Now monitoring 412,608 NYC properties · One platform. Every property.
PipelynPipelyn
Legal · 01 · Privacy

Privacy Policy

How Pipelyn collects, uses, protects, and shares information across our property-operations platform, service-provider workspace, and marketplace — including the text-message and electronic notifications we send on your behalf.

Effective date
May 29, 2026
Last updated
May 29, 2026
Applies to
pipelyn.com & all Pipelyn apps
Contact
legal@pipelyn.com
Plain-language summary

Pipelyn provides software for property owners, managers, brokers, and service providers to operate buildings, manage compliance, and coordinate field work. To do that we process account, property, and communications data. We send you operational alerts by text message (via Twilio), email, and in-app — and you control those notifications at any time.

We do not sell your personal information. We share data only with the vetted subprocessors that run our infrastructure and messaging, each of which maintains independent security certifications described in Section 7.

01 · Scope

Overview & scope

This Privacy Policy explains how Pipelyn, Inc. (“Pipelyn,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our websites, web and mobile applications, the service-provider workspace, the property marketplace, and related services (collectively, the “Services”).

This policy applies to account holders (owners, property managers, brokers, lenders, and service providers), their authorized users, and individuals whose information is entered into the Services — including tenants, applicants, vendors, and job contacts. Where Pipelyn processes personal information on behalf of a customer (for example, tenant records a manager uploads), we act as a processor / service provider and handle that data according to our customer agreement and applicable law.

By using the Services, you acknowledge the practices described here. If you do not agree, please do not use the Services.

02 · Collection

Information we collect

We collect information you provide directly, information generated as you use the Services, and information from third parties such as public agency records and your chosen integrations.

Account & identity
Name, business name, email address, phone number, mailing address, role, login credentials, and profile details.
Property & operational
Building and unit records, leases, work orders, inspections, violations, compliance filings, photos, and notes you create or upload.
Contacts & recipients
Contact details for tenants, applicants, vendors, technicians, and job contacts you add — including phone numbers used for notifications.
Communications
Messages, in-app chat, support tickets, and the content and delivery metadata of text and email notifications routed through the Services.
Payment
Billing contact and transaction records. Card details are processed by our PCI-DSS-certified payment processor; Pipelyn does not store full card numbers.
Usage & device
Log data, IP address, device and browser type, pages viewed, feature usage, and approximate location derived from IP.
From integrations
Data from public agency feeds (e.g., HPD, DOB, OATH) and connectors you authorize, such as accounting, identity, and screening providers.
03 · Use

How we use information

We use the information we collect to:

  • Provide, operate, secure, and improve the Services and your account.
  • Coordinate field work — dispatching jobs, sending appointment and ETA updates, and routing per-job messages between owners and service providers.
  • Send notifications you or your account administrator have enabled, by text message, email, and in-app, as described in Sections 4 and 5.
  • Monitor compliance deadlines and generate filings, reports, and analytics.
  • Process payments, prevent fraud, and enforce our Terms.
  • Respond to support requests and communicate service and security updates.
  • Comply with legal obligations and protect the rights, safety, and property of Pipelyn, our customers, and the public.

We rely on the legal bases of contract performance, legitimate interests, consent (where required — including for marketing text messages), and legal obligation.

04 · Text messaging

SMS & text-message notifications

Pipelyn sends text-message (SMS/MMS) notifications through Twilio, our messaging subprocessor. Texts keep owners, managers, technicians, and job contacts informed about time-sensitive work without requiring everyone to be logged in.

Types of messages we send

  • Transactional & operational: job and work-order status, dispatch and ETA alerts, appointment and visit reminders, schedule changes, estimate and invoice notices, payment confirmations, and emergency or no-heat alerts.
  • Account & security: one-time passcodes, login verification, and critical account notices.
  • Optional marketing: product news, tips, and offers — sent only where you have separately opted in, and never as a condition of using the Services.
Consent, opt-out & the basics

By providing a mobile number and enabling text notifications, you consent to receive recurring automated messages from Pipelyn at that number. Consent is not a condition of purchase. Message frequency varies based on your activity and settings. Message and data rates may apply. You can opt out at any time by replying STOP to any message, or by turning off text notifications in your account settings. For help, reply HELP or email support@pipelyn.com.

STOP
Unsubscribes the number from further messages in that program. We send one confirmation, then stop.
HELP
Returns program help and our support contact details.
START
Re-subscribes a number that previously opted out.

Information shared with our messaging provider

To deliver these messages, the recipient’s mobile number, message content, and delivery metadata (such as timestamps and delivery status) are processed by Twilio on our behalf. Twilio acts as our subprocessor under a data-processing agreement and encrypts data in transit (TLS) and at rest. Its security certifications are listed in Section 7.

Carrier disclaimer

Mobile carriers are not liable for delayed or undelivered messages. Delivery is subject to carrier and network conditions. Standard message and data rates from your wireless provider may apply to each message sent or received.

