Pipetal Account Deletion

Effective Date: April 17, 2026

Last Updated: April 21, 2026

Pipetal is a multi-tenant Enterprise Resource Planning (ERP) application provided for business users including companies, traders, accountants, and their employees. This Privacy Policy explains what information we collect, how we use it, how it is stored, and your rights regarding your data.

By using Pipetal, you agree to the terms of this Privacy Policy.

1. INFORMATION WE COLLECT

1.1 Information You Provide

Account and Login Information:

Company Code (provided by your administrator)

Username or Login name

Password

Full name

Email address (if provided)

Phone number (if provided)

Profile photo (if you upload one)

Business Data:

When you use Pipetal, you interact with business information belonging to your organization, including but not limited to sales invoices, purchase orders, inventory records, vendor and customer information, financial reports, transaction history, and account balances. This data is owned and controlled by your organization (the "Company"), not by us individually.

1.2 Information Collected Automatically

Device and Technical Information:

Device type and operating system version (iOS or Android)

Biometric capability (whether your device supports Face ID, Touch ID, or fingerprint — not the biometric data itself)

App version

Time zone and locale

Usage Data:

Features accessed within the app

Error logs (stored locally on your device only; not transmitted)

1.3 Information We Do NOT Collect

We do not collect GPS or precise location data.

We do not collect your contacts, SMS, or call logs.

We do not use third-party advertising trackers.

We do not sell your data.

2. HOW WE USE YOUR INFORMATION

We use the information collected to:

Authenticate you and allow secure access to your organization's ERP data

Resolve your Company Code to the correct tenant server

Display your profile information in the app

Enable biometric (Face ID or fingerprint) login if you choose to enable it

Generate, export, and share business reports (PDF, Excel, CSV)

Diagnose technical issues via local logs

Maintain session security (token refresh, automatic logout on session expiry)

3. HOW YOUR DATA IS STORED

3.1 On Your Device

Authentication token: Stored in OS Keychain (iOS) or Android Keystore. Encrypted.

Biometric login credentials (if enabled): Stored in OS Keychain (iOS) or Android Keystore. Encrypted.

Company code and resolved server URL: Stored in SharedPreferences or UserDefaults. Plain (non-sensitive).

User profile cache (name, email, avatar URL): Stored in SharedPreferences or UserDefaults. Plain (non-sensitive).

Drawer menu configuration: Stored in SharedPreferences or UserDefaults. Plain (non-sensitive).

Company and branch list: Stored in SharedPreferences or UserDefaults. Plain (non-sensitive).

Profile picture (cached): Stored in device file cache. Plain (non-sensitive).

Exported reports (PDF, Excel, CSV): Stored in device Documents or Downloads folder. Plain (user-initiated).

Sensitive data (authentication tokens, passwords saved for biometric login) is stored only in the operating system's secure storage (Apple Keychain on iOS, Android Keystore on Android). These use hardware-backed encryption when available.

3.2 On Our Servers

Your organization's tenant server (for example, your-company.pipetal.net) stores your user account and all business data. This server is operated by your Company or by Pipetal's service provider on behalf of your Company. Access is restricted by authentication and user roles configured by your organization's administrator.

4. BIOMETRIC AUTHENTICATION

If you enable biometric login:

Your Face ID, Touch ID, or fingerprint data never leaves your device.

Biometric data is managed entirely by iOS or Android. Pipetal does not see, store, or transmit it.

Pipetal stores your encrypted login credentials (company code, username, password) in the OS secure keychain, which is unlocked only by a successful biometric authentication or device passcode.

You may disable biometric login at any time from the Profile or Settings screen.

5. PERMISSIONS

Pipetal requests the following device permissions. Each is used only for the stated purpose:

Internet and Network access: Communicate with your ERP server.

Biometric, Face ID, or Fingerprint: Optional fast login.

Camera (iOS and Android): Take a profile photo.

Photo Library or Gallery: Select a profile photo from your gallery.

Storage, Documents, or Downloads: Save exported reports (PDF, Excel, CSV) to your device.

Vibration or Haptics: Provide touch feedback.

You may revoke any of these permissions from your device's system settings at any time. Revoking certain permissions may disable related features.

6. DATA TRANSMISSION AND SECURITY

All network communication uses HTTPS (TLS encryption). Cleartext HTTP traffic is explicitly disabled in the app.

Your username and password are transmitted over HTTPS to your organization's tenant server only.

Authentication tokens are short-lived and refreshed automatically. Expired or invalid tokens trigger automatic logout.

