⚠️ Template — not legal advice. This Privacy Policy is a working draft modeled on the Termly template, customized to Pipes.Run's actual data practices. Review with counsel before public launch. Remove this banner once approved.
Privacy

Privacy Policy

Last updated: 24 May 2026 · Applies to Pipes.Run desktop, cloud, and the marketing site at pipes.run

1. Who we are

Pipes.Run is a desktop application for building and running data pipelines on your own computer, with an optional cloud tier for always-on scheduling. The app is published by a small team based in Brooklyn, New York. You can reach us any time at hello@pipes.run.

2. What information we collect

2.1 The desktop app — nothing

The Pipes.Run desktop app does not phone home. It contains no analytics, no telemetry, no crash reporting, and no usage tracking. Your pipelines, run logs, chat history, and API keys are stored only on your machine (in ~/.pipesrun/ and your operating system's keychain). We never see them.

The single exception is an opt-in version check: at startup the app asks our marketing site for the latest released version number so it can tell you when an update is available. This request includes only the app version you're running — no user identifier, no IP-tied cookie, nothing personally identifying.

2.2 The cloud service — only what's needed to run it

If you buy a Pipes.Run Cloud subscription, we collect:

  • Account email — for sign-in (magic link) and billing receipts.
  • Pipeline configurations (the YAML you push) — so the cloud worker can run them.
  • Run logs and metadata — status, timestamp, row counts, error messages. Retained for 90 days, then deleted.
  • Billing data — handled by Stripe; we receive transaction confirmations and a customer ID, never your full card number.

We deliberately do not collect or store:

  • The LLM provider API keys your pipelines reference (you provide them at runtime via encrypted secrets storage; we cannot decrypt them outside your container).
  • The actual rows your pipelines produce — those are written to your destination database, not ours.
  • The contents of any data your pipelines fetch from third-party APIs.

2.3 The marketing site (pipes.run)

Standard server logs (IP, user agent, referrer, request path, timestamp) retained for 30 days for security and abuse prevention. No tracking pixels, no Google Analytics, no Facebook Pixel. If you submit your email to buy a license, we store it as described in §2.2.

3. How we use information

  • To deliver the service you paid for (run your pipelines on schedule, send your magic-link sign-in email).
  • To provide customer support when you email us.
  • To send transactional emails (purchase confirmation, password-less sign-in, run-failure alerts you opted into).
  • To enforce our Terms (e.g. block abusive use).

We do not use your data to train AI models. We do not sell your data. We do not advertise to you.

4. Third-party services we use

Cloud customers' data is processed by the following providers strictly for the purposes described:

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Google Cloud Platform — hosts our cloud worker + Postgres database (region: us-central1). Subject to GCP's privacy notice.
  • Resend (or similar transactional email provider) — sends magic-link emails + receipts.

No subprocessor receives more data than is needed to perform its function.

5. Where data is stored

Desktop data stays on your computer. Cloud data is stored on Google Cloud Platform infrastructure located in the United States. If you are located in the EEA, UK, or Switzerland, processing in the US relies on Standard Contractual Clauses where applicable.

6. Security

  • All cloud traffic uses TLS 1.2+ in transit.
  • The desktop app stores API keys in your operating system's keychain (macOS Keychain, etc.) — never in plaintext on disk.
  • Cloud-side secrets are envelope-encrypted with Google Cloud KMS; the keys to decrypt them are never written to disk.
  • License keys are signed and validated server-side at first launch and on each cloud sync.

No system is perfectly secure. If you believe you've found a vulnerability, please email hello@pipes.run — we'll respond within 48 hours.

7. Your rights

You can, at any time, by emailing hello@pipes.run:

  • Access a copy of all data we have about you.
  • Delete your account and all associated cloud data (pipelines, runs, billing records beyond legal retention requirements).
  • Export your pipelines as YAML (also available self-serve via the desktop app's "Backup workspace" button).
  • Cancel your Cloud subscription with no further charges.

EU/UK customers have additional rights under GDPR (objection, restriction, portability, complaint to a supervisory authority). California customers have rights under the CCPA (know, delete, opt out of sale — note: we don't sell data).

8. Data retention

  • Run logs: 90 days from the run, then deleted.
  • Pipeline configurations: until you delete the pipeline or close your account.
  • Account email + billing records: 7 years after account closure (US tax requirements).
  • Marketing site logs: 30 days.

9. Children

Pipes.Run is not intended for users under 13 (or 16 in the EEA/UK). We don't knowingly collect data from minors. If you believe a minor has signed up, email us and we'll delete the account.

10. Changes to this policy

When this policy changes materially, we'll email registered cloud customers at least 14 days before the change takes effect and update the "Last updated" date at the top. Continued use after the effective date constitutes acceptance.

11. Contact

Questions, requests, or complaints: hello@pipes.run. Mailing address available on request.