# PipeRich Legal Documentation

> Complete legal documents and policies for PipeRich.

---

## [Acceptable Use Policy](/acceptable-use)





Acceptable Use Policy [#acceptable-use-policy]

<EffectiveDate date="2026-04-01" />

This Acceptable Use Policy ("AUP") describes the rules governing use of PipeRich's Services. By using our Services, you agree to comply with this AUP. This policy applies to all users, including customers, their employees, and any third party that uses the Services.

1\. Purpose [#1-purpose]

The purpose of this policy is to ensure that our Services are used responsibly and in a manner that does not harm PipeRich, our customers, or the broader internet community. PipeRich provides these Services to enable legitimate business and personal productivity. We ask all users to use the Services responsibly.

2\. Acceptable Use [#2-acceptable-use]

You may use our Services for any lawful purpose that is consistent with our Terms of Service and this AUP, including:

* Developing and deploying legitimate software applications and services
* Processing and analyzing data in support of your business operations
* Collaborating with colleagues and partners on work-related projects
* Testing and quality assurance activities within your allocated resources
* Any other lawful commercial or personal productivity purposes

3\. Prohibited Activities [#3-prohibited-activities]

You may not use our Services for any of the following:

3.1 Illegal Activity [#31-illegal-activity]

* Violating any applicable law, regulation, or ordinance
* Engaging in fraud, deception, or misrepresentation
* Infringing intellectual property rights of any party
* Processing, storing, or transmitting illegally obtained data
* Facilitating human trafficking, exploitation, or abuse

3.2 Harmful Content [#32-harmful-content]

* Distributing malware, ransomware, spyware, or other malicious code
* Generating or distributing spam, unsolicited bulk messages, or phishing content
* Creating or distributing content that is defamatory, harassing, or threatening
* Publishing or transmitting content that promotes hatred or violence against individuals or groups

3.3 Security Violations [#33-security-violations]

* Unauthorized access to, or interference with, any computer systems, networks, or data
* Port scanning, vulnerability scanning, or other reconnaissance without authorization
* Denial of service attacks or participation in botnets
* Intercepting communications not intended for you
* Attempting to circumvent authentication or security controls

3.4 Resource Abuse [#34-resource-abuse]

* Cryptocurrency mining without explicit written authorization
* Excessive resource consumption that degrades service for other users
* Circumventing usage limits, quotas, or billing mechanisms
* Reselling or sublicensing Services without authorization

3.5 Privacy Violations [#35-privacy-violations]

* Collecting or processing personal data in violation of applicable privacy laws
* Unauthorized collection of data from third-party websites (scraping)
* Storing sensitive personal data (passwords, financial data, health records) without appropriate security measures

4\. Enforcement [#4-enforcement]

PipeRich reserves the right to investigate suspected violations of this AUP and to take appropriate action, including:

* Suspending or terminating access to the Services
* Removing or disabling access to violating content
* Reporting violations to law enforcement authorities
* Pursuing civil remedies

We will use reasonable efforts to notify you before taking action, except in cases where immediate action is required to protect the security or integrity of our Services or other customers.

Violations of this AUP may also constitute a breach of our Terms of Service, which may result in termination of your account.

5\. Reporting Violations [#5-reporting-violations]

If you become aware of any violation of this AUP, please report it to:

**Email**: [abuse@piperich.com](mailto:abuse@piperich.com)

Please include as much detail as possible about the suspected violation, including relevant logs, URLs, or other supporting information. We take all reports seriously and will investigate promptly.

We will not retaliate against any person who, in good faith, reports a suspected violation of this AUP.

If you have questions about this policy, please contact us at [legal@piperich.com](mailto:legal@piperich.com).


---

## [Cookie Policy](/cookie-policy)





Cookie Policy [#cookie-policy]

<EffectiveDate date="2026-04-01" />

This Cookie Policy explains how PipeRich, Inc. ("PipeRich", "we", "us", or "our") uses cookies and similar tracking technologies when you visit our website or use our Services.

1\. What Are Cookies [#1-what-are-cookies]

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owner.

Cookies allow the website to recognize your device and remember certain information about your visit. Some cookies are deleted when you close your browser ("session cookies"), while others remain on your device for a longer period ("persistent cookies").

In addition to cookies, we may use similar technologies such as web beacons, pixel tags, local storage, and session storage.