We follow industry-standard practices to protect data in transit. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. THIRD-PARTY SERVICES

Pipetal is built using open-source libraries for core functionality (networking, UI, local storage, authentication, file export). These libraries run on your device and do not independently transmit your data to third parties.

Pipetal does NOT currently use:

Third-party advertising networks

Third-party analytics SDKs (Google Analytics, Firebase Analytics, Mixpanel, etc.)

Third-party crash reporting services

Social media tracking SDKs

If this changes in a future version, this Privacy Policy will be updated accordingly and you will be notified in-app.

8. EXPORTED REPORTS

Pipetal allows you to export business reports as PDF, Excel (.xlsx), or CSV files:

Export files are generated on your device using local libraries.

Files are saved to your device's Documents or Downloads folder, or shared via standard share sheets (email, messaging apps, cloud storage) at your explicit request.

Pipetal does NOT upload exported files to our servers or any third party.

You are solely responsible for how exported files are subsequently stored, shared, or transmitted once they leave the app.

9. DATA RETENTION

On your device: Cached data (user profile, menu, companies list) is retained until you log out, uninstall the app, or clear the app's data via system settings.

Authentication tokens: Retained until expiry or logout, whichever occurs first.

Biometric-saved credentials: Retained until you disable biometric login or uninstall the app.

On our servers: Your user account and business data are retained according to your organization's data retention policy. Contact your organization's administrator for details on server-side retention.

Pending account deletions: If you request deletion of your personal account (see Section 10), your login credentials and profile data remain on the server for a 30-day grace period during which you can cancel. After 30 days with no cancellation, personal data is permanently removed. Business records owned by your organization are not affected by this step.

10. YOUR RIGHTS

Depending on your jurisdiction (including GDPR for EU users, CCPA for California residents, and similar regional laws), you may have the right to:

Access the personal data we hold about you

Correct inaccurate data

Request deletion of your account and associated data

Withdraw consent at any time

Port your data to another service

Object to processing of your data

To exercise any of these rights, contact us at info@pipetal.com or contact your organization's administrator. We will respond within 30 days.

Account Deletion:

You may request deletion of your personal Pipetal account in any of the following ways:

In-app (recommended): Open the app, go to Profile → Delete Account, type your login name to confirm, and submit.

By email: Write to info@pipetal.com with the subject "Account Deletion Request" if you cannot log in.

Through your administrator: Ask your organization's Pipetal administrator to revoke your access.

30-day grace period: Deletion is not immediate. For 30 days after your request, your account is scheduled for deletion but can be restored. You can cancel at any time during this period by logging back into the app and tapping Cancel Deletion on the Delete Account screen, or by replying to our confirmation email.

What is deleted: After the 30-day period, your login credentials (username, password hash, biometric credentials), user profile (name, email, phone, profile photo), session tokens, and personal preferences are permanently removed.

What is retained: Business records owned by your organization (invoices, purchase orders, ledgers, inventory history, activity logs tied to your user ID) may be retained by your Company for legal, accounting, audit, or tax purposes, subject to applicable law and your organization's retention policy.

For a full breakdown of the deletion process, see our Account Deletion page at https://sites.google.com/view/pipetal/home.

11. CHILDREN'S PRIVACY

Pipetal is a business application intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us with personal information, please contact us immediately.

12. INTERNATIONAL DATA TRANSFERS

Pipetal is operated from Pakistan. If you are accessing Pipetal from outside Pakistan, please be aware that your information may be transferred to, stored, and processed in Pakistan or in the country where your organization's tenant server is hosted.

By using Pipetal, you consent to such transfers. We take reasonable measures to ensure such transfers comply with applicable data protection laws.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you in-app or via email.

Continued use of Pipetal after changes take effect constitutes your acceptance of the revised Privacy Policy.

14. GOVERNING LAW

This Privacy Policy is governed by the laws of the Islamic Republic of Pakistan, without regard to its conflict of law principles.

15. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Pipetal Support

Email: info@pipetal.com

Website: https://pipetal.com/

For organization-specific questions (data retention, access permissions, role management), please contact your company's Pipetal administrator.

SUMMARY (QUICK REFERENCE)

What we collect: Login credentials, profile info, business data you enter.

How it's stored: Tokens encrypted in OS Keychain; profile data cached locally.

Transmission: HTTPS-only to your organization's tenant server.

Third-party tracking: None.

Ads: None.

Sold to third parties: Never.

Data retention on device: Cleared on logout or uninstall.

Account deletion: In-app via Profile → Delete Account, with a 30-day cancellation window.

Contact: info@pipetal.com