PipeGears Privacy Policy

Applies to the PipeGears marketing website (pipegears.com) and the PipeGears Product (the paid integration platform, regardless of specific URL).

Operator:: Towerlogic Inc., dba PipeGears
Jurisdiction:: Quebec, Canada
Effective date:: 2026-04-19
Last updated:: 2026-04-19

1. Who we are

PipeGears is a B2B integration platform operated by Towerlogic Inc., a corporation incorporated under the laws of Quebec, Canada, with its principal place of business in Montreal, Quebec. References to "PipeGears", "we", "us", and "our" in this policy refer to Towerlogic Inc. operating under the PipeGears brand.

This policy explains what personal information we collect, why we collect it, who we share it with, where it is stored or transmitted, how long we keep it, and what rights you have under applicable privacy law, including the Quebec Act respecting the protection of personal information in the private sector (RLRQ c. P-39.1, as modernized by Law 25) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Privacy Officer

The Person in Charge of the Protection of Personal Information for Towerlogic Inc. and PipeGears (Personne responsable de la protection des renseignements personnels), as required by section 3.1 of the Quebec Act, can be reached at privacy@pipegears.com.

3. What this policy covers

This policy covers the personal information we process through:

The PipeGears website at pipegears.com, our public marketing website (referred to in this policy as "the Website"). Visitors can browse content and submit a contact form to reach us.
The PipeGears Product, our paid integration platform (referred to in this policy as "the Product"). The Product is delivered through multiple URLs, including subdomains of pipegears.com (such as the customer-facing console, preview environments, and developer documentation) and other domains we operate from time to time. Some parts of the Product require authentication; some parts (such as public documentation) do not.

Where the treatment of personal information differs between the Website and the Product, or between authenticated and unauthenticated parts of the Product, we say so explicitly.

4. Personal information we collect, and why

4.1 On the Website

Category	Source	Purpose	Legal basis
Contact form submissions: name, email address, message text, optional company name	You, when you submit our contact form	To respond to your inquiry, schedule a follow-up, and assess whether PipeGears might be a fit for your organization	Consent (you choose to send the form)
Server access logs: IP address, request URL, timestamp, browser user-agent, referring URL	Automatically, when you visit any page	To operate and secure the website, diagnose issues, and detect abuse	Legitimate operational interest under PIPEDA; collection of technical information necessary to deliver the requested service under the Quebec Act

We do not run third-party analytics, advertising pixels, marketing trackers, session-replay tools, or chat widgets on the Website. We do not set any cookies on the Website.

4.2 Within the Product

When you are authenticated on the Product (for example, logged in to the customer console to configure and operate integrations), we collect:

Category	Source	Purpose
Account information: full name, business email address, organization name, role/title (optional)	You, at signup, or your organization administrator on your behalf	To create and authenticate your user account, associate it with your organization's tenant, and communicate service-related information
Authentication state: a single, strictly-necessary session cookie	Set when you log in	To keep you logged in for the duration of your session
Application logs: actions you take within the Product, integration configurations you create, errors and diagnostic events	Automatically as you use the Product	To operate the Product, support you when you ask for help, investigate issues, and meet our security and audit obligations
Customer data your organization processes through PipeGears (which may include personal information about your end users, employees, or contacts)	Your organization, via the integrations you configure	To deliver the contracted integration service. We process this data on behalf of your organization, which remains the controller. The terms governing this processing are set out in the Master Services Agreement and Data Processing Agreement between PipeGears and your organization.

When you access unauthenticated parts of the Product (for example, public documentation), we collect only the server access log information described in section 4.1.

We do not run third-party analytics, advertising pixels, marketing trackers, or session-replay tools on any part of the Product.

5. Sub-processors and where your information is stored

To deliver the service, PipeGears uses a small number of third-party service providers ("sub-processors"). The current list is:

Sub-processor	Role	Region of processing
Amazon Web Services Inc. (AWS)	Hosting of the Product (compute, storage, databases, runtime components) and of the Website (pipegears.com), including processing of contact form submissions before they are sent via SES	Canada (Montreal area); certain control-plane metadata may transit U.S. infrastructure
Amazon Simple Email Service (AWS SES)	Sending of transactional email from the Website (contact form acknowledgements) and from the Product when customers configure the System Email connector in their flows	United States (us-east-1, Northern Virginia)
Google LLC (Google Workspace)	Receiving and processing email correspondence (including incoming contact form messages) and team calendaring	United States

We require each sub-processor to be bound by a written agreement that includes confidentiality, security, purpose limitation, and breach notification obligations. We review the list periodically and update this policy when it changes.