2\. Types of Cookies We Use [#2-types-of-cookies-we-use]

2.1 Essential Cookies [#21-essential-cookies]

These cookies are strictly necessary for our website and Services to function. Without them, features like user authentication, session management, and security protection would not work. You cannot opt out of essential cookies.

| Cookie           | Purpose                                     | Duration |
| ---------------- | ------------------------------------------- | -------- |
| `session_id`     | Maintains your authenticated session        | Session  |
| `csrf_token`     | Protects against cross-site request forgery | Session  |
| `_piperich_auth` | Stores authentication state                 | 30 days  |

2.2 Analytics Cookies [#22-analytics-cookies]

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our website and Services.

| Cookie | Provider         | Purpose                             | Duration |
| ------ | ---------------- | ----------------------------------- | -------- |
| `ph_*` | PostHog          | Product analytics and feature usage | 1 year   |
| `_ga`  | Google Analytics | Website traffic analytics           | 2 years  |
| `_gid` | Google Analytics | Distinguishes unique users          | 24 hours |

You may opt out of analytics cookies through our cookie consent manager or by enabling "Do Not Track" in your browser settings.

2.3 Functional Cookies [#23-functional-cookies]

These cookies enable enhanced functionality and personalization. They may be set by us or by third parties whose services we have added to our pages.

| Cookie             | Purpose                                | Duration |
| ------------------ | -------------------------------------- | -------- |
| `theme_preference` | Stores your light/dark mode preference | 1 year   |
| `locale`           | Remembers your language preference     | 1 year   |
| `sidebar_state`    | Remembers sidebar open/closed state    | 30 days  |

3\. Managing Cookies [#3-managing-cookies]

3.1 Cookie Consent Manager [#31-cookie-consent-manager]

When you first visit our website, we will ask for your consent to use non-essential cookies. You can manage your cookie preferences at any time through our cookie consent manager, accessible via the cookie icon in the footer of our website.

3.2 Browser Settings [#32-browser-settings]

Most web browsers allow you to control cookies through browser settings. You can:

* View which cookies are stored on your device
* Delete individual or all cookies
* Block cookies from specific or all websites
* Set your browser to notify you when cookies are set

Please note that disabling cookies may affect the functionality of our website and Services.

3.3 Opt-Out Links [#33-opt-out-links]

For analytics providers, you may opt out using the following links:

* **Google Analytics**: [google.com/settings/ads](https://www.google.com/settings/ads)
* **PostHog**: Contact us at [privacy@piperich.com](mailto:privacy@piperich.com) to opt out

4\. Changes to This Policy [#4-changes-to-this-policy]

We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for other operational, legal, or regulatory reasons. Please revisit this page regularly to stay informed about our use of cookies.

The date at the top of this policy indicates when it was last updated. If we make significant changes, we will notify you more prominently.

5\. Contact Us [#5-contact-us]

If you have questions about our use of cookies or this Cookie Policy, please contact us at:

**Email**: [privacy@piperich.com](mailto:privacy@piperich.com)

You may also exercise any rights you have under applicable data protection law by contacting us at the above address.


---

## [Data Processing Agreement](/dpa)





Data Processing Agreement [#data-processing-agreement]

<EffectiveDate date="2026-04-01" />

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other written or electronic agreement between PipeRich, Inc. ("Processor") and the Customer ("Controller") for the purchase and use of the Services.

<FileDownload fileName="PipeRich-DPA-2026.pdf" fileUrl="#dpa-download" fileSize="245 KB" fileType="PDF" />

<SigningLink href="https://sign.piperich.com/dpa" label="Sign DPA" description="Enterprise customers can execute the DPA electronically via our signing portal." disclaimer="You will be redirected to our document signing portal. An authorized signatory from your organization is required." />

1\. Definitions [#1-definitions]

**"Controller"** means the entity that determines the purposes and means of processing Personal Data.

**"Processor"** means PipeRich, which processes Personal Data on behalf of the Controller.

**"Personal Data"** means any information relating to an identified or identifiable natural person.

**"Processing"** means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, erasure, or destruction.

**"Data Subject"** means an identified or identifiable natural person to whom Personal Data relates.

**"Subprocessor"** means any third party engaged by PipeRich to process Personal Data in connection with the Services.

**"Applicable Data Protection Law"** means all laws and regulations applicable to the processing of Personal Data, including the GDPR, CCPA, and other applicable national and state laws.

2\. Processing Details [#2-processing-details]

2.1 Subject Matter [#21-subject-matter]

PipeRich processes Personal Data solely for the purpose of providing the Services as described in the applicable Order Form and Terms of Service.

2.2 Duration [#22-duration]

PipeRich will process Personal Data for the duration of the Services agreement and for any additional period required by applicable law.

2.3 Nature and Purpose [#23-nature-and-purpose]

The nature and purpose of processing is to provide the Services, including hosting, storage, analytics, and related support activities.

2.4 Types of Personal Data [#24-types-of-personal-data]

The types of Personal Data processed may include: contact information (name, email, phone), usage data, and any Personal Data uploaded or submitted by Customer or its Users through the Services.