Mobile information and consent to receive text messages are never sold, rented, or shared with third parties or affiliates for their own marketing or promotional purposes. Sharing is limited to the subprocessors and purposes needed to deliver the messages you have requested, as described in this policy.

05 · Electronic notices

Email & in-app electronic notifications

In addition to text messages, we deliver notices electronically by email and in-app — including operational alerts, compliance deadlines, document-ready notices, billing statements, receipts, and required legal and account communications. By using the Services you consent to receive these communications electronically. Your consent to receive legally required notices electronically, and how to withdraw it, is governed by the Electronic Communications & Consent section of our Terms & Conditions.

  • You control most notifications. Operational and marketing email and text preferences can be managed in your account settings or via the unsubscribe link in each marketing message.
  • Transactional and legal notices (security alerts, billing, and required disclosures) are part of the Services and may continue while your account is active.
06 · Sharing

How we share information

We do not sell your personal information. We share it only as needed to operate the Services:

  • Within your account: with the users, teammates, and counterparties you collaborate with — for example, an owner and a service provider on a shared job.
  • Subprocessors: vetted vendors that host our infrastructure, store data, deliver messages, process payments, and provide analytics and support tooling — each under contract and limited to instructions from us. See Section 7.
  • Integrations you authorize: accounting, identity, screening, and agency connectors you choose to enable.
  • Legal & safety: to comply with law, valid legal process, or to protect rights, safety, and the integrity of the Services.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.
07 · Security

Security & infrastructure certifications

We protect information with encryption in transit (TLS) and at rest, role-based access controls, network isolation, audit logging, least-privilege access, and routine penetration testing. No method of transmission or storage is perfectly secure, but we work to align our practices and our subprocessors with recognized industry standards.

The independent providers that operate our hosting, database, and messaging maintain the following certifications and attestations:

Cloud hosting & edge delivery

SOC 2 TYPE 2ISO 27001GDPRPCI DSS

Encrypted delivery, platform-wide firewall and DDoS mitigation, isolated multi-tenant architecture, and regular third-party penetration testing.

Managed database & auth

SOC 2 TYPE 2HIPAA-READYAES-256 AT REST

Dedicated Postgres with row-level security, encrypted backups, and controls audited annually against the SOC 2 Trust Services Criteria.

SMS & messaging (Twilio)

SOC 2 TYPE 2ISO 27001ISO 27017ISO 27018GDPRPCI DSS

TLS 1.2 in transit and AES-256 at rest, an ISO 27001-based security program, and dedicated information-security teams supporting independent audits.

Certifications reflect the published compliance posture of our subprocessors and may change as their programs and our vendor set evolve. A current list of subprocessors is available on request at legal@pipelyn.com.

08 · Retention

Data retention

We retain personal information for as long as your account is active and as needed to provide the Services, then for the period required to meet legal, tax, accounting, compliance-recordkeeping, and dispute-resolution obligations. Property, lease, and compliance records are often retained longer to support regulatory requirements. When information is no longer needed, we delete or de-identify it. Customers can request export or deletion of account data as described in Section 9.

09 · Your rights

Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to opt out of certain processing. These may include rights under the California Consumer Privacy Act (CCPA/CPRA), the EU/UK GDPR, and similar laws.

  • Access & portability: request a copy of your personal information.
  • Correction & deletion: ask us to fix or delete information, subject to legal retention.
  • Communication choices: manage text and email notifications in settings, reply STOP to texts, or unsubscribe from marketing email.
  • No sale / no targeted ads: we do not sell personal information or share it for cross-context behavioral advertising.

To exercise a right, email legal@pipelyn.com. We will verify your request and respond within the timeframe required by applicable law. Where Pipelyn processes data on behalf of a customer, we will refer your request to that customer. You will not be discriminated against for exercising your rights.

10 · Cookies

Cookies & analytics

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and understand usage so we can improve them. You can control cookies through your browser settings; disabling some may affect functionality. We use privacy-respecting analytics and do not use third-party advertising cookies for cross-site targeting. See our Cookie Policy for details.

11 · Children

Children's privacy

The Services are intended for businesses and adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact legal@pipelyn.com and we will delete it.

12 · Transfers

International data transfers

Pipelyn is based in the United States and processes information there. If you access the Services from outside the U.S., your information may be transferred to and processed in the U.S. and other countries with different data-protection laws. Where required, we rely on recognized transfer mechanisms — such as the EU-U.S. Data Privacy Framework commitments of our providers and Standard Contractual Clauses — to safeguard the data.

13 · Changes

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date and, where appropriate, notify you by email, text, or in-app notice. Your continued use of the Services after an update means you accept the revised policy.

14 · Contact

Contact us

Questions about this policy or your information? Reach our privacy team:

Privacy inquiries
legal@pipelyn.com
Support
support@pipelyn.com
Mailing address
Pipelyn, Inc. · New York, NY · United States

This Privacy Policy is provided for general informational purposes and is a template that should be reviewed and adapted with qualified legal counsel before publication. It does not constitute legal advice.

Privacy Policy · v3.0 · Effective May 29, 2026