Book a demo

PIPA Privacy Policy

Applicable to pipacorp.com and the FIOS Platform  |  Effective: March 1, 2026  |  Version 2.1

1. Introduction

PIPA LLC ("PIPA," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our websites at pipacorp.com and its subdomains (including app-stg-fios.pipacorp.com and other FIOS platform environments) (together, the "Sites"), and our FIOS software-as-a-service platform and related products (the "Services").

This Policy applies to personal information we process as a controller — for example, information about visitors to our Sites, prospective customers, account administrators, and users of the Services. Where we process personal information on behalf of a business customer under a signed written agreement with that customer through an enterprise deployment of the Services, we may act as a processor for a limited set of processing activities; those activities are governed by the agreement with that customer.

Relationship to other agreements. Your use of the Services is governed by the FIOS End User License Agreement ("EULA") or, where applicable, a separately signed agreement (including a master services agreement, pilot agreement, or beta evaluation agreement). Those agreements, together with this Privacy Policy, describe the terms applicable to your use of the Services and to our use of the information you submit. In the event of conflict between this Policy and a separately signed agreement with you or your employer, the signed agreement controls with respect to the subject matter it addresses.

If you have questions about this Policy, contact us at legal@pipacorp.com.

2. Information We Collect

We collect personal information in the following ways.

2.1 Information You Provide

We collect information you provide when you register for an account, request a demo, subscribe to our newsletter, contact us, or use the Services. This includes your name, email address, company, job title, login credentials, billing information (processed by our third-party payment processor), the content of your communications with us, and the data, content, queries, prompts, and files you submit to the Services ("User Submitted Content").

2.2 Information Collected Automatically

When you use the Sites or Services, we and our service providers automatically collect information about your device and usage, including IP address, browser type and version, operating system, referring URL, pages visited, features used, interactions with AI Features, session timestamps, and similar information. We use cookies and similar technologies for this purpose — see Section 10.

2.3 Information from Third Parties

We may receive information about you from third parties, such as your employer (when a customer account administrator creates an account for you), business partners, public data sources, and marketing or analytics providers.

2.4 Categories Collected

The following table summarizes the categories of personal information we collect and the business purposes for which we use each category, consistent with the California Consumer Privacy Act ("CCPA") categories:

Category Examples Business Purposes
Identifiers Name, email address, company, job title, account username, IP address, device identifiers Providing and securing the Services; account administration; communication; product and model development and improvement
Commercial Information Subscription plan, billing contact, payment records (payment card data is processed by our payment processor) Billing, invoicing, fraud prevention, business analytics
Internet Activity Log data, pages viewed, features used, clickstream, session duration, cookie and similar identifiers, referring URL Service operation, security, analytics, product and model development and improvement
Professional Information Employer, role, areas of scientific or business interest Account provisioning, personalization, customer support, product development
Communications Messages you send to us (support, sales, demo requests), feedback, survey responses Responding to inquiries, improving the Services, product and model development
User Submitted Content Data, formulations, ingredients, recipes, process parameters, queries, prompts, files, and other information you submit to the Services Providing the Services; generating Output; developing, training, and improving PIPA products, services, models, and AI systems (see Section 4)
Inferences Preferences and characteristics derived from the above Personalization, marketing (where lawful), product and model development

Sensitive personal information. We do not intentionally collect sensitive personal information (such as government identifiers, precise geolocation, health data, biometric data, or racial or ethnic origin) through the Sites or Services. You should not submit sensitive personal information, "special category data" (as defined under the EU General Data Protection Regulation ("GDPR")), protected health information, payment card data, or children's data to the Services, unless expressly permitted under a separately signed agreement with PIPA.

No use by minors. The Sites and Services are intended for use by adults acting on behalf of businesses. The Services are not directed to, and may not be used by, anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. You shall not submit to the Services any personal information of a minor, any children's data subject to COPPA, the UK Children's Code, GDPR Article 8, or comparable laws, or any other data concerning individuals under 18. If we learn that we have collected personal information from a minor, we will delete it. If you believe a minor has provided us personal information, contact us at legal@pipacorp.com.

3. How We Use Personal Information

We use personal information for the following purposes:

  • to provide, operate, maintain, secure, and improve the Sites and Services;
  • to create, administer, authenticate, and support your account;
  • to process payments and issue invoices (via our payment processor);
  • to communicate with you about the Services, including service announcements, security alerts, administrative notices, and changes to our terms or policies;
  • to respond to your inquiries, demo requests, and support requests;
  • to send marketing communications about PIPA products, events, and content, where lawful and subject to your right to opt out;
  • to analyze usage, troubleshoot, conduct research, and develop new features;
  • to develop, train, fine-tune, evaluate, test, benchmark, and improve PIPA's current and future products, services, models, algorithms, datasets, and AI systems, including models and features made available to other users and customers (see Section 4 for details);
  • to generate aggregated, statistical, or de-identified data and insights, which we may use for any lawful purpose;
  • to detect, prevent, and respond to fraud, abuse, security risks, and technical issues;
  • to comply with legal obligations, respond to lawful requests by public authorities, and establish, exercise, or defend legal claims; and
  • for other purposes with your consent or as disclosed at the point of collection.