2.5 Categories of Data Subjects [#25-categories-of-data-subjects]

Data Subjects may include Customer's employees, contractors, customers, and other individuals whose Personal Data is submitted to the Services.

3\. Processor Obligations [#3-processor-obligations]

PipeRich shall:

* Process Personal Data only on documented instructions from the Controller
* Ensure that persons authorized to process Personal Data are bound by confidentiality
* Implement appropriate technical and organizational security measures
* Assist the Controller in responding to Data Subject requests
* Delete or return all Personal Data upon termination of Services
* Make available all information necessary to demonstrate compliance
* Notify the Controller without undue delay upon becoming aware of a Personal Data breach

4\. Sub-processing [#4-sub-processing]

4.1 Authorized Subprocessors [#41-authorized-subprocessors]

The Controller authorizes PipeRich to engage Subprocessors to process Personal Data. PipeRich maintains a current list of Subprocessors at [piperich.com/legal/subprocessors](/subprocessors).

4.2 Subprocessor Obligations [#42-subprocessor-obligations]

PipeRich shall impose data protection obligations equivalent to those set out in this DPA on all Subprocessors.

4.3 Changes to Subprocessors [#43-changes-to-subprocessors]

PipeRich will notify the Controller of any intended additions or replacements to Subprocessors with at least 30 days advance notice. The Controller may object to new Subprocessors in writing within 14 days of such notification.

5\. Data Subject Rights [#5-data-subject-rights]

PipeRich shall assist the Controller in fulfilling its obligations to respond to Data Subject requests for exercising rights of access, rectification, erasure, restriction, portability, and objection. PipeRich will promptly notify the Controller if it receives a request directly from a Data Subject.

6\. Security Measures [#6-security-measures]

PipeRich implements and maintains appropriate technical and organizational measures including:

* Encryption of Personal Data in transit (TLS 1.2+) and at rest (AES-256)
* Access controls and least-privilege principles
* Regular vulnerability assessments and penetration testing
* Employee security awareness training
* Incident detection and response capabilities
* Business continuity and disaster recovery procedures

7\. Audits and Inspections [#7-audits-and-inspections]

Upon Controller's reasonable written request, PipeRich shall provide relevant information necessary to demonstrate compliance with this DPA. PipeRich may satisfy audit requests by providing up-to-date third-party audit reports (SOC 2 Type II, ISO 27001) in lieu of Customer-initiated audits.

8\. Termination [#8-termination]

Upon termination of the Services, PipeRich shall, at the Controller's choice, delete or return all Personal Data and delete existing copies thereof, unless applicable law requires storage of Personal Data.


---

## [GDPR Compliance](/gdpr)





GDPR Compliance [#gdpr-compliance]

<EffectiveDate date="2026-04-01" />

PipeRich is committed to complying with the EU General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA). This page describes how we meet our obligations under the GDPR.

1\. Our Commitment [#1-our-commitment]

PipeRich takes data protection seriously and has implemented comprehensive measures to ensure compliance with the GDPR. We act as a data processor when processing personal data on behalf of our enterprise customers, and as a data controller for data we collect directly from our website visitors and users.

We have embedded privacy-by-design and privacy-by-default principles throughout our Services and internal processes.

2\. Lawful Basis for Processing [#2-lawful-basis-for-processing]

We process personal data only when we have a lawful basis for doing so. The lawful bases we rely upon include:

2.1 Contractual Necessity [#21-contractual-necessity]

We process personal data where necessary to perform our contractual obligations to our customers, including providing the Services, managing accounts, and processing payments.

2.2 Legitimate Interests [#22-legitimate-interests]

We process personal data for our legitimate business interests, including fraud prevention, security monitoring, service improvement, and marketing to existing customers. We conduct balancing tests to ensure our interests do not override individuals' rights.

2.3 Consent [#23-consent]

Where we rely on consent as a lawful basis (e.g., for marketing communications to prospective customers), we obtain clear, affirmative consent. You may withdraw consent at any time.

2.4 Legal Obligation [#24-legal-obligation]

We process personal data where required to comply with legal obligations, including tax, accounting, and regulatory requirements.

3\. Data Subject Rights [#3-data-subject-rights]

Under the GDPR, individuals in the EEA have the following rights:

3.1 Right of Access (Article 15) [#31-right-of-access-article-15]

You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data and information about how it is used.

3.2 Right to Rectification (Article 16) [#32-right-to-rectification-article-16]

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Article 17) [#33-right-to-erasure-article-17]

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose.

