Privacy Policy

Last Updated: May 23, 2026

Plain English Summary

We collect what you share with us (messages, family info, account details) and basic usage data (device type, when you use the app). We use it to make Pip work, personalize your experience, and improve the service with anonymized data. We don't sell your data. You can delete it anytime. Kids under 18 get extra privacy protections. Leading AI providers (including Google and Anthropic) process your messages to generate responses. You can optionally connect Gmail and Google Calendar—you control these integrations and can disconnect anytime.

Your Privacy Matters

We do not sell your personal data
No marketing data sharing
Service providers are contractually bound
Your family data belongs to you

1. Introduction

Welcome to Pip. We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI assistant application.

By using our App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account Information: Name, email address, profile picture, and authentication credentials
  • Family Profile Information: Family member names, relationships, nicknames, and preferences
  • Chat Messages: Conversations with our AI assistant, including text, images, and files
  • Notes and Preferences: Personal notes, settings, and customizations

Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features used, time spent in the App, interaction patterns
  • Log Data: IP address, browser type, access times, pages viewed
  • Location Data: General location (country/region) based on IP address
  • Operational Metrics: Latency, response timing, model cost, and which tools the assistant used — operational signals about how the service runs, never the contents of your conversations

3. How We Use Your Information

Provide Service

Operate and deliver our AI assistant functionality

Personalization

Customize your experience based on your family context

Communication

Send service-related notifications and security alerts

Enhancement

Improve response quality and features using anonymized data

Security

Detect, prevent, and address technical issues and fraud

Legal Compliance

Comply with applicable laws and regulations

Important: We Do Not Train AI Models

Pip does not train or own AI models. We may use anonymized data to enhance the service, but we never use your data to train AI models. Our AI capabilities are provided by third-party services who have their own data usage policies.

4. What We Never Do

  • Sell your personal data

    to advertisers, data brokers, or any third parties

  • Share family conversations for marketing

    Your private conversations stay private

  • Track you across other websites or apps

    We only collect data within Pip

  • Use children's data for anything beyond the service

    Kids get the highest level of privacy protection

5. Data Sharing and Disclosure

AI Service Providers

Pip uses leading third-party AI services to power conversations. Current providers include:

  • Google — Gemini models for natural language understanding and generation
  • Anthropic — Claude models for natural language understanding and generation

These providers process your messages to generate AI responses. We contractually require them to protect your data. We may add or change providers as the AI landscape evolves; we'll keep this list current.

Within Your Family Group

Information you share within your family group is accessible to other members of your family group as defined in the App.

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

6. Third-Party Integrations (Google Services)

Why Pip Connects to Your Services

We all have places to be, things to read, messages to respond to. Managing it all can feel overwhelming—and it shouldn't have to be.

Pip exists to reduce cognitive load. We believe everyone deserves an assistant that has your back—one that helps you stay on track, manage your days, and focus on what actually matters. Not everyone has access to that kind of support, but we think everyone should.

That's why Pip connects to your email and calendar. Not to collect data, but to genuinely help—summarizing your inbox, drafting replies, scheduling meetings, and keeping your day organized. It's support that works for you, on your terms.

These integrations are entirely optional—you choose whether to connect them, and you can disconnect at any time.

How Integrations Work

  • 1. You initiate the connection — Integrations are never automatic. You must explicitly choose to connect each service in Settings.
  • 2. You authorize access directly with Google — When you connect, you're redirected to Google's login page where you review and approve the specific permissions Pip is requesting.
  • 3. You can disconnect anytime — Remove access instantly from Settings. We immediately delete your connection tokens.

Gmail Integration

Connect your Gmail to let Pip help manage your email—read messages, draft replies, and organize your inbox.

Permissions requested:

  • Read, compose, send, and organize your emails
  • View your email address (to show which account is connected)

What Pip does: Summarizes your inbox, drafts replies, forwards messages, and helps organize emails when you ask.

What Pip never does: Access your email without your explicit request, delete emails permanently, or share your email content with anyone.

Google Calendar Integration

Connect your Google Calendar to let Pip help manage your schedule—view events, create meetings, and check your availability.

Permissions requested:

  • View and edit events on your calendars
  • View your calendar list
  • View your email address (to show which account is connected)

What Pip does: Shows your schedule, creates and updates events, sends meeting invitations, and checks availability when you ask.

What Pip never does: Access your calendar without your explicit request, delete events without confirmation, or share your schedule with anyone.

Token Security

Your integration credentials (OAuth tokens) are stored securely using WorkOS Vault, an industry-standard secrets management service. Tokens are encrypted at rest and never exposed in logs or error messages. When you disconnect an integration, tokens are immediately and permanently deleted.

Google API Services User Data Policy

Pip's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

7. Data Security

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication using industry-standard protocols
  • Regular security audits and monitoring
  • Access controls limiting employee access to personal data

Data Residency

Your data is stored in the European Union (Stockholm, Sweden) on Google Cloud infrastructure. Storage is encrypted at rest using Google-managed keys, and all connections are protected with TLS in transit. Backups are managed by Google Cloud and also encrypted at rest.

Error Reporting

We use Sentry (hosted in the EU) to capture crash and error reports so we can fix problems quickly. Reports include technical details about what went wrong, but a PII scrubber removes identifiers and message contents before they leave your device.

Data Breach Notification

In the unlikely event of a data breach:

  • 72-hour notification via email and in-app
  • Clear explanation of the incident
  • Information about what data was affected
  • Steps we're taking and recommended actions for you

8. Data Retention

Retention Periods

  • Account Data: Retained while your account is active
  • Chat Messages: Retained as long as your account is active, so Pip can reference earlier discussions when helpful. You can delete an individual conversation at any time from the chat sidebar, or delete your entire account to permanently remove all data.
  • Usage Data: Retained for service improvement and security
  • Legal Obligations: Some data may be retained longer for compliance

Account Deletion

If you request account deletion, we will delete your personal data within 30 days. After this period, your data will be permanently deleted and cannot be recovered.

9. Your Privacy Rights

Access

Request access to your personal information

Correction

Request correction of inaccurate information

Deletion

Request deletion of your personal information

Portability

Request a copy in machine-readable format

Opt-Out

Opt out of certain data processing

Objection

Object to certain data processing activities

10. Children's Privacy

Our App is designed for family use, including children under 13. We comply with COPPA and similar regulations.

  • Verifiable parental consent required before collecting children's information
  • Parents can review, delete, or refuse further collection
  • Same security measures apply to children's data as adult user data

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy:

Email:

[email protected]

Formal data requests (access, deletion, portability) are answered within 30 days, as required by GDPR. General questions usually get a faster reply.

This Privacy Policy constitutes a legally binding agreement between you and Pip regarding your use of the App. By using our App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.