Security

Security commitment.

Last updated · May 8, 2026

Pipestash handles GTM source material that can include customer conversations, account context, internal notes, and workflow details. Security is part of the engagement design, not an afterthought.

How we approach security

Pipestash is a small service-led agency, so our controls are practical and engagement-specific. We limit access to the data needed for the work, prefer read-only access where possible, and define stricter handling rules in the client agreement when a project calls for them.

Client data handling

We request access only to systems or exports needed for the approved scope.
We use least-privilege permissions and read-only access where the work allows it.
We treat client source material as confidential working data.
We do not train public AI models on client data.
We do not reuse one client's confidential material for another client.

AI and automation security

Pipestash may use AI tools, automation platforms, scripts, and data-processing services to deliver Revenue Brain work. For sensitive projects, vendor limits, approved processing methods, retention rules, or local-only handling should be written into the project agreement before work begins.

Operational controls

We use standard safeguards for the site and client work, including account-level access controls, credential hygiene, secure transfer practices, and separation between client materials. Where appropriate, data should be encrypted in transit and at rest by the tools or infrastructure used for the engagement.

Responsible disclosure

If you believe you found a security issue affecting pipestash.com or a Pipestash-controlled workflow, email [email protected]. Include the affected URL or system, a clear description, reproduction steps if available, and any screenshots or logs that help explain the issue.

Disclosure guidelines

Act in good faith.
Do not access, change, download, or delete data that is not yours.
Do not disrupt service availability or degrade other users' privacy.
Give us reasonable time to investigate and fix validated issues before public disclosure.

Pipestash does not currently run a public bug bounty program and does not offer payment for vulnerability reports.

Scope

This security page applies to pipestash.com and systems operated by Pipestash for its own business. Third-party services, client-owned systems, and client-managed infrastructure are outside this policy and should be reported to the responsible owner.

Questions

For security questions or vulnerability reports, contact [email protected].

Security contact

[email protected]