Privacy Policy

Last Updated: January 01, 2026

Bleenco GmbH ("Pipelogic," "we," "us," or "our") is committed to protecting your privacy and handling your personal data with transparency, care, and respect. This Privacy Policy explains how we collect, use, share, and protect information about you when you access or use our platform at Pipelogic.ai and any associated subpages, subdomains, APIs, integrations, or services (collectively, the "Services").

By using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described here. This Policy is incorporated by reference into our Terms of Service. If you do not agree with this Policy, please discontinue use of the Services.

We may update this Policy from time to time. For material changes, we will notify you by email or in-product notification at least 30 days before the changes take effect. Your continued use of the Services after any update constitutes your acceptance of the revised Policy.

Definitions

For the purposes of this Privacy Policy:

"Account" means the user account you create to access the Services.
"Customer Content" means any backend configurations, inputs, outputs, files, datasets, or other content that you create, upload, or process through the Services, including your Deployed Apps.
"Personal Data" means any information that relates to an identified or identifiable individual, as defined under applicable privacy laws including the GDPR, CCPA/CPRA, and equivalent statutes. This includes, for example, your name, email address, IP address, usage identifiers, and any other information that can be linked to you.
"Service Data" means telemetry, logs, run statistics, performance metrics, error reports, and other technical and operational data generated through your use of the Services. Service Data does not include your Customer Content.
"Third-Party Providers" means external AI model providers, integration partners, infrastructure providers, and other third-party services that are connected to or underlie the Pipelogic platform.

Who This Policy Applies To

This Policy applies to:

Visitors to Pipelogic.ai and associated websites;
Users who create an Account and use the Services, including free and paid plan subscribers;
Partners, affiliates, and anyone who interacts with Pipelogic through our community, API, or partner programs.

This Policy does not apply to the privacy practices of Third-Party Providers or any third-party websites linked to from within our Services. We encourage you to review the privacy policies of any third-party service before providing them with your information.

Information We Collect

We collect information in three primary ways: directly from you, automatically through your use of the Services, and from third parties.

1. Information You Provide Directly

When you create an Account, subscribe to a plan, contact support, or otherwise interact with us, you may provide us with:

Account Information: Your name, email address, username, and password when you register.
Billing and Payment Information: Your billing name, address, and payment method details. All payment transactions are processed by Stripe, Inc. Pipelogic does not store full payment card numbers. We retain only the transaction details necessary for billing records, such as the amount, date, currency, and payment method type.
Profile Information: Any optional information you choose to add to your account profile, such as a company name, job title, or profile photo.
Communications: Messages, feedback, support requests, bug reports, feature suggestions, and any other content you send to us directly by email, in-product chat, or any other channel.
Community Contributions: Content you post publicly in Pipelogic community spaces, forums, the Launched showcase, or similar areas of the platform. Information posted to public areas may be visible to other users and the general public.
Survey and Event Responses: Information you provide when responding to surveys, registering for events or webinars, or participating in promotional programs.

2. Information Collected Automatically

When you access or use the Services, we automatically collect certain technical and usage data, including:

Device and Connection Information: Your IP address (used to infer approximate location at the city level only), browser type and version, operating system, device identifiers, screen resolution, and internet service provider.
Usage and Activity Data: Pages and features you access, backends you create, components you use, run events, integration connections, timestamps, session duration, clicks, and navigation paths within the Services.
Log Data: Server logs capturing access events, error codes, API requests, and debugging information. Log data is generally retained for up to 90 days unless required longer for security or legal purposes.
Session and Locale Data: We use strictly necessary session and locale cookies to keep users signed in and preserve language preferences.

3. Information Collected from Third Parties

We may receive information about you from third parties in the following circumstances:

Authentication Providers: If you choose to sign in using a third-party account (such as Google or GitHub), we receive basic profile information from that provider, such as your name and email address, in accordance with your privacy settings on that platform. We do not receive or store your passwords for third-party accounts.
Integration Partners: When you connect third-party tools (such as Discord, WhatsApp, or Gmail) to Pipelogic backends, we receive the data necessary to execute those integrations on your behalf.
Partner and Referral Programs: If you were referred to Pipelogic through a partner or affiliate, we may receive your name and contact details from that partner to fulfill the referral.
Publicly Available Sources: We may supplement Account information with data from publicly available sources to better understand our user base and improve our services.

