By TxPipe

Privacy Policy

Introduction

This document describes data privacy policy applying to Demeter.run, hosted by TxPipe LLC. ("TxPipe", "we", "us" and/or "our") at https://demeter.run (“Site”). TxPipe provides a cloud platform for on-demand deployment, related hosting and sharing services and analytics tools hereinafter referred to as, "Services".

In order to provide our Site and Services (collectively, "Platform"), we collect personal data from our customers ("Customers"). We also collect and/or host the personal data of our Customer's end users ("End Users") when our Customers' websites are hosted by TxPipe or our Customers use our Services.

Throughout this Privacy Policy, "personal information" or "personal data" refers to any information that is linked or reasonably linkable to an identified or identifiable individual. This definition excludes de-identified data or publicly available information. The scope of this definition aligns with the Delaware Code, specifically Title 6, Subtitle II, Chapter 12D, Section 12D-102.

This Privacy Policy outlines how we collect, handle, and disclose personal data on our Platform in compliance with U.S. federal and state laws. This includes any affiliated websites, software, or platforms owned or operated by TxPipe where this Privacy Policy is displayed. While we store End Users' personal data, this Policy does not cover how or why our Customers may collect, handle, and disclose their End Users' personal data when they visit or use their websites or platforms.

We recommend that you read this Privacy Policy carefully, as it provides important information about your personal data and your rights under U.S. laws. If you have any questions, comments, or concerns regarding this Privacy Policy or our data practices, or if you would like to exercise your rights, please contact us at hello@txpipe.io or refer to our contact information below.

Data collection

Information you provide us

TxPipe is dedicated to the stringent compliance with applicable laws. Consequently, we undertake all necessary measures to ensure adherence to forthcoming regulations. All data and content uploaded to our website are protected and governed by the "Delaware Personal Data Privacy Act; Title 6, Subtitle II, Chapter 12D of the Delaware Code," effective January 1, 2025. In a framework of trust with our users and authorities, TxPipe has adhered to this regulation since 2024, even prior to its official effective date.

All information collected by Demeter is voluntarily provided by you, with full awareness and capability (e.g., service registrations). Our customers are presumed to act in good faith when disclosing their personal data to us, in accordance with "Delaware Code, Title 6, Subtitle I, Part 3, Articles 1-304."

Account information

We receive this type of information when you create an account to receive Demeter services, including our free tier service. This can include your name, email address and profile picture, which are mandatory for an account creation. This information is your "Account Information" for the purposes of this Privacy Policy.

Additionally, we provide the option to sign up and log in to our services using third-party integrations such as Google or Github. If you choose to use this method, we receive your email address and name from these platforms. The information we receive is governed by the privacy policies and settings of those third-party platforms.

Account Information is required to identify you as a Customer and permit you to access your account(s). By voluntarily providing us with such Account Information, you represent that you are the owner of such personal data or otherwise have the requisite consent to provide it to us.

Customer Payment Information

It is not mandatory that you enter your credit card information unless and until you decide to continue with a paid subscription to our Services or if you decide to make any online purchase through our Platform. When you sign up for one of our paid Services, you must provide billing information. This might include billing contact, street address, city, state, zip code, phone number or email address. The information you will need to submit depends on which billing method you choose. In order to process your payment Information, we use a PCI-compliant third-party processor called Stripe.

This information is processed by our payment service provider and we receive a confirmation of payment, which we then associate with your Account Information and any relevant transactions. While our administrators are able to view and track actual transactions via customer portals. Under no circumstances does Demeter have access to, nor can it process your credit card information.

Information We Collect Indirectly

Information About your Device

This is information about the devices and software you use to access the Site primarily;

(i) The internet browser or mobile device that you use, (ii) The website or source that linked or referred you to the Site, your IP address or device ID (or Other persistent identifier that uniquely identifies your computer or mobile device on the Internet), (iii) The operating system of your computer or mobile device, device screen size, and other similar technical information regarding this subject.

We collect this information for the sole purpose of improving its service, by analyzing the market and the characteristics of its customers.

Demeter or TxPipe does not use this information for commercial purposes with third parties companies (e.g.: sale of personal data for marketing; creation of psychographic profiles for purposes other than those specified, surveys, etc). Our operations are in accordance with the guidelines set forth in the Title 6 Subtitle II Section 12D-110 Delaware Code.

Usage Information

Demeter gathers information about your interactions with the Platform, including access dates and times, hardware and software information, device event information, log data, crash data, cookie data. This information allows us to understand the screens that you view, how you've used the Platform (which may include administrative and support communications with us), and other actions on the Platforms. We, or authorized third parties, automatically collect log data when you access and use the Platform, even if you have not created an account or logged in. We use this information to administer and improve our Services, analyze trends, track users' use of the Platform, and gather broad demographic information for aggregate use. All in compliance with Title 6 Subtitle II Chapter 12D Section 12D-108 Delaware Code.

