Privacy Policy

Last updated: April 7, 2026

Overview

Pipeworx ("we", "our", "us") is operated by Mojibake Inc. This policy describes how we collect, use, and protect information when you use pipeworx.io and the Pipeworx API gateway.

Information We Collect

Account Information

When you sign up via GitHub OAuth, we receive your GitHub username, email address, and avatar URL. We use this to create and manage your account.

OAuth Connections

When you connect third-party services (e.g., Google Sheets, Salesforce, Jira, Slack), we store encrypted OAuth tokens to access those services on your behalf. Tokens are encrypted at rest using AES-256-GCM. We do not store your passwords for any connected service.

API Usage

We log API requests for rate limiting, billing, and monitoring purposes. Logs include timestamps, tool names, response status codes, and anonymized identifiers. We do not log the content of your API requests or responses.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or payment details directly. Stripe's privacy policy applies to payment data.

How We Use Your Information

  • To authenticate you and provide access to the Pipeworx gateway
  • To connect to third-party services you authorize
  • To enforce rate limits and usage-based billing
  • To monitor service health and prevent abuse
  • To communicate important service updates

Data Sharing

We do not sell your personal information. We share data only:

  • With third-party services you explicitly connect (using your encrypted OAuth tokens)
  • With Stripe for payment processing
  • When required by law or to protect our rights

Data Storage and Security

Data is stored on Cloudflare Workers KV, Supabase (PostgreSQL), and Upstash (Redis). OAuth tokens are encrypted at rest with AES-256-GCM. All data is transmitted over HTTPS.

Data Retention

Account data is retained as long as your account is active. You can delete your account and all associated data by contacting us. OAuth tokens are deleted immediately when you disconnect a service.

Your Rights

You can:

  • View and manage your connected services on the account page
  • Disconnect any third-party service at any time
  • Request deletion of your account and all associated data
  • Request a copy of your data

Cookies

We use a session cookie for authentication. We do not use tracking cookies or third-party analytics.

Changes

We may update this policy from time to time. Material changes will be communicated via the website.

Contact

For privacy questions or data requests, contact us at [email protected].