3.4 Right to Restriction (Article 18) [#34-right-to-restriction-article-18]

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

3.5 Right to Data Portability (Article 20) [#35-right-to-data-portability-article-20]

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

3.6 Right to Object (Article 21) [#36-right-to-object-article-21]

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, contact us at [privacy@piperich.com](mailto:privacy@piperich.com). We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

4\. Data Protection Officer [#4-data-protection-officer]

PipeRich has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance program. You may contact our DPO at:

**Email**: [dpo@piperich.com](mailto:dpo@piperich.com)

Our DPO is responsible for ensuring that PipeRich processes personal data in compliance with the GDPR, advising on data protection impact assessments, and serving as the point of contact for supervisory authorities.

5\. International Data Transfers [#5-international-data-transfers]

When we transfer personal data from the EEA to third countries, we use appropriate safeguards including:

* **Standard Contractual Clauses (SCCs)**: We incorporate EU Commission-approved SCCs into our agreements with processors and subprocessors in third countries
* **Adequacy Decisions**: Where the European Commission has recognized a country as providing adequate protection, we rely on that adequacy decision
* **Binding Corporate Rules**: Where applicable, we rely on binding corporate rules approved by the relevant supervisory authority

For details on our subprocessors and the safeguards in place for international transfers, see our [Subprocessors page](/subprocessors).

6\. Personal Data Breach Notification [#6-personal-data-breach-notification]

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, PipeRich will:

* Notify affected Controllers within 72 hours of becoming aware of the breach
* Provide information about the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed
* Assist Controllers in notifying affected Data Subjects where required

We maintain a breach response plan and conduct regular training to ensure swift and effective response to any security incidents.

7\. Data Processing Agreements [#7-data-processing-agreements]

Enterprise customers can execute a Data Processing Agreement (DPA) with PipeRich to formalize the GDPR obligations applicable to our relationship as processor and controller. See our [DPA page](/dpa) to download or sign our standard DPA.

For questions about GDPR compliance, contact us at [privacy@piperich.com](mailto:privacy@piperich.com).


---

## [Legal](/)





Legal Documentation [#legal-documentation]

Welcome to PipeRich's legal documentation portal. Here you'll find our terms of service, privacy policy, and other legal documents.

<Cards>
  <Card title="Terms of Service" description="Terms governing use of PipeRich services" href="/terms" />

  <Card title="Privacy Policy" description="How we collect, use, and protect your data" href="/privacy" />

  <Card title="Data Processing Agreement" description="DPA for enterprise customers" href="/dpa" />

  <Card title="Subprocessors" description="Third-party services that process data" href="/subprocessors" />

  <Card title="GDPR Compliance" description="Our commitment to EU data protection" href="/gdpr" />

  <Card title="Security Policy" description="How we protect your information" href="/security" />

  <Card title="Acceptable Use Policy" description="Guidelines for using our services" href="/acceptable-use" />

  <Card title="Cookie Policy" description="How we use cookies and tracking" href="/cookie-policy" />

  <Card title="Service Level Agreement" description="Uptime and support commitments" href="/sla" />
</Cards>


---

## [Privacy Policy](/privacy)





Privacy Policy [#privacy-policy]

<EffectiveDate date="2026-04-01" />

PipeRich, Inc. ("PipeRich", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

1\. Information We Collect [#1-information-we-collect]

1.1 Information You Provide [#11-information-you-provide]

We collect information you provide directly to us, including:

* **Account information**: Name, email address, password, and company details when you register for an Account
* **Payment information**: Credit card details and billing address processed through our payment provider
* **Communications**: Messages, feedback, and correspondence you send to us
* **Profile data**: Preferences, settings, and other information you choose to provide

1.2 Information Collected Automatically [#12-information-collected-automatically]

When you use our Services, we automatically collect:

* **Usage data**: Features accessed, pages visited, and actions taken within the Services
* **Log data**: IP address, browser type, operating system, referring URLs, and timestamps
* **Device information**: Hardware model, operating system version, and unique device identifiers
* **Cookies and tracking technologies**: Session identifiers, analytics data, and preferences

1.3 Information from Third Parties [#13-information-from-third-parties]

We may receive information about you from third parties, including:

* Authentication providers (e.g., Google, GitHub) when you use single sign-on
* Business partners who refer customers to our Services
* Publicly available sources when we conduct due diligence

2\. How We Use Your Information [#2-how-we-use-your-information]

We use the information we collect to:

* **Provide and improve Services**: Operate, maintain, and enhance our Services and develop new features
* **Process transactions**: Handle billing, payments, and account management
* **Communicate with you**: Send transactional emails, product updates, security alerts, and support messages
* **Personalize experience**: Tailor content and features based on your preferences and usage patterns
* **Ensure security**: Detect, prevent, and address fraud, security incidents, and technical issues
* **Comply with legal obligations**: Meet our legal and regulatory requirements
* **Analytics**: Understand usage patterns to improve our Services

3\. Information Sharing [#3-information-sharing]

We do not sell your personal information. We share your information only in these circumstances:

3.1 Service Providers [#31-service-providers]

We share information with third-party vendors who perform services on our behalf, such as cloud hosting, payment processing, email delivery, and analytics. These providers are contractually obligated to use your information only to provide their services.

