Privacy Policy

1. Introduction

PipeChecks.io ("Company," "we," "us," "our") operates the PipeChecks.io website ("Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains our data collection, use, and protection practices.

2. Information Collection and Use

We collect limited information necessary to provide our Service. Information we may collect includes:

• Account Information: Name, email address, and GitHub account information (only when you sign up)
• AWS Account Information: We securely connect to your AWS account via OIDC federation. We never store your AWS credentials or access keys
• Usage Data: Information about how you interact with our Service (anonymized and aggregated)
• Device Information: Browser type, operating system, and IP address (for security purposes only)

3. Cookies and Tracking

We use essential cookies that are strictly necessary for the website to function, and analytics cookies that require your explicit consent.

Essential cookies (always active):

• Session cookies (for authentication)
• Cookie consent preference (stored locally in your browser)
• CSRF protection tokens (for security)

Analytics cookies (only with your consent):

We use analytics cookies to understand how visitors use our site and to improve our service. These cookies are only set if you explicitly accept them via our cookie banner. You can change your preference at any time using the "Cookie Settings" link in the footer.

4. Analytics

We use a third-party analytics service to understand how visitors interact with our website and to improve our service. We do not use this data for advertising, and we do not sell or share it with third parties. Contact us at privacy@pipechecks.io for details about our data processors.

We do NOT use: Google Analytics, advertising cookies, behavioral tracking pixels, retargeting cookies, or any other third-party tracking services.

5. Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We implement the following security measures:

• HTTPS encryption for all communications
• OAuth for secure AWS account connection (never storing credentials)
• TLS 1.3 for data in transit
• Secure password storage with industry-standard hashing
• Regular security audits and updates

6. AWS Account Data

When you connect your AWS account to PipeChecks.io:

• We use OAuth tokens that expire and rotate automatically
• We never store your AWS access keys or secret keys
• AWS credentials are only used to read CodePipeline status
• We only have permission to view pipeline events (no modification access)
• You can revoke access at any time through AWS IAM

7. Data Retention

We retain your personal data only for as long as necessary to provide our Service or as required by law. You may request deletion of your account and associated data at any time by contacting us.

8. Your GDPR Rights

If you are in the European Union, you have the following rights under GDPR:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing of your data
• Right to Restrict Processing: Request limitation of processing

To exercise any of these rights, please contact us at privacy@pipechecks.io.

9. CCPA Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data is collected, used, and shared.

10. Third-Party Links

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We are not responsible for the privacy practices of external websites.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

13. Data Processing Agreement

For enterprise customers, we provide a Data Processing Agreement (DPA) that complies with GDPR requirements. Please contact our sales team for more information.