SafePipe

Privacy Policy

Last updated: December 7, 2025

Introduction

SafePipe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI middleware and content moderation service.

Information We Collect

1. Account Information

When you create an account, we collect:

  • Email address
  • Authentication credentials (securely hashed)
  • Display name (optional)
  • Payment information (processed securely by Stripe)

2. API Usage Data

To provide our AI content moderation service, we process:

  • API Request Metadata: Timestamps, request counts, API key identifiers
  • Moderation Results: Detected PII (emails, phone numbers, credit cards), toxicity flags, competitor mentions
  • Request Logs: Limited logs for debugging and security (see Data Retention below)

Important: We do NOT store the actual content of your AI prompts or responses. We only store metadata and detection results necessary for service operation.

3. Technical Information

  • IP addresses (for security and fraud prevention)
  • Browser type and version
  • Device information
  • Cookies and similar tracking technologies

How We Use Your Information

We use the collected information to:

  • Provide AI Moderation Services: Detect and redact PII, filter toxic content, block competitor mentions
  • Maintain Service Security: Prevent fraud, abuse, and unauthorized access
  • Process Payments: Handle billing and subscriptions via Stripe
  • Improve Our Service: Analyze usage patterns to enhance features
  • Send Service Communications: Account notifications, security alerts, and product updates

Third-Party Services

SafePipe uses trusted third-party providers to deliver our service:

Supabase (Database & Authentication)

We use Supabase to securely store your account data, API keys (encrypted), and usage logs. Supabase is SOC 2 Type II compliant and GDPR-ready.

Learn more: Supabase Privacy Policy

Stripe (Payment Processing)

All payment information is processed directly by Stripe. We never store your full credit card details. Stripe is PCI DSS Level 1 certified.

Learn more: Stripe Privacy Policy

Data Retention

We retain your data only as long as necessary to provide our service:

  • Account Data: Retained until account deletion
  • API Request Logs (Free Plan): Deleted after 7 days
  • API Request Logs (Pro Plan): Retained for 30 days for advanced analytics
  • Moderation Results: Retained for 30 days (Pro) or 7 days (Free)
  • Billing Records: Retained for 7 years for legal and tax compliance

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Update or correct your information
  • Right to Erasure: Request deletion of your account and data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain data processing activities
  • Right to Withdraw Consent: Revoke consent at any time

To exercise your rights, contact us at: support@safepipe.eu

Data Security

We implement military-grade security measures to protect your data:

  • AES-256 Encryption at Rest: Your third-party provider API keys (OpenAI, Anthropic, DeepSeek, etc.) are encrypted using military-grade AES-256 encryption before being stored. Even database administrators cannot decrypt them.
  • SHA-256 Key Hashing: Your SafePipe API keys are hashed using SHA-256 and stored as non-reversible hashes. We cannot recover your original keys.
  • RAM-Only Processing: All AI request processing (prompts, completions) happens exclusively in RAM with automatic memory wiping after each request. We never write your prompts to disk.
  • TLS 1.3: All data in transit is protected with modern TLS 1.3 encryption.
  • EU Data Sovereignty: All infrastructure runs exclusively in Frankfurt, Germany (AWS eu-central-1). Your data never leaves the European Union.
  • Row-Level Security (RLS): Database access is restricted to your account only through Supabase RLS policies.
  • SOC 2 Type II Ready: Enterprise-grade security controls with regular penetration testing and security audits.

Cookies and Tracking

We use cookies to provide and improve our service. For detailed information, see our Cookie Policy.

Children's Privacy

SafePipe is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on our website.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

SafePipe