Privacy Policy — Pips AI

Short version: Your financial data, garden designs, and other personal content never leave your device. Only the minimal data needed to fulfill an explicit AI request is ever transmitted — and only when you click a button to trigger it.

1. Who we are

Pips AI applications are developed and operated by Ferrier Software, based in the Netherlands. We are the data controller for any personal data processed through our backend service at api.pipsai.app.

Contact: privacy@pipsai.app

2. Data we collect — overview

The table below summarises every category of data we handle across all Pips AI products.

Data type	Where it lives	Transmitted?	Retained by us?
Bank transactions & statements	Your device only	Never	No
Garden designs & plan data	Your device only	Never	No
Network / device scan data	Your device only	Never	No
Email content (Pip Mail)	Your device only	Never	No
AI prompt payloads (image crops, text)	In transit only	On demand	No (passed through, not stored)
License key	Your device (encrypted) + our database	For activation & balance	Yes — required for billing
Email address (purchase)	Our database	At purchase	Yes — for key recovery & receipts
Credit balance & usage log	Our database	At each AI call	Yes — required for billing
Anonymous error reports	Our logs	Automatically	30 days, then deleted

3. Local-first by design

All Pips AI desktop applications store your personal content in a SQLite database on your own device. We do not offer cloud sync, and we cannot access your local files remotely. Your financial data is yours.

License keys are stored on your device using the operating system's secure credential storage (Electron safeStorage / macOS Keychain / Windows DPAPI / Linux Secret Service). We never see your key in plaintext on our servers — only a hashed form is stored for validation.

4. AI features and data transmission

When you explicitly trigger an AI feature (e.g., "Scan garden", "Analyse statement"), the application:

Extracts the minimal data necessary (e.g., a cropped aerial image, a short text snippet).
Sends it to our backend at api.pipsai.app along with your license key for credit deduction.
Our backend forwards the payload to the AI provider (Anthropic Claude API).
The response is returned to your app. We do not store the prompt or the response.

AI features are never triggered automatically. You must press an explicit button, and the cost in Pips is shown before or immediately upon triggering.

Our backend acts as a proxy to protect our API keys and enforce credit limits. It does not log prompt content.

5. Purchases and payment data

Payments are processed by Stripe. When you purchase Pips credits:

You are redirected to a Stripe-hosted checkout page. Your payment details are entered on Stripe's servers — we never receive your card number or banking details.
After a successful payment, Stripe notifies our backend via webhook. We record: your email address, the package purchased, the amount, and the timestamp.
Your email address is used solely to: (a) send a purchase confirmation with your license key, and (b) allow key recovery if you lose your key.
We do not use your email address for marketing without your explicit consent.

6. Cookies and tracking on this website

This website (pipsai.app) does not use tracking cookies, analytics pixels, or third-party advertising scripts. The only external resources loaded are:

Google Fonts (for typography) — your browser fetches font files from Google's CDN.
Your browser may cache static assets from this domain.

No persistent identifiers are stored in your browser when visiting this website.

7. Data retention

License key & balance: retained for the lifetime of the key. You can deactivate your key at any time from within the app, which removes it from our active database.
Purchase records: retained for 7 years to comply with Dutch tax and accounting law (Article 52 AWR).
Email address: retained as long as you have an active license key. Deleted within 30 days of key deactivation upon written request.
Error logs: 30 days, automatically deleted.

8. Your rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the GDPR:

Right of access: request a copy of your personal data we hold.
Right to rectification: correct inaccurate data.
Right to erasure: request deletion of your data ("right to be forgotten").
Right to data portability: receive your data in a machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to restrict processing: request that we limit how we use your data.

To exercise any of these rights, email privacy@pipsai.app. We will respond within 30 days. In most cases, the data we hold is limited to your email address, license key reference, and purchase record.

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Data security

We take appropriate technical and organisational measures to protect your data:

All backend communication is encrypted via TLS (HTTPS).
Our backend database is hosted on a private server (Hetzner, Germany / EU) with restricted access.
License keys are stored hashed; we cannot reconstruct your original key from our database.
Stripe handles all payment data under their own PCI DSS compliance.

10. Third-party services

We use the following third-party processors:

Anthropic (Claude API) — AI inference. Prompts forwarded through our backend. Governed by Anthropic's Privacy Policy.
Stripe — payment processing. Governed by Stripe's Privacy Policy.
Resend — transactional email (purchase confirmations). Only your email address and license key are shared.
Hetzner Online GmbH — server hosting (Germany, EU). No personal data is shared beyond what is stored in our database.

11. Children's privacy

Our applications are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately at privacy@pipsai.app.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top and, where possible, by in-app notification. Continued use of the software after the updated policy is posted constitutes acceptance.

13. Contact

For privacy-related questions or to exercise your rights:

Ferrier Software
The Netherlands
privacy@pipsai.app