Sensitive Data Restrictions

Pipelogic's Services are not designed to process sensitive categories of personal data. You agree not to upload, input, transmit, or otherwise process through the Services any of the following without first contacting us to establish appropriate safeguards:

Protected health information regulated under HIPAA or equivalent laws;
Government-issued identification numbers (such as Social Security numbers, passport numbers, or national identity numbers);
Full financial account numbers, payment card numbers, or banking credentials;
Biometric data regulated under BIPA or similar laws;
Personal data relating to children under the age of 13;
Precise real-time geolocation data of individuals.

If your use case requires processing sensitive data in a compliant manner (for example, under a HIPAA Business Associate Agreement or GDPR Data Processing Agreement), please contact us at support@pipelogic.ai to discuss our Enterprise plan options. Pipelogic disclaims all liability for any harm arising from the submission of sensitive data in violation of this section.

How We Use Your Information

We use the information we collect for the following purposes, always on the basis of a valid legal ground:

Providing and Operating the Services To create and manage your Account, execute your backends, deploy your applications, process your transactions, and deliver the features and functionality of the platform.
Improving and Developing the Services To analyze usage patterns, diagnose bugs, measure performance, conduct research, and develop new features, components, and integrations. Where feasible, this analysis is performed on de-identified or aggregated data.
Personalization To tailor the Services to your preferences, recommend relevant templates, components, or integrations, and optimize your experience within the platform.
Security and Fraud Prevention To detect, investigate, and prevent unauthorized access, abuse, fraud, and other illegal or harmful activity on the platform.
Billing and Account Management To process payments, manage subscription plans, enforce plan limits, send billing statements, and handle upgrades, downgrades, and cancellations.
Communications To send transactional messages (such as account confirmations, security alerts, and billing notices), product updates, feature announcements, and, where you have opted in, marketing communications. You may opt out of marketing emails at any time using the unsubscribe link or your account settings.
Legal Compliance and Defense To comply with applicable laws and regulations, respond to lawful governmental and legal requests, enforce our Terms of Service, and protect our rights, property, and users.
Aggregate Analytics To generate anonymized and aggregated insights about how the platform is used, which may be used internally or shared in aggregate form with partners or the public.

We do not use your Customer Content to train general-purpose AI models that benefit other customers unless you direct us in writing for that specific use.

Legal Bases for Processing

We process your Personal Data only where a valid legal ground applies. The legal bases we rely on are:

Performance of a Contract: Processing necessary to provide the Services you have requested under our Terms of Service, including creating your Account, executing backends, and processing payments.
Legitimate Interests: Processing for our legitimate business interests, including securing the platform, detecting fraud, generating aggregate analytics, improving the Services, and marketing, provided these interests are not overridden by your privacy rights.
Legal Obligation: Processing necessary to comply with applicable laws, regulations, court orders, or government requests.
Vital Interests: In rare cases, processing to protect an individual's vital interests, such as responding to an emergency.

Where you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may contact us to ask which specific legal basis applies to any particular processing activity.

We do not sell your Personal Data to third parties. We share your information only in the following circumstances:

Third-Party Providers and Subprocessors

We share information with third-party service providers who help us operate, maintain, and improve the Services. These providers may include:

Infrastructure and Hosting: Cloud infrastructure providers (such as AWS) that host and run the platform.
Payment Processing: Stripe, Inc. for processing subscription payments and billing.
AI Model Providers: When you use AI components within Pipelogic (such as OpenAI, Anthropic Claude, Google Gemini, or Mistral), your prompts and relevant context are transmitted to those providers to generate outputs. These transmissions are made on your behalf and are governed by the respective provider's privacy policies.
Analytics Providers: Services used to analyze platform performance and usage patterns.
Customer Support Tools: Services used to manage and respond to support tickets.
Email Delivery Services: Services used to send transactional and promotional emails.

All subprocessors are contractually required to handle your data in accordance with applicable data protection laws and to use it only for the specific purpose for which it was shared.

Business Partners and Community

If you participate in our Partner Program, affiliate program, or publicly share backends and content in the Pipelogic community or Launched showcase, relevant information may be visible to or shared with partners or other users as part of that program or community feature.

