Privacy Policy

Last updated: May 9, 2026

Pipelined ("we", "our", or "us") operates pipelined.net, an applicant tracking system for recruiters and hiring teams. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

By using Pipelined, you agree to the practices described in this policy.

Information We Collect

We collect the following types of information:

  • Account information — your name, email address, and profile photo, obtained via Google OAuth at sign-in.
  • Google Calendar data — with your explicit permission, we read your calendar events (read-only) to display upcoming interviews within the app. We do not store calendar event data on our servers.
  • Candidate data — names, email addresses, LinkedIn URLs, phone numbers, notes, and other information you enter manually about candidates.
  • Uploaded files — resumes and transcripts you upload are stored securely and associated with candidate records.
  • Usage data — basic logs such as page visits and API requests used to maintain service reliability.

How We Use Your Information

We use the information we collect exclusively to provide and improve the Pipelined service:

  • To authenticate you and maintain your session
  • To display your Google Calendar events within the app dashboard
  • To store and manage your candidate pipeline data
  • To associate uploaded files with candidate records
  • To maintain service security and fix bugs

We do not sell, share, or transfer your data to third parties for advertising or marketing purposes.

Google API Usage

Pipelined uses the Google Calendar API with read-only access (calendar.readonly scope). This means:

  • We can only read your calendar events — we cannot create, modify, or delete them.
  • Calendar data is fetched in real time and is not stored or cached on our servers.
  • You can revoke our access to your Google Calendar at any time via your Google Account permissions.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. Uploaded files are stored in protected cloud storage. All data is transmitted over HTTPS.

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, or destruction.

Data Retention

We retain your account data and candidate records for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.

Third-Party Services

Pipelined uses the following third-party services to operate the core product:

  • Supabase — database and file storage
  • Google OAuth & Calendar API — authentication and calendar integration
  • Anthropic — Claude API for generating job description and interview transcript summaries
  • Vercel — frontend hosting
  • Railway — backend hosting

The following services may process your data only when you explicitly connect them as AI integrations (see "AI Integrations and Connectors" below):

  • Anthropic (Claude.ai, Claude Cowork) — when authorized as an AI connector
  • OpenAI (ChatGPT) — when authorized as an AI connector
  • Other providers — any Model Context Protocol-compatible client you choose to connect

Each of these services has their own privacy policies governing how they handle data.

AI Integrations and Connectors

Pipelined supports connecting third-party AI tools — such as Claude.ai, Claude Cowork, and ChatGPT — to your account via the open Model Context Protocol. When you authorize an AI tool through our consent screen, that tool can read and modify your Pipelined data on your behalf during conversations you have with it.

What happens to your data: when an AI tool reads or writes your candidates, roles, or companies, the data passes through that tool's inference servers. For example, if you ask Claude to summarize a candidate's notes, those notes are transmitted to Anthropic for processing during that inference. The AI provider's own privacy policy governs how they handle the data they receive — they process it transiently to generate responses, not as a long-term data controller.

You're in control of which AI tools have access:

  • Connecting an AI tool requires explicit consent on a screen showing which app is requesting access and what it can do.
  • You can view and revoke any AI tool's access at any time from your profile settings under "Connected applications".
  • Disconnecting prevents the tool from future access. Cached credentials it already holds may continue to work for up to one hour before expiring.

What connected AI tools can and cannot do:

  • Read: companies, roles, candidates, contact information, notes, interview transcripts, and resume URLs.
  • Write: create new candidates, companies, and roles; update candidate notes and role statuses.
  • Cannot: delete records of any kind. Destructive operations remain in the web interface only.

By authorizing an AI tool, you accept that the data the tool accesses is subject to that provider's privacy policy in addition to ours. You may revoke any connection at any time without affecting your underlying Pipelined account.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Revoke Google Calendar access at any time

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Pipelined
Email: privacy@pipelined.net
Website: pipelined.net