3.2 Business Transfers [#32-business-transfers]

If PipeRich is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.3 Legal Requirements [#33-legal-requirements]

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of PipeRich, our users, or the public.

3.4 With Your Consent [#34-with-your-consent]

We may share your information with third parties when you have given us your explicit consent to do so.

4\. Data Retention [#4-data-retention]

We retain your information for as long as your Account is active or as needed to provide you with our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you close your Account, we will delete your personal information within 30 days, except where retention is required by law or legitimate business interests.

5\. Your Rights [#5-your-rights]

Depending on your location, you may have the following rights regarding your personal information:

* **Access**: Request a copy of the personal information we hold about you
* **Correction**: Request that we correct inaccurate or incomplete information
* **Deletion**: Request that we delete your personal information
* **Portability**: Request a machine-readable copy of your information
* **Objection**: Object to certain processing of your information
* **Restriction**: Request that we restrict processing of your information

To exercise these rights, contact us at [privacy@piperich.com](mailto:privacy@piperich.com). We will respond within 30 days.

6\. Security [#6-security]

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security audits, and employee training.

No method of transmission over the internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your information but cannot guarantee absolute security.

7\. International Transfers [#7-international-transfers]

PipeRich is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. We take steps to ensure that international data transfers comply with applicable data protection laws, including using Standard Contractual Clauses approved by the European Commission.

8\. Children's Privacy [#8-childrens-privacy]

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

9\. Changes to This Policy [#9-changes-to-this-policy]

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date. For material changes, we will provide additional notice via email or a prominent notice on our website.

10\. Contact Us [#10-contact-us]

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

**PipeRich, Inc.**
Privacy Team
Email: [privacy@piperich.com](mailto:privacy@piperich.com)

For EU residents, you may also contact our Data Protection Officer at [dpo@piperich.com](mailto:dpo@piperich.com).


---

## [Security Policy](/security)





Security Policy [#security-policy]

<EffectiveDate date="2026-04-01" />

Security is a foundational commitment at PipeRich. This policy describes the technical and organizational measures we implement to protect the confidentiality, integrity, and availability of your data.

1\. Overview [#1-overview]

PipeRich maintains a comprehensive information security program designed to protect our Services and the data entrusted to us. Our security program is built on industry best practices and aligns with recognized frameworks including SOC 2 Type II and ISO 27001.

We take a defense-in-depth approach, implementing multiple layers of security controls across our infrastructure, applications, and organizational processes.

2\. Infrastructure Security [#2-infrastructure-security]

2.1 Cloud Infrastructure [#21-cloud-infrastructure]

Our Services are hosted on Amazon Web Services (AWS), a leading cloud provider with extensive certifications including SOC 1/2/3, ISO 27001, PCI DSS, and FedRAMP. We leverage AWS security features including VPCs, security groups, IAM roles, and encryption services.

2.2 Network Security [#22-network-security]

* All traffic to and from our Services is protected by TLS 1.2 or higher
* Cloudflare provides DDoS protection, WAF filtering, and rate limiting at the network edge
* Internal services communicate over private networks with no direct public internet exposure
* Network access is restricted using the principle of least privilege

2.3 Physical Security [#23-physical-security]

PipeRich relies on the physical security controls of AWS data centers, which include biometric access controls, 24/7 security personnel, surveillance systems, and redundant power and cooling infrastructure.

3\. Data Encryption [#3-data-encryption]

3.1 Encryption in Transit [#31-encryption-in-transit]

All data transmitted between clients and our Services is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints and use HSTS to prevent protocol downgrade attacks.

3.2 Encryption at Rest [#32-encryption-at-rest]

Customer data stored in our databases and object storage is encrypted at rest using AES-256 encryption. Encryption keys are managed using AWS Key Management Service (KMS) with strict access controls.

3.3 Key Management [#33-key-management]

Cryptographic keys are rotated regularly and stored securely. Access to encryption keys is restricted to authorized systems and personnel on a need-to-know basis.

4\. Access Controls [#4-access-controls]

4.1 Authentication [#41-authentication]

* Multi-factor authentication (MFA) is required for all internal systems and administrative access
* PipeRich employees use SSO for access to internal systems
* Customer-facing systems support MFA and SAML-based SSO for enterprise customers

4.2 Authorization [#42-authorization]

We implement role-based access control (RBAC) across our Services. Access is granted based on the principle of least privilege. User permissions are reviewed quarterly and revoked promptly upon employee offboarding.

