Privacy & Security Commitment | PIPPS Maker Calc

🛡️ Data Encryption & Security

Your formulations are protected with the same level of encryption used by banks and financial institutions.

256-bit AES Encryption at Rest

All your data is encrypted in our database using AES-256 encryption - the gold standard for data protection. Even if someone gained physical access to our servers, your formulations would be unreadable.

TLS 1.3 Encryption in Transit

Every connection between your browser and our servers uses TLS 1.3, the latest encryption protocol. Your data is protected from interception at every step.

Regular Security Audits

We conduct regular security reviews and vulnerability assessments to ensure our infrastructure stays protected against emerging threats.

Enterprise-Grade Infrastructure

Currently hosted on Render with PostgreSQL database. We're migrating to AWS for enhanced enterprise-grade security services and compliance certifications.

Secure Password Storage

Passwords are hashed using bcrypt with salt rounds. We never store plain-text passwords - even we can't see your password.

No Third-Party Data Sharing

We never share, sell, or monetize your data. No advertising networks, no data brokers, no exceptions. Your formulations stay private.

🚀 Infrastructure Migration: As we migrate to AWS infrastructure, these security measures will be enhanced with enterprise-grade AWS security services including AWS Shield, GuardDuty, and compliance with SOC 2, ISO 27001, and other industry standards.

📋 Data Ownership & Control

Your data belongs to you. Period. Not to us, not to anyone else. Here's how we ensure you maintain complete control.

✓ You Own 100% of Your Data

Full ownership rights: Every formulation, material, vendor, and calculation you create is your intellectual property. We claim zero ownership.
No hidden licenses: We don't request licenses to use your data for training AI, marketing, or any other purpose.
Complete control: Export, modify, or delete your data anytime - no approval needed, no waiting periods.

📤 One-Click Data Export

Export formats: Download your data in CSV, JSON, or PDF formats from your account dashboard.
Complete exports: Get all your materials, formulations, costs, vendors, categories, and historical data.
Instant downloads: No waiting, no request forms - just click and download.
Scheduled exports: Set up automatic monthly backups to your own storage (Pro+ plans).

🗑️ Right to Be Forgotten

Complete deletion: Request full account deletion and we'll permanently erase all your data within 30 days.
No hidden backups: We delete your data from all systems, including backups (after the 30-day recovery window).
GDPR compliant: We respect your right to deletion under GDPR and similar privacy regulations.
Confirmation provided: You'll receive confirmation once deletion is complete.

🔓 No Vendor Lock-In

Downgrade option: Cancel paid plans and downgrade to free tier anytime - keep 25 materials + 5 formulations.
Export before leaving: Take all your data with you if you decide to leave - no restrictions.
No contracts: Month-to-month billing. Cancel anytime, no termination fees.
Data portability: Standard formats make it easy to import your data into other tools.

Our Philosophy

We believe that data freedom builds trust. If we're doing our job right, you'll stay because our tool is valuable - not because your data is trapped. Your success is our success, and that starts with respecting your ownership rights.

🕵️ Privacy Practices

We've designed our platform with privacy as a core principle, not an afterthought.

🙈 Zero-Knowledge Architecture (Where Possible)

While we need to store your formulation data to provide our service, we've implemented privacy-first practices:

Encrypted storage: All formulation data is encrypted in our database with keys separate from application data.
No browsing your data: We don't have administrative tools to casually browse user formulations.
Limited access: Only essential technical staff have database access, and all access is logged and monitored.
Support privacy: Our support team helps you through your account - they don't need to see your formulations.

🚫 What We DON'T Do

No advertising: We don't run ads or use your data for targeted advertising.
No data mining: We don't analyze your formulations for market research or competitive intelligence.
No AI training: We don't use your proprietary recipes to train AI models.
No selling data: We never sell, rent, or share your data with third parties.
No tracking pixels: Minimal analytics (only anonymous usage patterns for improving features).

