Privacy Policy

As of March 31, 2026

Protecting your personal data is important to us. This Privacy Policy explains what data we collect, how we process it, and what rights you have. It applies to the use of the website pipelime.app and all related services (hereinafter "Service" or "Platform").

We process personal data exclusively in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

1. Data Controller

The data controller is:

ZASolution — Ayrton Zinnanti c/o Block Services Stuttgarter Str. 106 70736 Fellbach, Germany

Email: hello@pipelime.app

We have not appointed a Data Protection Officer. For data protection inquiries, please contact the email address above.

2. Controller vs. Processor

When you visit our website or we manage the business relationship with you, we act as the data controller under the GDPR.

When we provide our services to our customers — in particular managing contact lists and sending email campaigns — we act as a data processor under Art. 28 GDPR. Our customers are the data controllers for the personal data they upload and process. Our customers are responsible for:

  • complying with all applicable data protection laws,
  • obtaining the necessary consents from data subjects,
  • ensuring they are authorized to use the personal data for the defined purposes,
  • refraining from any unauthorized use.

3. Personal Data Collected

3.1 Account Registration and Usage

When you sign up for and use our Service, we collect and process:

  • Account data: email address, name (optional), username (optional), profile image (optional), language preference, timezone
  • Authentication data: password hash, passkey credentials (public key, device type), OAuth connections (Google, GitHub), two-factor authentication data (TOTP secret, backup codes)
  • Session data: IP address, user agent (browser/device information), session token, login timestamps
  • Organization data: organization name, member roles (owner/admin/member), invitations

3.2 Service Usage Data

During use of the Service, the following data is processed:

  • Connected email accounts: email address, display name, encrypted OAuth access and refresh tokens, sending limits and statistics
  • Contact and company data: email addresses, phone numbers, names, job titles, industry information, location, social media profiles (LinkedIn, Twitter/X, Xing, Instagram), website URLs, custom fields
  • Campaign data: campaign name, email steps (subject, body), schedules, execution status
  • Tracking data: timestamps for email opens, link clicks, replies, and bounces (see Section 6 — Email Tracking)
  • Webhook configurations: endpoint URLs, delivery logs

3.3 Payment Data

Payments are processed through our payment provider Polar. We only store customer IDs, subscription IDs, and subscription status. Complete payment information (e.g., credit card numbers) is processed exclusively by Polar and is not stored on our systems.

3.4 Log Data

Each time you access our Platform, the following data is automatically collected:

  • IP address
  • Date and time of access
  • User agent (browser, operating system)
  • Page/function accessed

3.5 Website Visit Data

When visiting our marketing website, we use OpenPanel as a self-hosted analytics tool (see Section 9). No data is transmitted to third-party analytics services.

3.6 Sensitive Data

Our services are not designed to process sensitive personal data (e.g., health data, political opinions, religious beliefs, social security numbers). Please do not upload such data to our Service.

4. Purposes and Legal Bases

4.1 Contract Performance (Art. 6(1)(b) GDPR)

  • Providing and operating our services (account management, email sending, campaign management)
  • Payment processing and subscription management
  • Customer support
  • Sending transactional emails (account verification, password resets, invitations)

4.2 Legitimate Interest (Art. 6(1)(f) GDPR)

  • Improving and developing our services
  • Usage analysis for troubleshooting and optimization
  • Ensuring the security and integrity of our Platform (logging, audit logs)
  • Abuse prevention and detection of prohibited use
  • Error monitoring and resolution (Sentry)

4.3 Consent (Art. 6(1)(a) GDPR)

  • Use of non-essential cookies (where applicable)
  • Newsletter and marketing communications (where you have consented)
  • Linking OAuth accounts (Google, GitHub) and granting Gmail access permissions

4.4 Legal Obligations (Art. 6(1)(c) GDPR)

  • Compliance with tax-related retention obligations
  • Responding to government requests
  • Processing data subject rights requests

5. Recipients and Processors

We only share personal data when necessary to provide our services, when you have consented, or when legally required. We do not sell your data to third parties.

We use the following service providers (processors):

| Provider | Purpose | Location | |---|---|---| | Hetzner | Server hosting, databases, OpenPanel hosting | EU (Germany/Finland) | | Neon | PostgreSQL database | EU | | Upstash | Redis (cache and session management) | EU | | Polar | Payment processing and subscription management | EU | | Resend | Transactional emails (account confirmations, password resets) | EU/US* | | Trigger.dev | Background tasks and job scheduling | EU | | Sentry | Error monitoring and application monitoring | EU/US* | | Google Gmail API | Email sending and receiving on behalf of the user | US* | | GitHub OAuth | Authentication (social login) | US* |

* For transfers to the US, the provisions in Section 7 apply.

