Sign in Start free

Privacy

Privacy Policy

Effective date: 4 May 2026  ·  Last updated: 4 May 2026

PiePiper is built as a local-first memory layer for AI assistants. The vast majority of your data — your conversations, extracted memories, and embeddings — never leaves your computer. This page explains what we do and do not collect, store, and process when you use the website, sign up for the waitlist, or use the PiePiper software.

1. Who we are

PiePiper is a software product currently operated as an independent project. The data controller for the purposes of the EU General Data Protection Regulation (GDPR) is the operator of the piepiper.ai website. You can contact us about privacy at privacy@piepiper.ai.

2. What we collect

2.1 When you visit the website

Our hosting provider (Netlify) records standard request information — your IP address, the page you requested, your browser type, and the time of the request — for security and operational reasons. We do not place advertising or tracking cookies on the website itself.

2.2 When you join the waitlist

If you submit the waitlist form we collect:

  • The email address you provide.
  • The CTA you clicked (e.g. "Start free trial", "Personal tier").
  • Your browser's User-Agent string, the page that referred you, and any UTM parameters present in the URL. We use these only to understand which marketing channels work.
  • The timestamp of your signup.

We do not collect names, addresses, phone numbers, or any other identifiers as part of the waitlist signup. Waitlist data is stored on Supabase (EU region). We use it only to email you when invites open, and to understand top-of-funnel conversion. We do not sell or share waitlist data with third parties for marketing purposes.

2.3 When you use the PiePiper software

PiePiper is local-first. The following data stays on your computer and is never transmitted to us:

  • Your conversations and the memories PiePiper extracts from them.
  • Your embeddings, vector indexes, and the SQLite database that stores your memory graph.
  • Any API keys you configure for OpenAI, Anthropic, or other providers (those are your keys; we never see them).

You can verify this yourself: PiePiper is a self-contained program that, in its default configuration, makes no network calls to servers we operate. The SQLite database lives at ~/.neuropack/memories.db on your machine.

2.4 Optional anonymous telemetry (off by default)

Future versions of PiePiper may include optional, off-by-default anonymous telemetry — for example, "extraction completed in N seconds" or "the daemon ran without error" — to help us find bugs. If we add this, the setting will be off by default, you will be asked before it is turned on, and the data will not contain your conversations or any identifiable content. We will update this policy and notify users before any such telemetry ships.

2.5 Optional opt-in beta-data sharing (off by default)

After launch, beta testers may be asked to opt in to share anonymized conversation chunks with us so we can train and improve the local fact-extraction model that ships with the product. This is strictly off by default. You will be asked explicitly, you can revoke at any time, and any chunks you have shared will have personal identifiers stripped before they ever leave your machine. We will publish exact details (consent flow, retention period, opt-out path) before this feature becomes available.

3. How we use the data we do collect

  • To send you the email invite when PiePiper opens up to you.
  • To understand which marketing channels and CTAs work.
  • To debug issues you report.
  • To run the website itself (security, abuse prevention).
  • To comply with legal obligations.

We do not use your data to train AI models without explicit, separate, opt-in consent (see section 2.5).

  • Consent: waitlist signups, optional telemetry, opt-in beta-data sharing.
  • Legitimate interest: security, abuse prevention, understanding aggregate marketing channel performance.
  • Contract: for paying customers, processing necessary to deliver the service.
  • Legal obligation: retaining records when required by law.

5. Service providers we use

We rely on a small number of third-party services to run the website and waitlist. Each operates under its own privacy policy:

  • Netlify — website hosting (the piepiper.ai domain).
  • Supabase — waitlist database (EU region).
  • OpenAI / Anthropic — only when you (the user) configure your own API key in the PiePiper app. We do not see or store your keys; the calls go directly from your machine to those providers.
  • Stripe — payment processing for paid plans (when those launch).

None of these providers receive your conversation data or memory contents. They only see what is strictly required to do their jobs (hosting the page, storing your email, processing payment).

6. How long we keep data

  • Waitlist email and metadata: until you ask us to delete it, or until 24 months after the waitlist closes, whichever comes first.
  • Web server access logs: 30 days.
  • Customer billing records: as long as legally required (typically 6 years under EU/Finnish accounting law).

7. Your rights (GDPR)

If you are in the EU, UK, or another jurisdiction with similar rules, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Have your data deleted ("right to be forgotten")
  • Restrict or object to processing
  • Data portability (receive a copy of your data in a machine-readable format)
  • Withdraw any consent you previously gave
  • Lodge a complaint with your local data protection authority (in Finland, this is the Office of the Data Protection Ombudsman, tietosuoja.fi)

To exercise any of these rights, email privacy@piepiper.ai. We will respond within 30 days.

8. International data transfers

PiePiper is operated from Finland. Some of our service providers (Netlify, Stripe) are based in the United States. Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards. The conversation data that stays on your machine is not transferred anywhere by us.

9. Children

PiePiper is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Security

We use HTTPS for the website, encrypted connections to Supabase and Stripe, and we follow industry-standard practices to protect the data we hold. No system is perfectly secure, but we minimize the data we collect specifically so that any future breach has limited impact.

11. Changes to this policy

We will update this policy as the product evolves. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be announced on the website and, where appropriate, by email to waitlist subscribers.

12. Contact

Privacy questions: privacy@piepiper.ai.
General questions: hello@piepiper.ai.

This privacy policy is a starting point and is provided in good faith. It is not legal advice. Before relying on it for a jurisdiction-specific obligation, consult qualified legal counsel.