Legal
Privacy Statement
Which data PipeLaunch processes, for what purpose, how long we keep it and which parties are involved.
Last updated: 7 July 2026
Who is responsible
CyberMatic, located at Hofmanweg 5A, 2031 BH Haarlem, the Netherlands (Chamber of Commerce 96925469), is responsible for the processing of personal data as described in this statement. The statement applies to the PipeLaunch app and the related pages on cybermatic.nl. Contact: info@cybermatic.nl.
Our two roles
We process data in two roles:
- As controller for your account data, billing and support contact.
- As processor for the Pipedrive data that flows through the app via your buttons, such as the deal fields in a webhook payload. You decide per button which data that is and where it goes. If you want to sign a data processing agreement, email us.
Which data we process
- Account data: name and email address of the Pipedrive users who use the app, who holds a seat, and the details of your Pipedrive company (name, id, API domain).
- Connection data: the OAuth tokens the app uses to communicate with Pipedrive on your behalf, and your account's messaging API key.
- Billing data: company name, address, Chamber of Commerce number, VAT number, invoice email address, reference and the payment and subscription status.
- Button configurations: webhook URLs, HTTP headers (including any keys you put in them), field selections, button texts, groups and visibility rules.
- Messages and logs: we show your webhook's response in the panel and store it with the button, unless you turn off response logging per button. What that response contains is determined by the external system you connected.
- Support: emails you send us and our replies.
Purposes and legal basis
We use this data to:
- provide the app and run your buttons (performance of the agreement);
- invoice and keep our records (performance of the agreement and legal obligation);
- prevent abuse, trace errors and secure the service (legitimate interest);
- help you with support questions (performance of the agreement).
We do not sell data and do not use your data for advertising.
Sub-processors and recipients
The app and the database run at Scaleway in a data centre in Amsterdam. In addition we use these parties:
- Pipedrive: your CRM. The app reads the fields you configure per button and writes only what you configure, such as a log entry on the deal.
- Mollie: payments (iDEAL and SEPA direct debit).
- WeFact: creating and emailing invoices.
- Sentry: error tracking in production. Error reports are technical in nature; we do not include personal data by default.
- Endpoints chosen by you: the systems your launch buttons send to, such as Make, Zapier, n8n or your own API. You decide per button which fields go there; these parties receive that data on your behalf and are not sub-processors of ours.
Retention periods
- We keep account data, connection data and button configurations for as long as you use the app. If you remove the app from Pipedrive, the OAuth tokens are deleted automatically right away; the connection with your Pipedrive is then gone. If you also want us to erase the remaining account data, email info@cybermatic.nl.
- Messages and logged webhook responses are deleted together with the button they belong to. If you do not want them stored, turn off response logging per button.
- We keep invoices and payment records for 7 years (Dutch fiscal retention obligation).
Security
- All traffic runs over TLS. Every request from the panel is verified through the Pipedrive iframe JWT; routes are shielded by default (deny-by-default).
- Webhook URLs are validated before sending (SSRF protection) and every button action checks that the user belongs to the account and has the right permissions.
- Data is strictly separated per Pipedrive company (multi-tenant); there is never cross-company reading.
- The infrastructure runs within the EU (Amsterdam) and access keys are managed outside the codebase, in a secrets manager.
Your rights
For the data for which we are the controller, you have the right to access, rectification, erasure, restriction, portability and objection. Email your request to info@cybermatic.nl; we respond within 30 days. If it concerns data in your Pipedrive or in a connected external system, direct your request to the organisation managing that system. You can also file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Cookies
These pages use no tracking or analytics cookies. The website only remembers your language choice in a functional cookie. The app sets a functional session cookie during installation and login; the panel itself works without cookies, through a secured Pipedrive token.
Changes
We update this statement when the service or regulations require it. The current version is always on this page, with the date of the last change at the top.
Contact
CyberMatic · Hofmanweg 5A, 2031 BH Haarlem, the Netherlands · Chamber of Commerce 96925469
Questions about privacy? Email info@cybermatic.nl.