🌍 GDPR & Privacy Compliance

GDPR-ready: We follow GDPR principles including data minimization, purpose limitation, and user rights.
Consent-based: We only collect data you explicitly provide or consent to collecting.
Transparent processing: Clear information about what data we collect and why.
Data protection officer: Contact dpo@pipps.app for privacy-related questions.

📊 Minimal Data Collection

We only collect what's necessary:

Account data: Email, name (optional), password hash, subscription tier.
Formulation data: Materials, formulations, vendors - the data YOU create.
Usage analytics: Anonymous feature usage to improve the product (no personal identifying information).
Payment data: Processed securely by Shopify - we never see your full credit card number.
No unnecessary tracking: We don't collect browsing history, location data, or device fingerprints.

🔑 Access Control & Authentication

Robust security measures to ensure only you can access your formulations.

Secure Password Hashing

Passwords are hashed using bcrypt with adaptive rounds. Even if our database were compromised, your passwords would remain protected. We cannot see your password - ever.

Session Management

Secure session tokens with automatic expiration. Sessions are invalidated after logout or inactivity periods, protecting your account even if you forget to log out.

Single-User Accounts

Each user has their own isolated account. No shared credentials, no account sharing. Business+ plans include multi-user access with proper role-based controls.

Multi-Factor Authentication

Coming soon: Optional 2FA using authenticator apps for an additional layer of security on your account.

Brute-Force Protection

Rate limiting on login attempts and account lockouts after multiple failed attempts protect against password guessing attacks.

Login Notifications

Coming soon: Email notifications for new device logins and suspicious activity on your account.

💾 Data Backup & Reliability

Your formulations are backed up and protected against data loss.

☁️ Automated Backups

Daily backups: Full database backups every 24 hours, encrypted and stored securely.
Continuous replication: Real-time data replication to standby servers for immediate recovery.
30-day retention: We keep backup history for 30 days, allowing recovery from accidental deletions.
Tested recovery: Regular restore tests ensure backups work when needed.

⚡ High Availability

99.9% uptime target: Enterprise-grade infrastructure designed for reliability.
Redundant systems: Multiple servers ensure service continuity if one fails.
Monitoring & alerts: 24/7 automated monitoring with instant alerts for issues.
Fast recovery: Rapid response protocols minimize downtime in rare outage scenarios.

🌐 Geographic Redundancy

Current setup: Primary database on Render with automated backups to separate storage.
AWS migration benefit: When migrated to AWS, your data will be replicated across multiple geographic regions for maximum protection against regional outages.
Disaster recovery: Comprehensive DR procedures ensure business continuity.

💡 Pro Tip: While we maintain robust backups, we always recommend using our export feature to keep your own local backups of critical formulations. Your data, your control!

📢 Transparency Commitments

We believe in open, honest communication about how we handle your data.

📜 Clear Data Retention Policies

Active accounts: We retain your data for as long as your account is active.
Closed accounts: After account deletion, data is permanently removed within 30 days (except legally required records like payment history).
Backup retention: Deleted data is removed from backups after the backup rotation cycle (30 days maximum).
No hidden storage: We don't keep "shadow profiles" or hidden copies of your data.

🔍 No Hidden Data Usage

Explicit purposes: We only use your data for providing the PIPPS Maker Calc service.
No secondary usage: Your formulation data is never used for marketing, research, or other purposes.
Anonymous analytics only: Usage statistics are aggregated and anonymized - we track features used, not who used them.
Open about changes: Any changes to data usage practices will be clearly communicated with advance notice.

🚨 Security Incident Notification

Immediate response: We have protocols to detect and respond to security incidents rapidly.
User notification: In the unlikely event of a data breach, affected users will be notified within 72 hours.
Transparency report: Clear information about what happened, what data was affected, and remediation steps.
Regulatory compliance: Notification to relevant authorities as required by law (GDPR, etc.).