4.3 Privileged Access [#43-privileged-access]

Access to production systems and customer data is strictly limited and requires additional approval. All privileged access is logged and monitored. We use just-in-time (JIT) access controls to minimize standing privileges.

5\. Monitoring and Detection [#5-monitoring-and-detection]

* Comprehensive logging is enabled across all Services and infrastructure components
* Security events are aggregated in a centralized SIEM system
* Automated alerting is configured for anomalous activity and security events
* Our security team reviews alerts and investigates potential incidents 24/7
* Regular log reviews and threat hunts are conducted to identify potential threats

6\. Incident Response [#6-incident-response]

6.1 Incident Response Plan [#61-incident-response-plan]

PipeRich maintains a documented incident response plan that defines roles, responsibilities, and procedures for detecting, containing, and recovering from security incidents.

6.2 Notification [#62-notification]

In the event of a security incident affecting your data, PipeRich will notify affected customers promptly and in accordance with our contractual obligations and applicable law. Notifications will include the nature of the incident, data affected, and steps taken to address it.

6.3 Post-Incident Review [#63-post-incident-review]

Following any significant security incident, PipeRich conducts a post-incident review to identify root causes, assess the effectiveness of our response, and implement improvements to prevent recurrence.

7\. Compliance and Certifications [#7-compliance-and-certifications]

PipeRich's security controls are independently verified through third-party audits:

* **SOC 2 Type II**: Annual audit of security, availability, and confidentiality trust service criteria
* **Penetration Testing**: Annual third-party penetration tests of our infrastructure and applications
* **Vulnerability Scanning**: Continuous automated scanning for known vulnerabilities

Customers under an enterprise agreement may request copies of our SOC 2 Type II report under NDA.

8\. Vulnerability Disclosure [#8-vulnerability-disclosure]

We appreciate responsible disclosure of security vulnerabilities. If you believe you have discovered a security issue in our Services, please report it to:

**Email**: [security@piperich.com](mailto:security@piperich.com)

Please provide sufficient detail to allow us to reproduce and address the issue. We will acknowledge your report within 48 hours and work to resolve valid vulnerabilities promptly. We ask that you refrain from publicly disclosing any vulnerability until we have had a reasonable opportunity to address it.

For questions about our security practices, contact us at [security@piperich.com](mailto:security@piperich.com).


---

## [Service Level Agreement](/sla)





Service Level Agreement [#service-level-agreement]

<EffectiveDate date="2026-04-01" />

This Service Level Agreement ("SLA") describes PipeRich's uptime commitments, support response times, and remedies available when those commitments are not met. This SLA applies to customers on paid plans and forms part of the Terms of Service.

1\. Service Availability [#1-service-availability]

1.1 Uptime Commitment [#11-uptime-commitment]

PipeRich commits to the following monthly uptime percentages depending on your subscription plan:

| Plan       | Monthly Uptime Commitment |
| ---------- | ------------------------- |
| Starter    | 99.5%                     |
| Pro        | 99.9%                     |
| Enterprise | 99.95%                    |

"Uptime" means the percentage of time during a given calendar month that the Services are available and operational, excluding scheduled maintenance windows and circumstances beyond PipeRich's reasonable control.

1.2 Downtime Definition [#12-downtime-definition]

"Downtime" means any period of time during which the Services are unavailable due to a fault attributable to PipeRich. Downtime is measured from the time PipeRich confirms the incident to the time services are restored.

1.3 Status Page [#13-status-page]

PipeRich maintains a public status page at **status.piperich.com** where you can view current service status, incident history, and subscribe to status notifications.

2\. Scheduled Maintenance [#2-scheduled-maintenance]

PipeRich may perform scheduled maintenance that temporarily impacts Service availability. We will:

* Provide at least 48 hours advance notice for maintenance windows via email and the status page
* Schedule maintenance during low-traffic periods (typically between 2:00 AM and 6:00 AM UTC on weekends)
* Limit individual maintenance windows to no more than 4 hours
* Exclude scheduled maintenance from uptime calculations

Emergency maintenance may be performed with shorter notice when necessary to address critical security vulnerabilities or prevent service degradation.

3\. Support Response Times [#3-support-response-times]

3.1 Support Tiers [#31-support-tiers]

| Severity          | Description                                | Pro Response    | Enterprise Response |
| ----------------- | ------------------------------------------ | --------------- | ------------------- |
| **P1 - Critical** | Service completely unavailable             | 1 hour          | 30 minutes          |
| **P2 - High**     | Major feature degraded, significant impact | 4 hours         | 2 hours             |
| **P3 - Medium**   | Minor feature issue, workaround available  | 1 business day  | 4 hours             |
| **P4 - Low**      | General questions, feature requests        | 2 business days | 1 business day      |

Response times represent the time to first response from a PipeRich support engineer after a ticket is submitted. Enterprise customers receive 24/7 support for P1 and P2 incidents.

