Effective date: April 1, 2026 · Last updated: April 1, 2026
PipeForge ("we", "us", "our") operates the data pipeline automation platform available at https://www.pipeforge.net. We are the data controller for personal data collected through this platform.
Questions about this Privacy Policy or your personal data should be directed to: privacy@pipeforge.net
We collect the following categories of personal data:
When you add data connectors (e.g. Shopify, Snowflake, PostgreSQL), you provide API keys and credentials. These are encrypted at rest using AES-256 encryption and are only decrypted at runtime to execute your pipelines. We do not read, share, or use your connector credentials for any purpose other than executing the pipelines you explicitly trigger.
Your pipelines may extract, transform, and load data from your own systems (e.g. your Shopify orders, your database records). We act as a data processor for this data — it belongs to you. We process it only as instructed by your pipeline configurations and do not analyse, sell, or share it.
We use personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing and operating the Service | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Sending transactional emails (welcome, alerts, receipts) | Contract performance |
| Enforcing usage limits and plan restrictions | Contract performance |
| Improving and developing new features | Legitimate interests |
| Security monitoring and fraud prevention | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Sending product update emails (opted-in users only) | Consent |
We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.
We share data with the following trusted third parties who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Paddle | Payment processing & tax compliance | Name, email, subscription details |
| Anthropic (Claude AI) | AI pipeline generation | Your pipeline prompts |
| Resend | Transactional emails | Name, email address |
| Render | Cloud infrastructure & hosting | All data (processed in their data centres) |
| Vercel | Frontend hosting | IP address, browser metadata |
All third-party processors are contractually bound to process data only as instructed and to maintain appropriate security standards.
When you describe a pipeline in natural language, your prompt is sent to Anthropic's Claude API to generate the pipeline configuration and code. Anthropic's privacy policy governs how they handle API inputs. We do not send any of your Customer Data (pipeline execution data, connector credentials, or third-party records) to Anthropic — only the natural language prompt you type.
We do not use your prompts or generated pipelines to train our own AI models.
We retain personal data for as long as your account is active and as necessary to provide the Service. Specific retention periods:
Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users regardless of jurisdiction:
To exercise any of these rights, email privacy@pipeforge.net. We will respond within 30 days. We may need to verify your identity before processing requests.
If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR respectively. The legal bases for our processing are set out in Section 3.
Where we transfer personal data outside the EEA/UK (e.g. to US-based processors such as Anthropic, Render, and Vercel), we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.
You have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise your rights, contact privacy@pipeforge.net.
We use a minimal set of cookies necessary to operate the Service:
We do not use third-party advertising cookies, tracking pixels, or behavioural analytics tools. We do not use Google Analytics or similar surveillance-based analytics platforms.
We implement the following security measures to protect your data:
In the event of a data breach that affects your personal data, we will notify you and applicable regulators within 72 hours of becoming aware of it, where required by law.
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@pipeforge.net and we will take steps to delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice in the dashboard at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.
This Privacy Policy is governed by the laws of England and Wales. Any disputes arising in connection with this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where applicable consumer protection law in your country of residence provides otherwise.
For any privacy-related questions, data subject requests, or to report a concern:
PipeForge — Privacy Team
Email: privacy@pipeforge.net
Website: https://www.pipeforge.net
Response time: within 30 days