We ensure that appropriate data processing agreements pursuant to Art. 28 GDPR are in place with all processors.

Disclosure to Third Parties

We only share your data if:

  • you (or your account administrator) expressly request or authorize disclosure,
  • disclosure is necessary to fulfill services you have requested,
  • we are compelled by a government authority, court, or by law,
  • it is necessary for the establishment, exercise, or defense of legal claims.

6. Email Tracking

Our Service provides campaign tracking features that our customers can use for their email campaigns:

6.1 Open Tracking

Campaign emails may include a transparent 1×1 pixel image (tracking pixel). When a recipient opens the email and images are loaded, the timestamp of the first opening is recorded. Subsequent openings are not recorded again.

6.2 Click Tracking

Links in campaign emails may be routed through our servers. When clicked, the timestamp of the first click is recorded, and the recipient is immediately redirected to the destination URL. Unsubscribe links are not tracked.

6.3 Reply and Bounce Detection

Through Gmail API integration, replies and bounces are automatically detected and logged with timestamps.

Note

These tracking features are used by our customers (the data controllers). As the data processor, we provide the technical infrastructure. Responsibility for the lawful use of these features lies with our customers.

7. Google API Data & Limited Use Disclosure

7.1 Google API Services User Data Policy

Pipelime's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7.2 What Google Data We Access

When you connect a Gmail account to Pipelime via OAuth 2.0, you grant us access to the following Google API scopes:

  • gmail.send — to send campaign emails and test emails on your behalf
  • gmail.readonly — to read incoming messages for automatic reply detection and bounce detection
  • userinfo.email and userinfo.profile — to identify your Google account during authentication

We do not request or access contacts, calendar, drive, or any other Google services.

7.3 How We Use Google Data

Google user data is used exclusively for the following purposes, which are core, user-facing features of the Service:

  • Sending emails: Campaign emails and test emails are sent through your connected Gmail account via the Gmail API.
  • Reply detection: Incoming messages are checked to detect replies to campaign emails. Only the message metadata (message ID, thread ID, headers) is used for matching. We do not store the full content of incoming messages.
  • Bounce detection: Incoming messages are analyzed to detect delivery failure notifications (bounces). Bounced contacts are automatically added to the blocklist to protect your sender reputation.
  • Account identification: Your Gmail email address and display name are used to identify the connected email account within the Service.

7.4 Limited Use Requirements

In accordance with Google's Limited Use requirements:

  • Google user data is used only to provide and improve user-facing features that are prominent in Pipelime's user interface.
  • Google user data is not sold to third parties.
  • Google user data is not used for advertising, retargeting, or serving ads.
  • Google user data is not used for market research, email campaign analytics beyond the user's own campaigns, or profiling unrelated to the Service.
  • Google user data is not transferred to third parties except as necessary to provide the Service (e.g., sending through Gmail's own API), with user consent, for security purposes, or to comply with applicable laws.
  • Human access to Google user data is limited to: (a) cases where the user provides affirmative consent (e.g., customer support requests), (b) security investigations (e.g., investigating abuse), (c) compliance with applicable law, or (d) aggregated and anonymized internal operations where individual user data cannot be identified.

7.5 Storage and Deletion of Google Data

  • OAuth tokens (access and refresh tokens) are encrypted at rest and stored in our EU-based database. Tokens are deleted when the user disconnects the email account or deletes their account.
  • Message metadata (message IDs, thread IDs) used for reply and bounce matching is stored for the duration of the campaign execution and retained according to Section 10 (Data Retention).
  • Full message content is not stored. Message bodies are processed transiently for reply/bounce detection and discarded.
  • You can disconnect your Gmail account at any time from your account settings. Upon disconnection, OAuth tokens are immediately revoked and deleted.
  • Upon account deletion, all Google user data is deleted as described in Section 12 (Account Deletion).

7.6 Revoking Access

You can revoke Pipelime's access to your Google account at any time by:

  1. Disconnecting the email account in your Pipelime account settings, or
  2. Removing Pipelime's access from your Google Account permissions page.

Upon revocation, we immediately cease accessing your Google data and delete stored OAuth tokens.

8. International Data Transfers

All primary data is stored and processed exclusively on servers within the European Union (locations: Frankfurt and Ireland).

For certain processors (in particular Google Gmail API, GitHub, Resend, and Sentry), data may be transferred to the USA. These transfers are secured by:

  • The EU-U.S. Data Privacy Framework (European Commission adequacy decision of July 10, 2023), where the recipient is certified, or
  • Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

9. Cookies and Local Storage

8.1 Strictly Necessary Cookies

| Cookie | Purpose | Duration | |---|---|---| | Session cookie (Better Auth) | Authentication and session management | 30 days | | NEXT_LOCALE | Language preference | Session |

These cookies are strictly necessary for the operation of the Service and do not require consent (§ 25(2)(2) TDDDG).