🔄 Infrastructure Change Communication

Migration updates: Clear communication about our AWS migration timeline and benefits.
No surprise changes: Major infrastructure changes announced in advance via email and dashboard notices.
Security improvements: Transparent about new security features and enhancements.
Downtime notices: Advance warning for any planned maintenance windows.

Our Transparency Promise

We commit to being straightforward about our practices, limitations, and mistakes. If something goes wrong, we'll tell you. If we make changes, you'll know. If you have questions, we'll answer honestly. Building trust requires transparency, and we take that seriously.

❓ Security & Privacy Questions

Common questions from formulators about keeping their trade secrets safe.

🔒 Can PIPPS employees see my formulations?

No. Your formulation data is encrypted in our database, and we don't have administrative tools to casually browse user formulations. Technical staff can access the database for maintenance, but all access is logged and monitored. We respect your intellectual property and have no interest in your proprietary recipes.

🕵️ Could a hacker access my recipes if they breach your system?

While no system is 100% hack-proof, we've implemented multiple layers of security to make this extremely difficult. Your data is encrypted at rest with AES-256, so even if someone gained database access, they'd need the encryption keys (stored separately) to read your formulations. We also use intrusion detection, regular security audits, and follow industry best practices.

📊 Do you sell or share my data with third parties?

Absolutely not. We never sell, rent, or share your data with third parties. No advertisers, no data brokers, no market research firms. Your formulations are YOUR intellectual property, not a revenue stream for us. We make money from subscriptions, not from your data.

🤖 Will my formulations be used to train AI models?

No. We do not use your proprietary recipes to train AI, machine learning models, or for any other purpose beyond providing you the PIPPS Maker Calc service. Your trade secrets stay secret.

📤 What if I want to stop using PIPPS? Can I get my data?

Yes, absolutely. You can export all your data (materials, formulations, costs, vendors) anytime in CSV, JSON, or PDF formats. Just go to your account settings and click export. No approval needed, no waiting period. You can also downgrade to our free tier instead of leaving completely - keep 25 materials and 5 formulations forever.

🌍 Is PIPPS compliant with GDPR and other privacy laws?

Yes. We follow GDPR principles including data minimization, user consent, right to access, right to deletion, and data portability. We're committed to complying with privacy regulations worldwide. If you have specific compliance questions, contact dpo@pipps.app.

💾 What happens to my data if PIPPS shuts down?

In the unlikely event that PIPPS closes, we commit to providing at least 90 days notice and ensuring all users can export their complete data. We'd also open-source export tools and provide migration guides to help you move to alternative solutions. Your data won't disappear.

🔐 Do you support two-factor authentication (2FA)?

Coming soon! We're implementing optional 2FA using authenticator apps (Google Authenticator, Authy, etc.) for Pro+ plans. This will add an extra layer of security to your account. Expected launch: Q2 2025.

⚖️ Can law enforcement request my data?

We will only provide user data in response to valid legal requests (court orders, subpoenas) as required by law. We review all requests carefully and will notify users when legally permitted. We do not provide access to law enforcement without proper legal process.

🏢 Is my data stored in the US? What about international users?

Currently, our servers are in US-based data centers (Render). When we migrate to AWS, we'll offer geographic options for data storage to better serve international users and comply with data residency requirements. All data is encrypted regardless of location.

🐛 Do you have a bug bounty program?

Planned for 2025. We're setting up a responsible disclosure program and bug bounty to reward security researchers who help us identify vulnerabilities. Until then, please report security issues to security@pipps.app - we take all reports seriously and respond within 48 hours.

💳 How is my payment information secured?

Payment processing is handled by Shopify, a PCI DSS compliant payment processor. We never see or store your full credit card number. Shopify handles all payment data securely, and we only receive confirmation that payment was successful.

Still Have Questions?

We're here to help. Your security concerns are important to us.

Security inquiries: security@pipps.app

Privacy questions: dpo@pipps.app

General support: support@pipps.app

🔒 Your Formulations Are Your Intellectual Property