Privacy Policy

1. Introduction

Pipedreamer Inc. ("we", "our", or "us") operates Kord, a version control and file comparison platform for hardware engineers. This Privacy Policy explains how we collect, use, and protect your information when you use our service at kord.pipedreamer.ai (the "Service").

2. Information We Collect

Account Information

When you sign in via Google or Microsoft OAuth, we receive your name, email address, and profile picture from the identity provider. We do not collect or store your password.

OAuth Tokens

If you connect your Google Drive or Microsoft OneDrive/SharePoint account, we store an encrypted refresh token to access your cloud files on your behalf. You can disconnect your account at any time from the Settings page, which deletes the stored token.

Files and Content

Files you upload or import are stored in our secure cloud storage (Supabase Storage). We extract text content from files solely to enable diff comparison and AI-assisted review features. We do not share your file content with third parties except as needed to provide the Service (e.g., file format conversion via CloudConvert).

Usage Data

We collect standard server logs and analytics data including IP addresses, browser type, and pages visited to maintain and improve the Service.

3. How We Use Your Information

• To authenticate you and provide access to the Service
• To access your Google Drive or OneDrive/SharePoint files when you explicitly link a folder
• To store and display your uploaded files and version history
• To enable file comparison, review workflows, and AI-assisted analysis
• To send folder invitation emails on your behalf
• To maintain, improve, and secure the Service

4. Google API Scopes

When you sign in with Google or connect Google Drive, we request the following scopes:

• drive.file — to create and manage files in Google Drive folders you link to Kord
• drive.readonly — to list and read files from your Google Drive for import and sync

We only access files in folders you explicitly link via the Google Drive folder picker. We do not access, modify, or delete any other files in your Google Drive. Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Sharing

We do not sell your personal data. We may share information with:

• Folder collaborators — members of folders you create or join can see shared files
• Service providers — we use Supabase (hosting and storage), Vercel (deployment), CloudConvert (file conversion), and Resend (transactional email) to operate the Service
• Legal requirements — if required by law or to protect our rights

6. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security (RLS) on all database tables, and signed URLs for file access. OAuth tokens are stored securely and can be revoked at any time.

7. Data Retention and Deletion

Your data is retained as long as your account is active. You can delete individual files, folders, and versions at any time. Disconnecting a cloud provider removes the stored refresh token immediately. To request full account deletion, contact us at the email below.

8. Your Rights

You have the right to access, correct, or delete your personal data. You can disconnect linked cloud accounts, delete your files and folders, and request account deletion. For any privacy-related requests, contact us at founders@pipedreamer.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at founders@pipedreamer.ai.