Legal Disclosures

We may disclose your information when we reasonably believe disclosure is necessary to: comply with a valid legal process (such as a subpoena, court order, or regulatory demand); protect the rights, property, or safety of Pipelogic, our users, or the public; investigate or prevent fraud, abuse, or security incidents; or enforce our Terms of Service. Where permitted by law, we will notify you before disclosing your information in response to a legal request.

Corporate Transactions

If Pipelogic is involved in a merger, acquisition, sale of assets, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you of any such change and ensure that your information remains protected under terms consistent with this Policy.

At Your Direction

We may share your information with third parties in additional ways when you direct us to do so.

Your Customer Content

Ownership. You retain all ownership rights in your Customer Content, including the backends, and applications you build using Pipelogic.
License for Service Delivery. By using the Services, you grant Pipelogic a limited, non-exclusive, worldwide, royalty-free license to host, process, store, and transmit your Customer Content solely to the extent necessary to provide the Services to you.
Public Sharing. If you choose to make any backends template, or content publicly available within Pipelogic (for example, through the community gallery or the Launched showcase), other users may view, use, and build upon that content. You may specify an applicable license when sharing. If no license is specified, shared content may be used by others for non-commercial purposes with attribution to you.
AI Output. Outputs generated by AI models through your use of Pipelogic are owned by you, subject to any applicable third-party rights in the underlying models. Pipelogic does not claim ownership of your AI-generated outputs.
Feedback. Any suggestions, ideas, or feedback you submit to Pipelogic may be used by us freely without any obligation to you.

Data Security

We implement industry-standard technical and organizational measures to protect your Personal Data from unauthorized access, disclosure, alteration, loss, or destruction. These include:

Encryption in Transit: All data transmitted between your browser or API client and our servers is protected using TLS encryption.
Encryption at Rest: Customer Content and Personal Data stored in our systems are encrypted at rest.
Access Controls: Role-based access controls, multi-factor authentication requirements for staff, and regular access reviews to ensure only authorized personnel can access your data.
Security Monitoring: Continuous monitoring, centralized logging, and regular security assessments to detect and respond to threats.
Incident Response: A documented incident response process. In the event of a confirmed data breach affecting your Personal Data, we will notify you as required by applicable law, generally within 72 hours of becoming aware of the breach.
Vendor Oversight: All third-party subprocessors are evaluated for security practices and are contractually bound to maintain appropriate safeguards.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for enabling available security features such as multi-factor authentication.

If you believe your account has been compromised, please contact us immediately at support@pipelogic.ai.

Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Policy or as required by applicable law.

Data Type	Retention Period
Account and Profile Information	Duration of your account, plus 90 days after deletion
Billing and Transaction Records	7 years (for accounting and legal compliance)
backend and Customer Content	Duration of your account, deletable upon request
Log and Telemetry Data	Up to 90 days
Run History	Per your plan (Free: 7 days; Pro: 90 days; Team/Enterprise: 1+ year)
Communications and Support Records	3 years from last contact
Aggregated and Anonymized Data	Indefinitely (as it cannot identify you)

When you delete your Account, we will delete or anonymize your Personal Data within 30 days, except where we are required to retain it for fraud prevention, legal compliance, audit purposes, or defense of legal claims. Data in backup systems may persist for an additional period before being permanently removed.

To request deletion of your data, contact us at support@pipelogic.ai.

Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect or solicit Personal Data from anyone under 18. By using the Services, you represent that you are at least 18 years old.

If we discover that we have collected Personal Data from a child under 18 without verifiable parent or guardian authorization, we will promptly delete that information. If you believe we may have collected data from a minor, please contact us immediately at support@pipelogic.ai.

Your Privacy Rights and Choices

Depending on where you are located, you may have the following rights regarding your Personal Data. To exercise any of these rights, please contact us at support@pipelogic.ai. We will verify your identity and respond within 30 days, or within the period required by applicable law.

Rights Available to All Users

Right to Access: Request a copy of the Personal Data we hold about you and information about how we use it.
Right to Correction: Request that we correct any inaccurate or incomplete Personal Data we hold about you.
Right to Deletion: Request that we delete your Personal Data, subject to our legal obligations and retention requirements described above.
Right to Data Portability: Request that we provide your Personal Data in a structured, commonly used, and machine-readable format so you can transfer it to another service.
Opt-Out of Marketing Communications: You may unsubscribe from marketing emails at any time using the unsubscribe link in any such email or by updating your communication preferences in your account settings. You will continue to receive transactional and administrative messages.

Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, UK GDPR, or revFADP:

Right to Restrict Processing: Request that we restrict the processing of your Personal Data in certain circumstances.
Right to Object: Object to our processing of your Personal Data where we rely on legitimate interests as our legal basis.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority, including the Irish Data Protection Commission, the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner (FDPIC), if you believe we have not handled your data in accordance with applicable law.

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: The right to request disclosure of the categories and specific pieces of Personal Data we collect about you, the sources from which we collect it, the purposes for which we use it, and the categories of third parties with whom we share it.
Right to Delete: The right to request deletion of your Personal Data, subject to certain legal exceptions.
Right to Correct: The right to request correction of inaccurate Personal Data.
Right to Opt Out of Sale or Sharing: Pipelogic does not sell your Personal Data, nor do we share it for cross-context behavioral advertising as defined under the CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California rights, contact us at support@pipelogic.ai or by mail at the address below. We may need to verify your identity before processing your request. Authorized agents may submit requests on your behalf with your written permission.

Categories of Personal Data We Collect

Category	Examples	Collected?
Identifiers	Name, email, username, IP address	Yes
Commercial Information	Subscription plan, purchase history	Yes
Internet/Network Activity	backend activity, feature usage, run logs	Yes
Inferences	Platform preferences, usage patterns	Yes
Financial Information	Payment card details (processed by Stripe only)	Limited
Sensitive Personal Information	Government IDs, health data, biometrics	No (prohibited)
Geolocation	City-level only, inferred from IP	Approximate only

We do not sell any of these categories of Personal Data. We do not share Personal Data for cross-context behavioral advertising.

Third-Party AI Provider Transparency

When you use AI model components within Pipelogic (such as OpenAI GPT-4o, Anthropic Claude, Google Gemini, or Mistral), your inputs, prompts, and related context are transmitted to the applicable provider's API to generate the output you requested. These transmissions are made on your behalf, at your direction.

Each AI provider maintains their own privacy policies and data processing terms. We encourage you to review them:

OpenAI: openai.io/policies/privacy-policy
Anthropic: anthropic.io/privacy
Google (Gemini): policies.google.io/privacy
Mistral: mistral.ai/privacy
Hugging Face: https://huggingface.co/privacy

Pipelogic does not retain the raw content of your AI prompts or model outputs beyond what is necessary to execute your backends and provide the Services, unless you explicitly save that content within your workspace. We do not use your prompts or outputs to train AI models for the benefit of other customers unless you direct us in writing for that specific use.

Links to Third-Party Websites and Services

The Services may contain links to third-party websites, tools, and services that are not owned or controlled by Pipelogic. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service before providing your information. Pipelogic is not responsible for the privacy practices of external services.

Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature. Because there is currently no industry-wide standard for how to respond to DNT signals, Pipelogic does not currently alter its data collection practices in response to DNT browser settings. We do, however, honor the Global Privacy Control (GPC) signal as an opt-out of analytics and non-essential data collection where required by applicable law.

Governing Law

This Privacy Policy is governed by and construed in accordance with the German laws, without regard to its conflict of law principles. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Munich, Germany, consistent with our Terms of Service.

For EEA, UK, and Swiss residents, international data transfers are governed by the Standard Contractual Clauses referenced in the "International Data Transfers" section above. Mandatory data protection rights under your local law are not affected by this Policy.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or the Services. We will post any revised Policy at pipelogic.ai/privacy and update the "Last Updated" date at the top of this page.

For material changes that reduce your rights or expand our processing purposes, we will provide at least 30 days' advance notice via email to the address associated with your Account, or through a prominent in-product notification.

If you do not agree to a material change, you may close your Account before the change takes effect. Your continued use of the Services after the effective date of any change constitutes your acceptance of the revised Policy.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Bleenco GmbH, Attn: Privacy Team, Dachauer Strasse 44, 80335 Munich

Email: support@pipelogic.ai Security concerns: support@pipelogic.ai Legal notices: support@pipelogic.ai

We aim to respond to all verified data subject requests within 30 days of receipt, or within the period required by applicable law. If your request requires additional time, we will notify you of the delay and the reason for it.

By using Pipelogic, you confirm that you have read and understood this Privacy Policy.