Privacy Policy
Last Updated: December 14, 2025
Plain English Summary
We collect what you share with us (messages, family info, account details) and basic usage data (device type, when you use the app). We use it to make Pip work, personalize your experience, and improve the service with anonymized data. We don't sell your data. You can delete it anytime. Kids under 18 get extra privacy protections. Third-party AI providers (Anthropic and Google AI) process your messages to generate responses. You can optionally connect Gmail and Google Calendar—you control these integrations and can disconnect anytime.
Your Privacy Matters
1. Introduction
Welcome to Pip. We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our family AI assistant application.
By using our App, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information You Provide
- • Account Information: Name, email address, profile picture, and authentication credentials
- • Family Profile Information: Family member names, relationships, nicknames, and preferences
- • Chat Messages: Conversations with our AI assistant, including text, images, and files
- • Notes and Preferences: Personal notes, settings, and customizations
Automatically Collected Information
- • Device Information: Device type, operating system, unique device identifiers
- • Usage Data: Features used, time spent in the App, interaction patterns
- • Log Data: IP address, browser type, access times, pages viewed
- • Location Data: General location (country/region) based on IP address
3. How We Use Your Information
Provide Service
Operate and deliver our AI assistant functionality
Personalization
Customize your experience based on your family context
Communication
Send service-related notifications and security alerts
Enhancement
Improve response quality and features using anonymized data
Security
Detect, prevent, and address technical issues and fraud
Legal Compliance
Comply with applicable laws and regulations
Important: We Do Not Train AI Models
4. What We Never Do
- ✗ Sell your personal data
to advertisers, data brokers, or any third parties
- ✗ Share family conversations for marketing
Your private conversations stay private
- ✗ Track you across other websites or apps
We only collect data within Pip
- ✗ Use children's data for anything beyond the service
Kids get the highest level of privacy protection
5. Data Sharing and Disclosure
AI Service Providers
Pip uses the following third-party AI services:
- • Anthropic - Provides Claude models for natural language understanding
- • Google AI (Gemini) - Provides Gemini models for natural language generation
These providers process your messages to generate AI responses. We contractually require them to protect your data.
Within Your Family Group
Information you share within your family group is accessible to other members of your family group as defined in the App.
Legal Requirements
We may disclose your information if required by law or in response to valid requests by public authorities.
6. Third-Party Integrations (Google Services)
Why Pip Connects to Your Services
We all have places to be, things to read, messages to respond to. Managing it all can feel overwhelming—and it shouldn't have to be.
Pip exists to reduce cognitive load. We believe everyone deserves an assistant that has your back—one that helps you stay on track, manage your days, and focus on what actually matters. Not everyone has access to that kind of support, but we think everyone should.
That's why Pip connects to your email and calendar. Not to collect data, but to genuinely help—summarizing your inbox, drafting replies, scheduling meetings, and keeping your day organized. It's support that works for you, on your terms.
These integrations are entirely optional—you choose whether to connect them, and you can disconnect at any time.
How Integrations Work
- 1. You initiate the connection — Integrations are never automatic. You must explicitly choose to connect each service in Settings.
- 2. You authorize access directly with Google — When you connect, you're redirected to Google's login page where you review and approve the specific permissions Pip is requesting.
- 3. You can disconnect anytime — Remove access instantly from Settings. We immediately delete your connection tokens.
📧 Gmail Integration
Connect your Gmail to let Pip help manage your email—read messages, draft replies, and organize your inbox.
Permissions requested:
- • Read, compose, send, and organize your emails
- • View your email address (to show which account is connected)
What Pip does: Summarizes your inbox, drafts replies, forwards messages, and helps organize emails when you ask.
What Pip never does: Access your email without your explicit request, delete emails permanently, or share your email content with anyone.
📅 Google Calendar Integration
Connect your Google Calendar to let Pip help manage your schedule—view events, create meetings, and check your availability.
Permissions requested:
- • View and edit events on your calendars
- • View your calendar list
- • View your email address (to show which account is connected)
What Pip does: Shows your schedule, creates and updates events, sends meeting invitations, and checks availability when you ask.
What Pip never does: Access your calendar without your explicit request, delete events without confirmation, or share your schedule with anyone.
Token Security
Your integration credentials (OAuth tokens) are stored securely using WorkOS Vault, an industry-standard secrets management service. Tokens are encrypted at rest and never exposed in logs or error messages. When you disconnect an integration, tokens are immediately and permanently deleted.
Google API Services User Data Policy
Pip's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.
7. Data Security
- ✓ Encryption of data in transit (TLS/SSL) and at rest
- ✓ Secure authentication using industry-standard protocols
- ✓ Regular security audits and monitoring
- ✓ Access controls limiting employee access to personal data
Data Breach Notification
In the unlikely event of a data breach:
- ✓ 72-hour notification via email and in-app
- ✓ Clear explanation of the incident
- ✓ Information about what data was affected
- ✓ Steps we're taking and recommended actions for you
8. Data Retention
Retention Periods
- • Account Data: Retained while your account is active
- • Chat Messages: Retained to provide personalized service
- • Usage Data: Retained for service improvement and security
- • Legal Obligations: Some data may be retained longer for compliance
Account Deletion
If you request account deletion, we will delete your personal data within 30 days. After this period, your data will be permanently deleted and cannot be recovered.
9. Your Privacy Rights
Access
Request access to your personal information
Correction
Request correction of inaccurate information
Deletion
Request deletion of your personal information
Portability
Request a copy in machine-readable format
Opt-Out
Opt out of certain data processing
Objection
Object to certain data processing activities
10. Children's Privacy
Our App is designed for family use, including children under 13. We comply with COPPA and similar regulations.
- ✓ Verifiable parental consent required before collecting children's information
- ✓ Parents can review, delete, or refuse further collection
- ✓ Same security measures apply to children's data as adult user data
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy:
This Privacy Policy constitutes a legally binding agreement between you and Pip regarding your use of the App. By using our App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.