We do not sell personal information. We do notshare personal information with third parties for those parties' own marketing purposes.

6. Transfers outside Quebec

Some of the sub-processors listed above store or process personal information outside Quebec, including in the United States. Specifically:

Google Workspace processes data in the United States
AWS SES transactional email is processed in the United States (us-east-1)
AWS hosting of the Product and of the Website (pipegears.com) is located in the Montreal area of Canada; certain AWS operational metadata may transit U.S. infrastructure

Before transferring personal information outside Quebec, we conduct a privacy impact assessment as required by section 17 of the Quebec Act. The assessment considers the legal regime of the destination jurisdiction, the safeguards in the contract with the recipient, and the sensitivity of the information. We retain those assessments on file and can describe them on request.

By using PipeGears, you understand that your personal information may be subject to the legal regime of jurisdictions outside Quebec, including the United States. Where you have entered into a Data Processing Agreement with us as a customer, the safeguards that apply to data we process on your organization's behalf are set out in that agreement.

7. How long we keep personal information

Category	Retention
Contact form submissions and related correspondence (where the inquiry does not become a customer relationship)	Up to 24 months from the last contact, then deleted
Customer account information (console)	For the duration of the customer relationship, plus 24 months for our records and to handle potential disputes, then deleted or anonymized
Customer-controlled content and configurations (console)	For the duration of the customer relationship, plus a 90-day post-termination wind-down for export, then deleted, unless the customer instructs otherwise in writing or law requires longer retention
Application logs	Up to 12 months, then deleted or aggregated
Server access logs (marketing site and console)	Up to 90 days, then deleted
Records required by law (tax, accounting, regulatory)	For the period required by the applicable statute

We document and review these retention periods at least annually.

8. Cookies and similar technologies

The Website (pipegears.com): no cookies are set, including by third parties. No analytics, no marketing pixels, no session-replay, no chat widgets.
The Product: a single strictly-necessary session cookie is set when you log in, and is used solely to keep you authenticated for the duration of your session. No other cookies are set on the Product.

Because the Product's session cookie is strictly necessary to deliver the service you have logged in to use, we do not present a separate consent banner for it, in line with section 8.1 of the Quebec Act. The cookie is disclosed here for transparency.

9. Automated processing of personal information

PipeGears does not currently make decisions about you exclusively through automated processing of personal information. If we do so in the future, we will provide the disclosures required by section 12.1 of the Quebec Act on or before the decision is communicated.

10. Your rights

Under the Quebec Act and other applicable law, you have the right to:

Access the personal information we hold about you and obtain a copy.
Rectify information that is inaccurate, incomplete, or ambiguous.
Erase information whose collection is not authorized by law, or de-index information whose dissemination causes serious injury and is disproportionate to the public interest.
Withdraw consent to processing where consent is the legal basis.
Object to a decision based exclusively on automated processing.
Receive your information in a structured, commonly used technological format (data portability), where applicable.
File a complaint with us, and with the Commission d'accès à l'information du Québec (CAI).

To exercise any of these rights, contact the Privacy Officer at privacy@pipegears.com. We will respond within 30 days of receiving your request, as required by section 32 of the Quebec Act. If we need more time, we will tell you why and when you can expect a response. We may need to confirm your identity before acting on a request.

11. How to file a complaint

If you believe we have not handled your personal information appropriately:

Contact our Privacy Officer first at privacy@pipegears.com. We take complaints seriously and will work to resolve them.
If you are not satisfied with our response, you have the right to file a complaint with the Commission d'accès à l'information du Québec:
- Web: https://www.cai.gouv.qc.ca
- Mailing address: 2045, rue Stanley, bureau 900, Montréal (Québec) H3A 2V4
If you are outside Quebec, you may also have the right to complain to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca) or the privacy regulator in your province.

12. Security

We protect personal information using reasonable technical and organizational safeguards. If we experience a confidentiality incident that creates a risk of serious injury to you, we will notify you and the Commission d'accès à l'information du Québec with diligence, as required by sections 3.5 to 3.8 of the Quebec Act.

13. Languages

This policy is published in English and in French. Each version has equal authority.

14. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Last updated" date at the top and notify customers of material changes through the console or by email.

15. Contact

Privacy Officer (Personne responsable de la protection des renseignements personnels): privacy@pipegears.com

Mail: Towerlogic Inc., 6500 Trans-Canada Hwy, Suite 400, Pointe-Claire (Québec) H9R 0A5, Canada

See also the PipeGears Website Terms of Use.