Pipelean

Privacy Policy

Last updated: 3 May 2026

1. Who we are

Pipelean ("we", "us", "our") provides an operational platform that lets digital agencies manage their clients, requests, billing and team activity in one place. This Privacy Policy explains how we collect, use and protect personal data of users of the Pipelean Agency Hub (the "Service") accessible at agency.pipelean.io.

2. Data we collect

  • Account data: name, email, password hash, role, agency you belong to, profile picture (if uploaded).
  • Agency & client data: agency name, branding, clients you create, notes, requests, activity logs, subscription status.
  • Billing data: subscription identifiers, invoices and payment status. Card details are processed exclusively by our PCI-DSS certified payment provider and are never stored on our servers.
  • Integration data: when you connect a third-party workspace (e.g. Slack), we store the access token in encrypted form and the minimum metadata needed to deliver notifications you have configured.
  • Technical data: IP address, browser, device type, log timestamps, used to operate and secure the Service.

3. How we use the data

  • To provide, maintain and improve the Service.
  • To authenticate you and protect your account.
  • To process subscriptions and issue invoices.
  • To send transactional and operational notifications (in-app, email, Slack) based on the preferences you configure.
  • To comply with legal obligations and prevent abuse.

4. Legal basis (GDPR)

We process personal data on the basis of contract performance (Art. 6.1.b GDPR), legitimate interest in operating and securing the Service (Art. 6.1.f), consent where required (Art. 6.1.a) and legal obligations (Art. 6.1.c).

5. Data sharing

We do not sell personal data. We share data only with sub-processors strictly necessary to operate the Service: cloud hosting and database, transactional email provider, payment provider, and the integrations you explicitly connect (e.g. Slack). All sub-processors are bound by data protection agreements.

6. Data retention

Account and agency data are retained while your account is active and for up to 24 months after deletion for legal and accounting purposes. Billing records are retained for the period required by applicable tax law (typically 10 years).

7. Your rights

You can access, rectify, export or delete your personal data, restrict or object to processing, and lodge a complaint with your local supervisory authority. To exercise these rights write to privacy@pipelean.io.

8. Security

Data is encrypted in transit (TLS) and at rest. Sensitive secrets such as third-party access tokens are stored using authenticated encryption. Access to production systems is limited and logged.

9. International transfers

Some sub-processors may operate outside the EEA. In such cases we rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email at least 14 days in advance.

11. Contact

Pipelean — privacy@pipelean.io