Privacy Policy

1. Data protection at a glance

The following notes provide a simple overview of what happens to your personal data when you visit our website or use the Pipenest application. Personal data is any data with which you can be personally identified.

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and this privacy policy.

2. Controller

The controller responsible for data processing on this website and in the application is:

3. Hosting

This website is hosted on Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When you visit our website, Cloudflare automatically processes technical connection data, including your IP address, in order to deliver the site securely and reliably.

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure, fast and reliable website). Cloudflare acts as a processor on our behalf on the basis of a data processing agreement.

Further information can be found in the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

4. Account registration and user data

When you create a Pipenest account, we collect and process the following personal data: email address, name, and password (stored in hashed form). This data is required for contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Your account data is stored for the duration of your account's existence. Upon account deletion, your personal data will be permanently removed within 30 days, unless retention is required by law (e.g. tax or commercial retention obligations).

5. CRM data (user-entered content)

Within the Pipenest application, you may store lead data, contact information, notes, task checklists, and other business-related content. This data is entered and controlled by you. We process it solely on your behalf to provide the service (Art. 6 para. 1 lit. b GDPR — contract fulfillment).

If you store personal data of third parties (e.g. lead contact details) in Pipenest, you are the data controller for that data. You are responsible for ensuring that you have a valid legal basis (e.g. legitimate interest under Art. 6 para. 1 lit. f GDPR) for storing and processing this data.

We act as a data processor on your behalf for this data. Our processing is governed by our Terms of Service and applicable data protection law.

6. AI-powered features

Pipenest uses AI-powered features such as lead scoring and pitch email generation. These features process data you have entered (e.g. lead information, website URLs) to generate scores and text suggestions.

AI processing is performed to fulfill our contractual obligations (Art. 6 para. 1 lit. b GDPR). We may use anonymized and aggregated data to improve our AI models. No personally identifiable User Data is shared with third parties for AI training without your explicit consent.

You retain full control over AI-generated content. AI outputs are not automatically sent to any third party — you must review and trigger any actions (e.g. sending an email) yourself.

7. Payment processing

For paid plans, payment is processed by a third-party payment provider. We do not store full credit card numbers or bank account details on our servers. We only store a payment reference, plan type, and billing status.

The legal basis for processing payment data is Art. 6 para. 1 lit. b GDPR (contract fulfillment). The payment provider processes data under their own privacy policy as an independent controller or joint processor, depending on the service used.

8. Server log files

The hosting provider automatically collects and stores information in so-called server log files, which your browser transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. Legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically error-free presentation and optimization of the website).

9. Cookies and local storage

The marketing website (pipenest.app) uses the technical localStorage of your browser to save your language preference (key: "pipenest.lang"). This data is stored exclusively in your browser and is not transmitted to our server.

The Pipenest application (app.pipenest.app) uses cookies and/or local storage for session management and authentication. These are technically necessary for the service to function and are based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). No tracking cookies or third-party advertising cookies are used.

10. Google Fonts

This site uses Google Fonts for a uniform font display, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you call up a page, your browser loads the required fonts directly from a Google server. This transmits your IP address to Google.

Legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in a consistent and attractive presentation). You can find more information about Google Fonts at: https://developers.google.com/fonts/faq and in Google's privacy policy at: https://policies.google.com/privacy

If you would like to avoid this transmission, you can self-host the fonts on request — please contact us.

11. Data security

We use industry-standard security measures to protect your data, including TLS/SSL encryption for all data in transit, encrypted storage for sensitive data, and regular security reviews.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

12. Data retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy or as required by law. Account data is deleted within 30 days of account deletion. Server logs are retained for a maximum of 90 days. Payment records are retained for the legally required period (typically 10 years under German tax law).

13. Data transfers to third countries

Some of our service providers (e.g. Cloudflare, Google Fonts) may process data in countries outside the European Economic Area (EEA). We ensure that adequate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework, in accordance with Art. 46 GDPR.

14. Your rights

Under the applicable data protection law, you have the following rights at any time:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, please contact us at m.fafengut@chimpshift.com. We will respond to your request within 30 days.

15. Supervisory authority

The competent supervisory authority is the State Commissioner for Data Protection of Lower Saxony (Landesbeauftragte für den Datenschutz Niedersachsen), Prinzenstraße 5, 30159 Hannover, Germany.