CorePiperCorePiper
Legal

Privacy Policy

Effective February 22, 2026 · Last Updated February 22, 2026

Core Piper (“we,” “us,” or “our”) operates the Core Piper platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Organization name
  • Password (stored as a salted hash — we never store plaintext passwords)

1.2 Billing Information

If you subscribe to a paid plan, we collect payment details (credit card or ACH) through our payment processor, Stripe. We do not store full payment card numbers on our servers.

1.3 Usage Data

We automatically collect information about how you interact with the platform, including:

  • Pages visited and features used
  • Session logs and event history
  • Skill configurations and tool usage
  • Webhook payloads received and processed
  • Browser type, IP address, and device information

1.4 Integration Data

When you connect third-party services (e.g., Salesforce, Jira), we collect:

  • OAuth tokens and API credentials (encrypted at rest)
  • Data retrieved from those services during skill execution

1.5 AI Processing Data

When AI skills execute on your behalf, we process:

  • Input data from webhooks or manual triggers
  • Tool call requests and responses
  • AI-generated outputs and decisions
  • Human-in-the-loop review interactions

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the platform
  • Process transactions and manage your subscription
  • Execute AI skills and tool calls on your behalf
  • Store and display session history and audit logs
  • Send administrative communications (account confirmations, security alerts, billing notices)
  • Improve and develop new features
  • Detect, prevent, and address fraud, abuse, or technical issues
  • Comply with legal obligations

3. How We Protect Your Information

We implement industry-standard security measures, including:

  • Encryption at rest: Integration credentials are encrypted using AES-256-GCM with key versioning
  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Row-level security: Database-level tenant isolation ensures organizations cannot access each other's data
  • Session event redaction: Credentials, tokens, and PII are redacted from session logs
  • Webhook verification: HMAC-SHA256 signature validation with timestamp replay protection
  • Access controls: Role-based access within organizations (admin and member roles)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

4.1 Service Providers

  • Stripe — payment processing
  • Neon — database hosting (PostgreSQL)
  • Anthropic — AI model provider (Claude)
  • Trigger.dev — task execution infrastructure

4.2 Third-Party Integrations

When you connect integrations, data is sent to and received from those services as directed by your skill configurations. We act as a processor on your behalf.

4.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • Session history is retained based on your plan tier (7–90 days).
  • Audit logs are retained for the duration of your subscription.
  • Billing records are retained as required by applicable tax and financial regulations.

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at the email listed below.

7. Cookies

We use essential cookies to maintain your authentication session. We do not use third-party tracking or advertising cookies.

8. Children's Privacy

Core Piper is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers of personal data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last Updated” date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@corepiper.com

View Terms of Service →