4. AI, Model Training, and Product Development

PIPA builds and operates AI-based products and services. To develop, improve, and operate the Services and our broader product portfolio, we use User Submitted Content, inputs, Output (as defined in the EULA), and usage data to, among other things:

  • operate, maintain, debug, and secure the Services;
  • train, fine-tune, evaluate, test, benchmark, and improve PIPA's current and future products, services, models, algorithms, datasets, and AI systems, including models and features made available to other users and customers;
  • develop new products, services, and features;
  • create derivative datasets and models; and
  • produce aggregated, statistical, and de-identified data and insights.

These uses are described in the EULA (including the license grant to PIPA in Section 4 of the EULA) and, where applicable, in your separately signed agreement with PIPA.

Alternative data-use terms. If you require different data-use terms (for example, restrictions on use of your data for model training, or additional confidentiality commitments), these can be negotiated under a master services agreement, pilot agreement, or beta evaluation agreement with PIPA. Contact sales@pipacorp.com or legal@pipacorp.com to discuss.

Sensitive and restricted data. To keep our training and improvement processes clean and compliant, you should not submit to the Services any data whose processing requires heightened legal obligations, including protected health information, children's data, government-issued identifiers, payment card data, biometric identifiers, or "special category" or "sensitive" personal data under the GDPR, CCPA, or comparable laws, unless expressly permitted under a separately signed agreement.

No "sale" or "sharing" for cross-context behavioral advertising. Our use of User Submitted Content and other information for model training and product development is an internal business purpose of PIPA and is not a "sale" or "sharing" of personal information for cross-context behavioral advertising as those terms are defined under California law, nor does it constitute "targeted advertising" as defined under Virginia, Colorado, Connecticut, or similar state laws.

5. Legal Bases (EEA, UK, Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Performance of a contract — to provide the Services and perform our agreements with you or the customer that employs you.
  • Legitimate interests — to operate and secure our business, analyze and improve our products, develop and train models and AI systems, conduct direct marketing to business contacts, and defend legal claims, in each case where our interests are not overridden by your rights.
  • Consent — where required by law (for example, certain cookies and marketing communications). You may withdraw consent at any time.
  • Legal obligation — to comply with applicable laws and regulatory requirements.

Where we rely on legitimate interests, you may request further information about our balancing test.

6. How We Share Personal Information

We share personal information in the following circumstances:

6.1 Service Providers and Sub-processors

We engage vendors that perform services on our behalf under written agreements, including cloud hosting, analytics, customer support, email delivery, payment processing, identity management, and AI infrastructure and model providers. Information about our key sub-processors for enterprise deployments of the Services is provided to customers under their applicable agreement.

6.2 Affiliates

We may share personal information with our corporate affiliates for the purposes described in this Policy, subject to appropriate safeguards.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred to the counterparty, subject to this Policy or equivalent safeguards.

6.4 Legal and Safety

We may disclose personal information when we reasonably believe it is necessary to comply with a legal obligation, enforce our agreements, protect the rights, property, or safety of PIPA, our users, or others, respond to government or regulatory requests, or respond to a subpoena or court order.

6.5 Customers and Account Administrators

If you access the Services through an account provisioned by a customer (for example, your employer), we may share information with that customer's authorized administrators for account administration purposes.

6.6 With Your Direction or Consent

We share information with third parties when you direct us to do so or consent to the sharing.

7. International Data Transfers

PIPA is headquartered in the United States, and we and our service providers may process personal information in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country not recognized as providing an adequate level of protection, we use appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. A copy of the safeguards applicable to a specific transfer is available on request to legal@pipacorp.com.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to provide the Services, develop and improve our products and models, comply with legal, accounting, and reporting obligations, resolve disputes, and enforce our agreements. Specific retention criteria include:

  • account information: for the duration of the account plus a reasonable period thereafter for legal and backup purposes;
  • marketing contact information: until you opt out or otherwise ask us to delete it;
  • log and security data: typically 12 to 24 months, subject to investigation or legal-hold needs;
  • billing and transactional records: as required by tax and accounting laws (typically seven years in the United States);
  • User Submitted Content and Output: as specified in the EULA or applicable signed agreement; and
  • aggregated, de-identified, derivative, and training data: retained on an ongoing basis as described in Section 9.

When personal information is no longer required, we delete or de-identify it, subject to backup retention cycles and legal hold obligations.

9. Deletion and Derivative Data

You may request deletion of personal information as described in Section 11. We will honor valid deletion requests in accordance with applicable law. However, deletion rights and obligations do not extend to:

  • information that has been aggregated or de-identified such that it no longer identifies you and cannot reasonably be used to re-identify you;
  • derivative works, models, parameters, weights, embeddings, or outputs that have been created, trained, or derived using your information and that do not themselves constitute your personal information; or
  • backup copies retained in the ordinary course, which are overwritten or deleted on standard retention cycles.

