefork. Creating or updating an existing secret rotates the stored value and records a non-sensitive lifecycle audit event. Disabling a Pipefork-owned encrypted secret overwrites the encrypted value. When a workspace uses a customer-owned external secret provider, Pipefork requests provider-native deletion where supported; remaining provider versions, audit logs, backups, or recovery windows are governed by the customer's provider configuration.
9. Security
Pipefork uses reasonable technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, logging, backups, and operational security practices.
No service can guarantee absolute security. You are responsible for using strong authentication, protecting API keys, limiting workspace access, and avoiding unnecessary personal or sensitive data in API payloads and logs.
10. Your Rights
Depending on your location and applicable law, you may have rights to:
- access your personal data;
- correct inaccurate data;
- request deletion;
- restrict processing;
- object to processing;
- receive data in portable format;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
Requests can be sent to:
support@pipefork.com
11. Deletion Requests
You may request deletion of your account or personal data. Some data may be retained if required for legal, tax, accounting, security, abuse prevention, dispute resolution, or legitimate business purposes.
Customer Content processed on behalf of a workspace may need to be deleted or exported by the workspace owner or administrator.
12. Children
Pipefork is not intended for children or users under 18 years of age. Pipefork does not knowingly collect personal data from children.
13. Automated Decision-Making
Pipefork does not currently make decisions based solely on automated processing that produce legal or similarly significant effects on users.
14. Changes to This Privacy Policy
Pipefork may update this Privacy Policy from time to time. Material changes may be notified by email, dashboard notice, or other reasonable means.
15. Contact
For privacy questions or requests:
support@pipefork.com