Pipeboard

Pipeboard Security One‑Pager

Overview

Pipeboard is designed with security and privacy as first principles. We limit what we collect, safeguard what we store, and give you control over your data.

How we protect your data

  • Minimal data collection: We store only what's needed to operate the product (for example, authentication tokens and basic account metadata).
  • Encryption in transit: All traffic uses HTTPS/TLS.
  • Access controls: We apply least‑privilege access and database Row Level Security so users can access only their own records.
  • Short‑lived caching only: Advertising data may be cached briefly to improve reliability and performance. We do not warehouse ad data. To speed up Insights, we may store your ad account list and recent 7‑day aggregate metrics with a creation timestamp; this cache is per‑user and protected by RLS.
  • Your control: You can disconnect or delete your data at any time. Removing Pipeboard from Facebook Business Integrations or deleting your account removes our access.

Authentication & access model

  • Sign‑in options: Login via OAuth providers such as Facebook, GitHub, or your corporate SSO (SAML/OIDC).
  • Facebook OAuth for Ads access: We obtain the tokens required to read your Ads/Insights and perform permitted actions. Tokens are stored securely and can be revoked by you at any time via Facebook Business Integrations.
  • The MCP gateway authenticates with your Pipeboard session/API token. Your Meta token is resolved and injected server‑side only when needed.
  • We do not share your Meta credentials with MCP clients or LLM providers.

Third‑party providers

  • Payments: Stripe processes payments; we do not store card numbers.
  • LLM providers: Pipeboard does not send your Meta Ads data to LLMs. Any transmission to an LLM is performed by your chosen MCP client (e.g., Claude, Cursor) under its settings and policies.

AI and model training

  • Current stance: We do not use customer content or connected Meta Ads data to train AI models today.
  • Future features: If we introduce model‑improving features, we will provide advance notice and an account‑level opt‑out before using customer content for that purpose. Unless you opt out, your content may be used to improve those features. You can opt out at any time.

Compliance posture

  • SOC 2: Not yet certified; on our roadmap. We can support vendor reviews with a security summary, subprocessor list/DPA, and your questionnaire.

Incident response

We investigate reports promptly and notify affected customers consistent with legal requirements and our commitments. Please report issues to the address below.

Contact

ARTELL SOLUÇÕES TECNOLÓGICAS LTDA
privacy@pipeboard.co
https://pipeboard.co