This approach is consistent with applicable data protection laws, including GDPR recital 26 (anonymous information) and CCPA exceptions for aggregated and de-identified data. For clarity, if your personal information has been used to train or improve an AI model, deletion of the underlying personal information does not require retraining the model or removing parameters derived from the training.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information consistent with industry standards for comparable services. No method of transmission over the internet or storage system is completely secure. You are responsible for safeguarding your account credentials, and we will never ask you to disclose your password by email or phone.

11. Cookies and Similar Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies for the following purposes:

  • Strictly necessary — to authenticate users, maintain sessions, and operate core features of the Sites and Services. These cannot be disabled through the Services.
  • Functional — to remember preferences and settings.
  • Analytics — to understand how visitors use the Sites and Services (for example, Google Analytics), using aggregated and, where feasible, de-identified data.
  • Marketing — on marketing pages, to measure campaign effectiveness (for example, LinkedIn Insight Tag). These are used only where required consent has been provided.

You can manage cookies through your browser settings or, where available, our cookie preferences tool. Disabling cookies may affect the functionality of the Sites and Services. We honor Global Privacy Control ("GPC") signals as an opt-out request where required by law.

12. Your Rights

Depending on where you live, you may have some or all of the following rights with respect to personal information we hold about you:

  • Access — request a copy of the personal information we hold about you;
  • Correction — request correction of inaccurate or incomplete information;
  • Deletion — request deletion of personal information, subject to Section 9 and other legal exceptions;
  • Portability — receive your personal information in a portable format;
  • Restriction and objection — restrict or object to certain processing, including direct marketing;
  • Withdraw consent — where processing is based on consent, withdraw it at any time;
  • Non-discrimination — not be discriminated against for exercising rights under California or other U.S. state laws;
  • Opt out of sale, sharing, or targeted advertising — although we do not engage in these activities as defined by applicable law;
  • Appeal — where a state law (including Virginia, Colorado, Connecticut) grants an appeal right, you may appeal a refused request; and
  • Lodge a complaint — with your local data protection authority (EEA, UK) or other regulator.

Exercising your rights. To exercise any of these rights, contact us at legal@pipacorp.com or use the contact information in Section 15. We will take reasonable steps to verify your identity before responding, and will respond within the time frames required by applicable law, subject to legally permitted extensions and exceptions. An authorized agent may submit a request on your behalf, subject to the verification requirements we impose in accordance with applicable law.

If you are a customer's end user. If your personal information is processed through the Services at the direction of a business customer (for example, your employer) under a signed agreement, please direct rights requests to that customer in the first instance. We will assist them in responding as required by our agreement and applicable law.

13. Automated Decision-Making

PIPA does not make decisions about individuals that produce legal or similarly significant effects based solely on automated processing, including profiling, in connection with the Sites or in our administration of the Services. Where a customer configures features of the Services, including AI Features, for its own use cases involving automated decision-making about individuals, that customer is the controller for those activities and is solely responsible for ensuring compliance with applicable law, including any required notices, consents, transparency, and rights mechanisms. PIPA does not act as the controller for customer-level automated decision-making.

14. Changes to This Policy

We may update this Policy from time to time. For material changes, we will provide reasonable prior notice, such as by email or a notice on the Sites, before the change takes effect. The "Effective Date" at the top of this Policy indicates when it was last updated.

15. Contact Us

For questions or to exercise your rights, contact:

PIPA LLC
213 E St, Suite D
Davis, CA 95616, USA
Email: legal@pipacorp.com

EU and UK Representative. For individuals in the European Economic Area, our representative under Article 27 of the GDPR is DEUS EX MACHINA IKE, represented by Zisis Diamantis, Capital Center, 22 Laertou, Pilea 555 35, Thessaloniki, Greece, email: legal@pipacorp.com. The same entity serves as our representative under Article 27 of the UK GDPR for individuals in the United Kingdom. You may contact our representative in addition to or instead of contacting us directly.

16. Supplemental Notices

16.1 California Residents

The information in Sections 2, 3, 4, 6, 8, 9, and 12 describes our collection, use, disclosure, and retention of personal information and your rights under the CCPA. We have not sold or shared personal information, or disclosed sensitive personal information for purposes that would require an opt-out right under California law, in the preceding 12 months. Our use of personal information (including User Submitted Content) to develop, train, and improve PIPA products and models is a business purpose of PIPA, as described in Section 4, and is not a "sale" or "sharing" as those terms are defined under the CCPA. Californians have the right not to receive discriminatory treatment for exercising their CCPA rights.

16.2 Residents of Virginia, Colorado, Connecticut, Utah, Texas, and Other U.S. States with Comprehensive Privacy Laws

You have the rights described in Section 12, subject to state-specific limitations. We do not sell personal information, engage in targeted advertising, or conduct profiling in furtherance of decisions producing legal or similarly significant effects about individuals, as those terms are defined under applicable state law. If we deny a rights request, you may appeal as described in Section 12.

16.3 Nevada Residents

Nevada residents may submit a verified request to opt out of certain sales of personal information. We do not sell personal information as defined by Nevada law.

16.4 Do Not Track

Our Sites do not respond to browser "Do Not Track" signals because there is no consistent industry standard. We do honor Global Privacy Control signals where required by law.