3.2 Submitting Support Requests [#32-submitting-support-requests]

Support requests may be submitted via:

* **In-app chat**: Available within the PipeRich dashboard
* **Email**: [support@piperich.com](mailto:support@piperich.com)
* **Enterprise support portal**: Available for Enterprise customers

3.3 Business Hours [#33-business-hours]

Standard business hours are Monday through Friday, 9:00 AM to 6:00 PM Eastern Time, excluding US public holidays. Enterprise P1/P2 support is available 24/7/365.

4\. Service Credits [#4-service-credits]

4.1 Credit Schedule [#41-credit-schedule]

If PipeRich fails to meet the monthly uptime commitment, you are eligible to receive service credits according to the following schedule:

| Monthly Uptime Achieved     | Service Credit     |
| --------------------------- | ------------------ |
| 99.0% to \< committed level | 10% of monthly fee |
| 95.0% to \< 99.0%           | 25% of monthly fee |
| \< 95.0%                    | 50% of monthly fee |

4.2 Requesting Credits [#42-requesting-credits]

To receive service credits, you must submit a credit request within 30 days of the end of the affected month. Include in your request: the dates and times of the downtime, a description of the impact, and any supporting evidence.

Credit requests must be submitted to [billing@piperich.com](mailto:billing@piperich.com) with the subject line "SLA Credit Request — \[Month/Year]."

4.3 Credit Limitations [#43-credit-limitations]

Service credits are your sole and exclusive remedy for any failure by PipeRich to meet the uptime commitment. Credits are applied to future invoices and have no cash value. Total credits in any calendar month shall not exceed 50% of the monthly fee for that month.

5\. Exclusions [#5-exclusions]

The uptime commitment does not apply to, and downtime does not include, unavailability resulting from:

* Scheduled maintenance windows as described in Section 2
* Circumstances beyond PipeRich's reasonable control, including natural disasters, acts of government, Internet service provider failures, and similar force majeure events
* Actions or omissions of Customer or its users, including misuse of the Services or failure to follow PipeRich's documentation
* Third-party service failures outside PipeRich's control
* Beta features or services explicitly identified as not covered by this SLA
* Free tier or trial accounts

6\. Contact [#6-contact]

For SLA-related questions or to submit a credit request, contact us at [billing@piperich.com](mailto:billing@piperich.com).

Enterprise customers may negotiate custom SLA terms through their Account Executive.


---

## [Subprocessors](/subprocessors)





Subprocessors [#subprocessors]

PipeRich uses the following third-party subprocessors to provide our Services. We maintain contractual data protection obligations with all subprocessors and conduct due diligence prior to engagement.

If you have questions about our subprocessors or wish to object to the engagement of a new subprocessor, please contact us at [privacy@piperich.com](mailto:privacy@piperich.com).

Infrastructure & Platform [#infrastructure--platform]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;Amazon Web Services&#x22;, purpose: &#x22;Cloud infrastructure, storage, and compute&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Cloudflare&#x22;, purpose: &#x22;Content delivery network and DDoS protection&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Vercel&#x22;, purpose: &#x22;Frontend hosting and edge deployment&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; }
]"
/>

Monitoring & Observability [#monitoring--observability]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;Sentry&#x22;, purpose: &#x22;Application error monitoring and performance tracking&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Datadog&#x22;, purpose: &#x22;Infrastructure monitoring and log management&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Axiom&#x22;, purpose: &#x22;Log analytics and query&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; }
]"
/>

AI & Machine Learning [#ai--machine-learning]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;OpenAI&#x22;, purpose: &#x22;AI-powered content processing and analysis&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Anthropic&#x22;, purpose: &#x22;AI model inference and safety evaluation&#x22;, entity: &#x22;PBC&#x22;, country: &#x22;United States&#x22; }
]"
/>

Payments & Finance [#payments--finance]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;Stripe&#x22;, purpose: &#x22;Payment processing and subscription management&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; }
]"
/>

Communication [#communication]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;Resend&#x22;, purpose: &#x22;Transactional email delivery&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; },
  { name: &#x22;Intercom&#x22;, purpose: &#x22;Customer support and in-app messaging&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; }
]"
/>

Analytics [#analytics]

<SubprocessorTable
  subprocessors="[
  { name: &#x22;PostHog&#x22;, purpose: &#x22;Product analytics and session recording&#x22;, entity: &#x22;Inc.&#x22;, country: &#x22;United States&#x22; }
]"
/>

Notification Policy [#notification-policy]

PipeRich will provide at least 30 days advance notice of any changes to this subprocessor list by email or through the Services. Enterprise customers who have executed a DPA may object to new subprocessors in accordance with the terms of that agreement.

