PipChat logo
PipChat!
Publicly Interactive Posts
Privacy Policy

Privacy Policy

How PipChat! collects, uses, shares, and protects information across its geo-social features, business tools, professional profiles, and community platform.

Last updated: June 6, 2026
Support: support@pipchat.in
Brand: PipChat! (mobile app)

Overview

This Privacy Policy explains how PipChat! (Publicly Interactive Posts) and its operator (“we”, “us”) collect, use, share, and protect information when you use the PipChat! mobile application and related services.

High-level: If you post something publicly, it is visible to other users. We collect what you give us and what the platform needs to function. We do not sell your personal data.

What data we collect

Account and profile data

  • Username, display name, avatar, bio, account type (Normal, Business, Government), verification status, and settings.
  • Phone number (for SMS verification), email address (for communications and account recovery).
  • Policy acceptance records: which policy version you accepted and when.
  • Subscription plan, billing status, and RevenueCat subscription identifiers.
  • Social graph data: who you follow, who follows you, and mutual friend connections (friend request records).

Content and activity data

  • Threads (public posts) and replies, including text, media attachments, and location metadata.
  • Community membership, roles, and community chat messages.
  • Status posts (text, images, videos) and associated reaction and viewer data. Status content expires from display after 24 hours but may be retained for moderation purposes.
  • Catalog items published by Business/Government accounts.
  • Reports and appeals you submit.
  • Reactions, upvotes, downvotes, and other engagement actions.

Professional profile data

  • Profession details and service descriptions you enter in your Professional Profile.
  • Service location data, which constitutes personally identifiable information and is stored with encryption at rest.
  • Geo-discoverable service listing data (profession category, operating area) used for map-based discovery.

Business Inbox and CRM data

For Business and Government account holders who use Business Inbox features:

  • Customer conversations: messages, timestamps, and conversation metadata.
  • CRM contact records: contact information, tags, notes, and custom fields for customers who have messaged you.
  • Broadcast and campaign data: message content, opted-in recipient lists, delivery status.
  • Automation rule configurations, chatbot flow definitions, and scheduled message records.
  • CSAT survey questions and customer responses.
  • Quick reply templates and away-reply configurations.
  • Internal notes and staff assignment records for conversations.

Forms data

  • Form definitions (questions, structure) created by Business/Government accounts.
  • Form responses submitted by users, including all field values provided.

Bookings and service data

  • Booking service configurations, slot schedules, and availability data.
  • Booking records: who booked, what was booked, when, and associated calendar events.
  • Booking-related notes and status updates.

P2P transaction and payment data

  • Transaction records: party identifiers, transaction type/rail, amount references, and status.
  • Transaction reputation data: aggregated trust signals derived from your P2P transaction history.
  • Payment method references: up to 8 per user. These are descriptive identifiers — we do not store full payment card numbers.

Location data (contextual)

  • Location used when you create posts, explore the map, or interact with location-based features. We do not continuously track background location.
  • Approximate geo-cell data derived from location inputs, used for content placement and discovery.

Communications data

  • Push notification tokens (via Expo Push Notifications) for delivering in-app notifications.
  • Phone number used for SMS (via Twilio) for verification and account security.
  • Email address used for transactional emails (via Brevo/Nodemailer), including verification, account actions, and policy notices.

Operational and security data

  • Request metadata: IP address, device/app/OS version, request timestamps.
  • Abuse-prevention signals, rate-limit counters, and security event logs.
  • Moderation records and evidence (see §Moderation pipeline).
  • Advertising identifiers (for free-tier users, via Google AdMob).

Publicly visible information

Content displayed on PipChat! is visible to other users. This includes:

  • Threads and replies pinned to an approximate location.
  • Communities and public content within them.
  • Catalog items published by Business/Government accounts.
  • Profile details you choose to expose: display name, avatar, bio, account type, plan badges.
  • Verification badges and trust signals.
  • Professional listings you publish for geo-discovery (profession category, operating area).
  • Status posts visible to your selected audience (followers, friends, or public depending on your plan).
  • Your public profile page may be accessible at web.pipchat.in/users/<username>.
Reminder: Don’t post personal information you don’t want others to see. Avoid sharing phone numbers, addresses, or other sensitive identifiers in public threads.

