PIPEBOARD

Security & Privacy

Last updated: August 21, 2025

We built Pipeboard with security and privacy as first principles. This page summarizes our practices in plain language. For legal details, see our Privacy Policy andTerms of Service.

Data Minimization

  • We store only what is necessary to operate the product — typically authentication tokens and minimal user metadata.
  • We do not sell data or share it with third parties for marketing purposes.
  • Usage logs are anonymized to avoid storing personal or ad account identifiers.

Encryption & Transit Security

  • All data is transmitted over encrypted connections (HTTPS/TLS).
  • Sensitive data (like access tokens) is stored securely with industry‑standard encryption and access controls.

Access Controls

  • We enforce least‑privilege access across our services. Server operations use carefully scoped service roles.
  • Our database uses Row Level Security (RLS) so each user can only access their own records (e.g., API tokens, Meta access tokens, subscription/usage data).
  • Administrative features are gated and require explicit authorization.

Authentication & Sessions

  • We use secure authentication flows (including PKCE) and session management aligned with best practices.
  • You can also create scoped API tokens for programmatic access.

Third‑Party Services

  • Payments: Handled by Stripe. We do not store card numbers. Webhooks are verified using Stripe signature verification.
  • AI/LLM Providers: We send only the data required to fulfill your request to the LLM pipeline and configure providers with privacy‑preserving settings where available. Refer to each provider’s policy for details.

AI and Model Training

As of today, we do not use customer content or connected Meta Ads data to train AI models for product improvement. If we introduce “smart” features that benefit from learning across accounts, we will provide advance notice and an account‑level opt‑out before using customer content for that purpose. Unless you opt out, your content may be used to improve those features. You can opt out at any time via settings or by contacting us at privacy@pipeboard.co. We honor deletion requests, including removal of derived training artifacts where feasible. For hosted LLM providers, we send only what’s necessary and configure privacy‑preserving/no‑training settings where available.

Data Retention & Caching

  • Advertising data may be cached briefly to improve performance and reliability.
  • We do not retain ad data long‑term beyond what is necessary to provide the service. We may perform short‑lived processing of recent, relevant data to improve performance, reliability, and features. We only retain data longer with your explicit consent or configuration.
  • To support fast Insights report generation, we may store minimal reporting inputs (for example, your ad account list and recent 7‑day aggregate metrics) with a creation timestamp. This cache is per‑user and protected by Row Level Security (RLS). It is not used for marketing or shared with third parties.

Your Control & Data Deletion

You can delete your account and associated data at any time via settings or by requesting deletion via email. SeeUser Data Protectionfor step‑by‑step instructions.

  • Deleting your account removes API tokens, Meta access tokens, and auth states.
  • Revoking Pipeboard in Facebook Business Integrations also invalidates tokens.

Responsible Disclosure

If you believe you’ve found a security issue, please contact us and we’ll investigate promptly.

Contact

ARTELL SOLUÇÕES TECNOLÓGICAS LTDA
📧 privacy@pipeboard.co
🌐 https://pipeboard.co