<LastUpdated date="2026-04-01" />


---

## [Terms of Service](/terms)





Terms of Service [#terms-of-service]

<EffectiveDate date="2026-04-01" />

1\. Acceptance of Terms [#1-acceptance-of-terms]

By accessing or using any PipeRich service, website, or software (collectively, the "Services"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not access or use the Services.

These Terms constitute a legally binding agreement between you ("Customer", "you", or "your") and PipeRich, Inc. ("PipeRich", "we", "us", or "our"). If you are entering into these Terms on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

2\. Definitions [#2-definitions]

**"Account"** means a unique account created for you to access our Services.

**"Content"** means information, data, text, software, photographs, graphics, videos, messages, or other materials.

**"Services"** means all products, software, applications, and services provided by PipeRich, including any updates, upgrades, new features, and/or additions thereto.

**"Subscription"** means access to Services on a recurring basis as described in a mutually executed Order Form or as selected by you during the online signup process.

**"User"** means any individual who accesses or uses the Services through your Account.

3\. Account Terms [#3-account-terms]

3.1 Account Creation [#31-account-creation]

You must provide accurate, complete, and current information when creating an Account. You are responsible for maintaining the security of your Account credentials and for all activities that occur under your Account.

3.2 Account Eligibility [#32-account-eligibility]

You must be at least 18 years of age to create an Account. By creating an Account, you represent and warrant that you meet this requirement.

3.3 Account Responsibilities [#33-account-responsibilities]

You are responsible for maintaining the confidentiality of your login credentials. You agree to notify PipeRich immediately of any unauthorized use of your Account. PipeRich will not be liable for any loss or damage arising from unauthorized use of your Account.

4\. Use License [#4-use-license]

4.1 Permitted Use [#41-permitted-use]

Subject to these Terms and timely payment of all applicable fees, PipeRich grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your internal business purposes.

4.2 Restrictions [#42-restrictions]

You may not, and may not permit others to:

* Sublicense, sell, resell, transfer, assign, or otherwise commercially exploit the Services
* Modify, adapt, translate, or create derivative works based on the Services
* Reverse engineer, disassemble, decompile, or otherwise attempt to derive source code
* Remove or alter any proprietary notices, labels, or marks on the Services
* Use the Services to build a competing product or service
* Use the Services in any manner that violates applicable laws or regulations

5\. Payment Terms [#5-payment-terms]

5.1 Fees [#51-fees]

You agree to pay all fees specified in the applicable Order Form or as selected during online signup. All fees are non-refundable except as expressly set forth in these Terms.

5.2 Billing [#52-billing]

Subscription fees are billed in advance on a monthly or annual basis depending on the plan selected. PipeRich reserves the right to change pricing with 30 days written notice.

5.3 Taxes [#53-taxes]

You are responsible for all applicable taxes, levies, or duties imposed by taxing authorities. PipeRich will collect such taxes when required to do so by applicable law.

6\. Termination [#6-termination]

6.1 Termination by You [#61-termination-by-you]

You may terminate your Account at any time by contacting PipeRich support or through your Account settings. Termination does not relieve you of any obligation to pay fees accrued prior to termination.

6.2 Termination by PipeRich [#62-termination-by-piperich]

PipeRich may suspend or terminate your Account and access to the Services immediately, without prior notice, if: (a) you breach these Terms; (b) required by law; or (c) PipeRich decides to discontinue the Services.

6.3 Effect of Termination [#63-effect-of-termination]

Upon termination, your right to access and use the Services immediately ceases. PipeRich will retain your data for 30 days following termination, after which it will be permanently deleted.

7\. Limitation of Liability [#7-limitation-of-liability]

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PIPERICH, ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THE USE OF OR INABILITY TO USE THE SERVICES.

PIPERICH'S TOTAL CUMULATIVE LIABILITY TO YOU ARISING OUT OF OR RELATED TO THESE TERMS SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNTS PAID BY YOU TO PIPERICH IN THE TWELVE (12) MONTHS PRIOR TO THE CLAIM; OR (B) ONE HUNDRED DOLLARS ($100).

8\. Governing Law [#8-governing-law]

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. Any dispute arising under or relating to these Terms shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

9\. Changes to Terms [#9-changes-to-terms]

PipeRich reserves the right to modify these Terms at any time. We will provide at least 30 days notice of material changes by email or by posting a notice on our website. Your continued use of the Services after the effective date of any modifications constitutes your acceptance of the modified Terms.

If you have questions about these Terms, please contact us at [legal@piperich.com](mailto:legal@piperich.com).