Privacy Policy

Last updated: April 22, 2026

PipeWarden ("we", "us", "our") is operated by FinSavvy AI Ltd. This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

• Account data: Name and email address provided when you sign up.
• CI/CD credentials: Platform tokens and API keys you add to PipeWarden. Stored encrypted with AES-256-GCM. Never transmitted to third parties.
• Pipeline metadata: Pipeline names, run IDs, timestamps, and finding summaries. We do not store your source code.
• Usage data: Page views and feature usage via Cloudflare Web Analytics (privacy-preserving, no cookies, no cross-site tracking).
• Support communications: Emails you send to hello@pipewarden.com.

2. How We Use Your Data

• Provide and improve the PipeWarden service
• Send transactional emails (account setup, alerts)
• Respond to support requests
• Comply with legal obligations

We do not sell your data. We do not use your pipeline data for any purpose other than operating your account.

3. AI Analysis

When you use AI-powered analysis, pipeline findings (not source code) are sent to Anthropic's Claude API for analysis. Anthropic's privacy policy applies to that processing. You can disable AI analysis and use heuristic scanning only.

4. Data Retention

Finding data is retained per your plan tier (7 days Community, 30 days Starter, 90 days Professional, 365 days Enterprise). You can delete your account and all associated data at any time by emailing hello@pipewarden.com.

5. Data Security

• CI/CD credentials encrypted with AES-256-GCM at rest
• All data in transit encrypted with TLS 1.2+
• Access logs retained for security review
• No plaintext credential storage anywhere in the system

6. Third-Party Services

• Cloudflare: CDN, DDoS protection, and privacy-preserving analytics
• Anthropic Claude: AI analysis (when enabled)
• LemonSqueezy: Payment processing

7. Your Rights (GDPR / CCPA)

You have the right to access, correct, export, or delete your personal data. Email hello@pipewarden.com with any request. We will respond within 30 days.

8. Self-Hosted Deployments

If you self-host PipeWarden under the MIT license, this policy does not apply to your deployment. You are the data controller for your own installation.

9. Contact

Questions: hello@pipewarden.com