Privacy Policy

Effective from 1 January 2025
Last updated: April 2026

This privacy policy describes how personal data is processed and protected on the public website pipegenius.de as well as within the PipeGenius web application and Outlook add-in (hereinafter “App”).

Part A — Public Website (pipegenius.de)

A.1 Contact Form

When you use the contact form on our website, we process the following data:

Name
Email address
Company
Phone number (optional)
Message
Language (site version DE/EN)

Purpose: Processing your enquiry and contacting you.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at the request of the data subject).

Recipients: Your enquiry is forwarded by email to the management of PipeGenius GmbH. No data is shared with third parties.

Retention period: The data is processed exclusively as an email notification and is not stored in a database. The data is retained only for the duration of processing the enquiry and subsequently deleted — unless statutory retention obligations apply or the data is required for the initiation of a contractual relationship.

A.2 Website Hosting

The public website is delivered as a static site. The hosting provider automatically collects technical access data in server log files (IP address, timestamp, page accessed, browser type). This data is used exclusively to ensure operations and to defend against attacks and is deleted after 30 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and availability of the website).

A.3 Website Analytics

To improve our website, we collect anonymised usage data such as pages visited, time on site, referral source (referrer domain), device type, browser, operating system and approximate location (country and city). This data is processed and stored exclusively on our own servers in Germany.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving and ensuring the functionality of the website). Our legitimate interest consists in understanding aggregate usage patterns to improve site content and usability. Given the fully anonymised nature of the data collected — no cookies, no persistent identifiers, no IP storage — we consider that the rights and freedoms of data subjects are not overridden by this interest.

For geographic attribution, the IP address is processed exclusively in memory and discarded immediately after determining country and city. The IP address is not stored at any point. The user agent is analysed solely to identify device type, browser and operating system and is likewise not stored.

No cookies are set, no localStorage is used and no data is shared with third parties. Individual visitors cannot be identified across days. No profiling takes place. No external analytics or tracking services are used.

Part B — PipeGenius App (Web Application and Outlook Add-in)

1. Data Controller

The controller responsible for data processing in connection with the operation of the App is:

PipeGenius GmbH
Jülicher Straße 72a
52070 Aachen
Germany

Phone: +49 179 511 8993
Email: hello@pipegenius.de

For data that customers independently enter into the App (e.g. customer contacts, project information, documents), the respective customer is the controller within the meaning of the GDPR. PipeGenius GmbH acts in this context as a processor pursuant to Art. 4(8) GDPR.

2. User Accounts and Authentication

Access to the App is provided exclusively via Microsoft login integration. Users authenticate with existing Microsoft credentials. Self-registration is not possible; all user accounts are set up and managed by an administrator of the respective customer company.

For additional security, a proprietary two-factor authentication system is used, operated entirely by PipeGenius without involving any external providers.

3. Nature and Purpose of Data Processing

To provide the App's functionality, the following data is processed:

User-related data (name, email address, role)
Project data (e.g. customer and supplier profiles, quotes, internal notes)
Uploaded files (e.g. contracts, invoices, quote templates)
Data automatically extracted from documents

This content may contain personal data of third parties (e.g. contact persons of customers or suppliers). The respective customer is solely responsible for the lawful collection and entry of such data.

4. Legal Bases for Processing

The processing of personal data is based on the following provisions of the GDPR:

Art. 6(1)(b) GDPR — for the performance of a contract with the customer
Art. 6(1)(c) GDPR — for compliance with legal obligations (e.g. retention requirements)
Art. 6(1)(f) GDPR — for the protection of legitimate interests (e.g. improvement of the App, operational security, support)

5. Usage Analytics and Quality Assurance

To continuously improve the App and ensure stable operations, we collect certain usage data such as session duration, navigation between modules and frequency of use of individual features.

This data is:

not stored in a personally identifiable manner but assigned via a pseudonymised identifier
evaluated exclusively in aggregate at the company level

For this purpose, exclusively proprietary, privacy-compliant analytics tools are used. No external analytics or tracking services are employed.

6. Hosting and Data Storage

The App is operated on servers in the Frankfurt, Germany (EU) region. All data is stored exclusively within the European Union and encrypted both in transit and at rest.

A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider. Access to data is strictly regulated, logged and reserved exclusively for authorised personnel.

7. Data Access and Disclosure

Personal data is not sold or shared with third parties for advertising purposes. Access to data is limited to:

Authorised employees of PipeGenius GmbH (e.g. support or development) and only when necessary
The hosting provider under the data processing agreement

No external support tools, AI services or analytics platforms are used that would have access to customer data.

8. Retention Period and Data Deletion

All data entered via the App is stored by default for two years. After this period, customers may:

Optionally purchase additional storage, or
Request the complete deletion of their data

Data subject to statutory retention obligations (e.g. pursuant to § 147 AO/HGB) may be archived for up to ten years.

Data deletion or export can currently be requested by email to support@pipegenius.de. An automated function within the App is planned for future releases.

9. Rights of Data Subjects

Data subjects have the following rights under the GDPR:

Access to stored data (Art. 15 GDPR)
Rectification of inaccurate data (Art. 16 GDPR)
Erasure (“right to be forgotten”, Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to certain processing activities (Art. 21 GDPR)

To exercise these rights, an informal message to the contact address listed above is sufficient. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority.

Contact for data protection enquiries:
hello@pipegenius.de

10. Automated Decision-Making

No automated decision-making including profiling pursuant to Art. 22 GDPR takes place.

11. Security Measures

To protect data, we employ modern technical and organisational measures:

Secure authentication via Microsoft login
Proprietary two-factor authentication
Role-based access control
Encrypted data transmission and storage
Logging of all internal access to production systems
Tenant isolation at the database level

12. Data Protection Officer

The appointment of a data protection officer is currently not legally required (§ 38 BDSG). For data protection enquiries, please contact the address listed above.

13. Changes to this Privacy Policy

This privacy policy may be amended in the event of legal, technical or organisational changes. In the case of material changes, notification will be provided within the App.