Privacy Notice (Privacy Policy)

This Privacy Notice explains how Cocopipe OÜ (“Cocopipe”, “we”, “our”, or “us”) collects, uses, stores, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

It applies to:

Visitors and users of https://cocopipe.com (marketing website, blogs, contact forms, etc.), and
Registered users of the Cocopipe App (our SaaS platform for CRM and sales pipeline management).

For any privacy inquiries, contact: [email protected]

1. Data Controller

Cocopipe OÜ acts as the data controller for personal data processed through both its website and application.

Cocopipe may engage trusted third-party data processors (e.g., hosting, payment, analytics, or communication providers) to support operations, all of whom are contractually bound to comply with GDPR.

Section A – Privacy Notice for Website Visitors

2. Scope

This section applies to individuals visiting or interacting with Cocopipe’s websites, including https://cocopipe.com and related subdomains (the “Website”).

3. Data We Collect

We may collect the following categories of personal data:

Technical Data: IP address, browser type, device identifiers, operating system, referral URL.
Analytics Data: usage statistics, page views, time on site, click events.
Form Data: name, email address, company name, and message when you fill out a contact or newsletter form.

Cookies and Tracking: small data files stored on your device to improve functionality, analytics, and marketing.

4. Purposes and Legal Bases

5. Cookies and Tracking Technologies

Cocopipe uses cookies and similar technologies for:

Essential functions (e.g., login sessions, navigation),
Analytics (e.g., Google Analytics with anonymized IPs),
Marketing (e.g., email signup tracking, retargeting ads).

You can control your preferences through our on-site Cookie Settings banner or browser options. For details, see our separate Cookie Policy.

6. Third-Party Tools

Our Website may use external services such as analytics, social media widgets, or embedded videos (e.g., YouTube, LinkedIn).

These third parties may collect personal data through their own technologies; Cocopipe does not control their tracking methods.

Please review their respective privacy policies for more information.

7. Data Retention

Analytics and log data are retained for up to 26 months.
Contact form submissions and newsletter data are retained for up to 12 months or until you withdraw consent.
Cookies expire according to the preferences selected in the Cookie Settings banner.

8. International Transfers

Website data may be processed by third-party vendors located outside the EU/EEA. Where applicable, Cocopipe ensures adequate safeguards such as Standard Contractual Clauses (SCCs).

Section B – Privacy Notice for Cocopipe App Users

9. Scope

This section applies to individuals or organizations who create an account and use the Cocopipe App (free, trial, or paid).

10. Scope

We process the following categories of data when you register or use the App:

Account Data: name, email address, password, company, team members.
Billing Data: payment method, billing address, VAT number (processed via secure third-party payment processors).
Usage Data: login times, activity logs, device/browser info, IP address.
Customer Data: contacts, deals, notes, and content you upload into your Cocopipe account.
AI Data: prompts and outputs generated through CocoAI (processed for feature delivery and anonymized improvement).
Support Data: communications with our support or technical team.

11. Purposes and Legal Bases

12. Data Sharing and Subprocessors

We may share limited personal data with carefully selected subprocessors, including:

Hosting providers (EU-based data centers),
Payment processors (PCI-DSS certified),
Email and communication tools,
Analytics or monitoring providers.

13. International Data Transfers

Customer data is primarily stored in the European Union (EU). If transferred outside the EU, Cocopipe implements safeguards under GDPR Chapter V (e.g., SCCs or adequacy decisions).

14. Data Retention

Cocopipe retains Customer Data while the account is active. Upon deletion, all Customer Data (including contacts, deals, tasks, and files) is permanently deleted after 30 days, except for anonymized backups retained up to 90 days for security purposes.

15. Security

Cocopipe uses technical and organizational measures including:

Data encryption in transit and at rest,
Role-based access control (RBAC),
Network intrusion detection,
Periodic audits of subprocessors (ISO 27001 / SOC 2 / equivalent).

16. Your Rights

As a data subject, you have the right to:

Access and obtain a copy of your personal data,
Rectify inaccuracies,
Request deletion (“right to be forgotten”),
Restrict or object to certain processing,
Request data portability,
Lodge a complaint with your local authority or the Estonian Data Protection Inspectorate.

To exercise these rights, contact [email protected]. Cocopipe will respond within one month in compliance with GDPR.

17. Automated Processing and AI Outputs

Cocopipe does not use automated decision-making that produces legal or significant effects. AI outputs generated via CocoAI are for informational purposes only and are not guaranteed to be accurate, complete, or suitable for reliance.