Pipeboard

Pipeboard Security Two‑Pager

Pipeboard is an MCP Server that lets LLM‑enabled interfaces (for example, Claude Pro or Cursor) securely answer questions about, and help manage, your Meta Ads. Through MCP, assistants discover Pipeboard’s tools and resources to retrieve metrics, explain performance, and automate permitted tasks—without exposing your credentials.

High‑level data flow

Claude Pro / LLM Client
asks Meta Ads questions
Pipeboard
MCP Server (tools/resources)
Meta/Facebook API
Ads, Insights, Accounts

Overview

Pipeboard is designed with security and privacy as first principles. We limit what we collect, safeguard what we store, and give you control over your data.

How we protect your data

  • Minimal data collection: We store only what's needed to operate the product (for example, authentication tokens and basic account metadata).
  • Encryption in transit: All traffic uses HTTPS/TLS.
  • Access controls: We apply least‑privilege access and database Row Level Security so users can access only their own records.
  • Short‑lived caching only: Advertising data may be cached briefly to improve reliability and performance. We do not warehouse ad data. For faster Insights reports, we may store your ad account list and recent 7‑day aggregate metrics with a creation timestamp. This cache is per‑user and guarded by Row Level Security (RLS).
  • Your control: You can disconnect or delete your data at any time. Removing Pipeboard from Facebook Business Integrations or deleting your account removes our access.

MCP & authentication at a glance

  • Sign‑in options: Login via OAuth providers such as Facebook, GitHub, or your corporate SSO (SAML/OIDC).
  • Facebook OAuth for Ads access: We obtain the tokens required to read your Ads/Insights and perform permitted actions. Tokens are stored securely and can be revoked by you at any time via Facebook Business Integrations.
  • The MCP gateway authenticates with your Pipeboard session/API token. Your Meta token is resolved and injected server‑side only when needed.
  • We do not share your Meta credentials with MCP clients or LLM providers.

Third‑party providers

  • Payments: Stripe processes payments; we do not store card numbers.
  • LLM providers: Pipeboard does not send your Meta Ads data to LLMs. Any transmission to an LLM is performed by your chosen MCP client (e.g., Claude, Cursor) under its settings and policies.

AI and model training

  • Current stance: We do not use customer content or connected Meta Ads data to train AI models today.
  • Future features: If we introduce model‑improving features, we will provide advance notice and an account‑level opt‑out before using customer content for that purpose. Unless you opt out, your content may be used to improve those features. You can opt out at any time.

Compliance posture

  • SOC 2: Not yet certified; on our roadmap. We can support vendor reviews with a security summary, subprocessor list/DPA, and your questionnaire.

Incident response

We investigate reports promptly and notify affected customers consistent with legal requirements and our commitments. Please report issues to the address below.

Contact

ARTELL SOLUÇÕES TECNOLÓGICAS LTDA
privacy@pipeboard.co
https://pipeboard.co