Moderation pipeline

We use automated and human review processes to enforce platform safety policies:

  • Image moderation: Uploaded images are analyzed using machine learning models (including NSFWJS/TensorFlow.js) to detect prohibited content. Flagged images may be reviewed by human moderators.
  • Video analysis: Uploaded videos are processed using FFmpeg to extract frames for content safety evaluation.
  • Text screening: Post content is screened against keyword lists in 12+ languages for prohibited content categories.
  • Minor user restrictions: Users under 18 are subject to additional content restrictions including blocks on certain media uploads, enforced server-side.
  • Moderation records: Results of automated and human review are stored as moderation records. Access to sensitive evidence is restricted to authorized safety workflows and is logged for audit.

Why we use data

  • To provide all platform features and account access.
  • To support geo-pinned content, map-based discovery, communities, and social features.
  • To operate Business Inbox, CRM, Forms, Bookings, and P2P transaction features.
  • To enable professional service listings and geo-discovery.
  • To deliver notifications (push, SMS, email) relevant to your activity.
  • To prevent abuse, enforce policies, and comply with law.
  • To run the moderation pipeline and protect community safety.
  • To derive trust signals and reputation scores that help the community assess credibility.
  • To maintain reliability, security, and product quality.

Sensitive and legal evidence data

Certain investigation fields and moderation evidence are restricted and available only in authorized legal/safety workflows. Access to sensitive evidence is logged for audit and accountability. Legal hold rules may retain data even if a user requests deletion.

Sharing and disclosure

We may share or disclose information in the following situations:

  • Service providers: Google Cloud Run (hosting), AWS S3/Cloudflare R2 (media storage), Expo (push notifications), Twilio (SMS), Brevo (email), RevenueCat (billing), Google AdMob (advertising for free-tier users), crash reporting, and analytics vendors.
  • Safety and legal: For lawful requests, legal process, fraud prevention, or safety response, including where there is risk of harm to minors.
  • Public content: Visible to other users per platform visibility rules.

We do not sell your personal information.

Billing and purchase data

Paid features/subscriptions use platform billing systems (Google Play Billing / Apple In-App Purchases) via RevenueCat. Regional pricing and currency display are handled by the app store during checkout. PipChat! does not receive or store your full payment card number.

Data retention

We retain data only as needed for product operation, safety, fraud prevention, legal obligations, and dispute handling.

  • Active content: Retained while your account is active and as long as needed for the platform’s operation.
  • Status posts: Expire from display after 24 hours but may be retained for moderation purposes.
  • Deleted accounts: When you delete your account, it is deactivated and your content is hidden. A 90-day legal retention window applies before permanent purge, to support safety investigations, legal compliance, and fraud prevention.
  • Legal hold: Some data may be retained beyond standard retention if required for active safety investigations or legal obligations.
  • Moderation records: May be retained beyond standard periods as required for safety and legal accountability.

Security

We apply technical and organizational safeguards, including encryption in transit (HTTPS/TLS), encryption at rest for sensitive fields (professional profile data), access controls, audit logging for sensitive data access, and security monitoring. However, no system can guarantee absolute security.

Your choices and rights

Depending on your location, you may have rights to access, correct, export, or delete certain personal data, and to object to certain processing.

  • To make a request, contact support@pipchat.in.
  • We may ask you to verify your identity before acting on requests.
  • Account deletion can be initiated from within the app. See §Data retention for the 90-day retention window.
  • Some rights may be limited by legal obligations, safety investigations, or fraud prevention requirements.

Children and minors

PipChat! is not intended for children under 13. If we learn a user is under 13, we will take steps consistent with applicable law, which may include immediate account restriction or deletion.

For users aged 13–17, we apply age-gated restrictions including blocks on certain media uploads and additional safety measures. Business Inbox and P2P payment features are restricted or unavailable to users under 18. If you believe a minor is at risk, please report it using the guidance in CSAE Safety Standards.

Cookies and tracking

On our website pages (like this one), we may use basic cookies or similar technologies for security, performance, and analytics (Google Analytics). The mobile app may use device identifiers and app diagnostics for reliability, abuse prevention, and advertising (Google AdMob for free-tier users).

International transfers

PipChat! may process data on servers in multiple countries. Our primary infrastructure runs on Google Cloud Run. Media is stored on AWS S3 and Cloudflare R2. Where required, we use appropriate safeguards for cross-border transfers.

Changes to this policy

We may update this Privacy Policy as PipChat! evolves. Continued use of the service after an update means you accept the revised policy. For significant changes, we will provide additional in-app notice and may require re-acceptance before continued use.

Contact

For privacy questions, please email support@pipchat.in.

For urgent safety issues involving minors, see CSAE Safety Standards.