8.2 Analytics (Website)

We use OpenPanel as a self-hosted analytics tool on our own servers (Hetzner, EU). No data is transmitted to external analytics services. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in improving our website.

8.3 Local Storage (Browser)

The Service uses browser local storage (localStorage) for non-sensitive UI preferences such as column settings and pagination preferences. No authentication tokens or personal data are stored in local storage.

10. Data Retention

| Data Category | Retention Period | |---|---| | Account and service usage data | Duration of service use, up to 3 years after account deletion (unless legal retention obligations apply) | | Payment data | 10 years after contract end (statutory retention obligation under German commercial/tax law) | | Audit logs | 3 years after creation | | Session data (IP, user agent) | Duration of session, up to 90 days | | Contact data in campaigns | Duration of service use by the customer; deleted upon customer account deletion | | Webhook delivery logs | 90 days | | Newsletter/marketing contacts | 3 years from last active contact | | Data subject rights request data | 3 years from processing of request |

After the retention period expires, data is deleted or irreversibly anonymized.

11. Your Data Protection Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided no legal retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you can request the restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to the processing of your data based on legitimate interests at any time. We will then cease processing your data unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR): You can withdraw any given consent at any time. The lawfulness of processing carried out before the withdrawal remains unaffected.

Exercising Your Rights

Contact us by email at hello@pipelime.app. We will process your request within 30 days. Proof of identity may be required for verification.

You can also view and edit much of your data directly in your account (account settings, contact list export, account deletion).

Right to Lodge a Complaint

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Lautenschlagerstraße 20 70173 Stuttgart, Germany Email: poststelle@lfdi.bwl.de

12. Account Deletion

You can delete your account at any time via account settings. Upon account deletion, the following data is cascadingly deleted:

  • Your user account and profile data
  • All sessions and authentication connections (OAuth, passkeys, 2FA)
  • Organizations you own (including all associated campaigns, contacts, connected email accounts, webhooks, and team memberships)
  • Active subscriptions are canceled through the payment provider

Data subject to legal retention obligations is retained until the respective period expires and then deleted.

13. Security

We employ state-of-the-art technical and organizational measures to protect your data:

  • Encryption in transit: All connections are TLS/HTTPS encrypted.
  • Encryption at rest: OAuth tokens (e.g., Gmail access tokens) are encrypted before storage in the database.
  • Passwords: Stored using bcrypt hashing; plaintext passwords are never stored.
  • Access control: Role-based access control (owner/admin/member); strict data isolation between organizations.
  • Webhook security: HMAC signing with rotating secrets.
  • Session security: Server-side session management with secure, HttpOnly cookies.
  • API security: Rate limiting, API key authentication with scoping.

Despite all measures, absolute security cannot be guaranteed. In the event of a data breach, we will notify you and the competent supervisory authority without undue delay in accordance with Art. 33 and 34 GDPR.

14. Third-Party Data (Contact Lists)

In the course of providing our Service, we have access to the contact lists you create in your account, as well as the content of emails you send through our Service. This data is stored on secure servers within the EU. Access is limited to the minimum necessary and serves exclusively for service provision and customer support.

You can download your contact lists at any time using the export function in your account. Contacts can be edited or deleted at any time.

We do not sell, share, or rent your contact lists to third parties, nor do we use them for any purposes other than those set forth in this Privacy Policy.

If a recipient of emails sent through our Service requests modification or deletion of their personal data, we will honor that request after appropriate verification and inform you accordingly.

15. Users Outside the EU

15.1 General

Our Service is available to users worldwide. Regardless of your location, data processing is subject to the GDPR and German law.

15.2 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You can request information about the categories and specific personal data we have collected about you.
  • Right to delete: You can request the deletion of your personal data.
  • No sale of data: We do not sell your personal data and have not done so in the past.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at hello@pipelime.app.

15.3 Governing Law and Jurisdiction

This Privacy Policy and all related disputes are governed by the laws of the Federal Republic of Germany. The place of jurisdiction is Cologne (Köln), Germany, to the extent permitted by law.

16. Minors

Our Service is not directed at persons under 16 years of age. We do not knowingly collect personal data from minors. If you learn that a minor has provided us with personal data, please contact us immediately at hello@pipelime.app so that we can delete the data.

17. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time, particularly in response to changes in the legal framework or our services. Material changes will be communicated to you at least 30 days before taking effect via email or on our website.

We recommend reviewing this Privacy Policy regularly.

18. Contact

For data protection inquiries, contact us at:

ZASolution — Ayrton Zinnanti c/o Block Services Stuttgarter Str. 106 70736 Fellbach, Germany

Email: hello@pipelime.app