Location Information

We use third parties apps, such as Google Analytics to map the general location to which each IP address corresponds ("Location Information"). The Location Information that is mapped from an IP address is limited to country and city – we do not identify precise location. We use Location Information in order to more effectively provide our Services to our Customers. In addition, as part of our Services, we also share Location Information (based on End Users’ IP addresses) to our Customers, so that they may also more effectively provide their products and services to their End Users.

Information We Process on Behalf of Our Customers

As mentioned above, we deploy and host websites and provide other analytics tools for our Customers. These Customers may collect personal information from their End Users in connection with the products or services that they offer to End Users.

Because we host our Customers' websites and provide other analytics tools, we process End Users' information when they use our Customers' websites, web applications, and APIs. This information may also include, but is not limited to, IP addresses, system configuration information, and other information about traffic to and from Customers' websites (collectively, the "Log Data"), as well as Location Information derived from IP addresses.

We do not, however, collect or process End Users’ IP addresses through the use of our analytics Services. All of this information is stored on our Platform as part of our Services, but Customers are responsible for the content transmitted across our network (e.g., images, written content, graphics, etc.), as well as any personal information they collect. Customers are also solely responsible for notifying their End Users of their personal information collection, use, and disclosure.

With respect to Log Data, we collect and use Log Data to operate, maintain, and improve our Services in performance of our obligations to our Customers. For example, Log Data can help us to detect new threats, identify malicious third parties, and provide more robust security protection for our Customers.

Consumer Rights Regarding the use of Personal Data

All the personal data uploaded by our customers to our platform is protected and regulated by the "Delaware Personal Data Privacy Act; Title 6 Subtitle II Chapter 12D Delaware code".

Under the above mentioned law, the consumer has the right to:

Confirm whether a responsible controller is processing the consumer's personal data and access such data, unless this confirmation or access would require the controller to disclose a trade secret.

Correct inaccuracies in the consumer's personal data, considering the nature of the data and the purposes for which it is being processed.

Delete personal data provided by or obtained about the consumer.

Obtain a copy of the consumer's personal data processed by the controller in a portable and, to the extent technically feasible, easily usable format, enabling the consumer to transmit the data to another controller without hindrance when processing is carried out by automated means. The controller is not required to disclose any business secrets.

Obtain a list of the categories of third parties to whom the controller has disclosed the consumer's personal data.

Accordingly, our obligations and responsibilities regarding your personal data include:

Limiting the collection of personal data to what is adequate, relevant, and reasonably necessary for the purposes of processing, as disclosed to the consumer.

Not processing personal data for purposes that are not reasonably necessary or compatible with the disclosed processing purposes unless the controller obtains the consumer's consent.

Establishing, implementing, and maintaining reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data in accordance with its volume and nature.

Not processing sensitive data related to a consumer without obtaining the consumer's consent, or the consent of the child's parent or legal guardian in the case of a known child, while complying with other legal requirements.

Not processing personal data in violation of state or federal laws that prohibit unlawful discrimination.

Providing an effective mechanism for a consumer to revoke their consent, which must be at least as easy as the mechanism used to obtain consent, and ceasing data processing as soon as practicable, but no later than 15 days after receiving such a request.

Not processing a consumer's personal data for targeted advertising or selling the consumer's personal data without the consumer's consent, especially if the controller knows or should know the consumer is between 13 and 18 years old.

Not discriminating against a consumer for exercising any of the consumer's rights under this chapter, including denying goods or services, charging different prices or fees for goods or services, or providing a different level of quality in goods or services.

Data Usage for users located in the EEA and the UK

It is important to note that if you are a client, located in the EEA or the UK, you have different rights under the "Regulation (EU) 2016/679".

For this regulation, "personal data" means: any information about an identified or identifiable natural person ("the data subject").

You as a consumer have a legal basis for these rights:

(I) The user must consent to the processing of his personal data for one or more specific purposes. (II) The controller will take appropriate measures to provide the “data subject “with any information relating to your personal data, or any other information that we hold about you as a customer. In a concise, transparent, intelligible and easily accessible form, in clear and plain language. The information will be provided in writing or by other means, including, where appropriate, by electronic means. Where requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means. (III) Where personal data are collected from the client, the controller shall provide him with these information: The purposes of the processing; The categories of personal data concerned; The recipients or categories of recipients to whom the personal data have been or will be disclosed; if possible, the envisaged storage period of the personal data or, if not possible, the criteria used to determine this period; The existence of the right to request from the controller the rectification or erasure of the personal data or the restriction of the use of the personal data to object to such processing; The right to file a complaint with a supervisory authority; (IV) As mentioned in point (III), the user shall have the right to obtain without undue delay from the data controller the rectification of inaccurate personal data concerning him/her. Also, the user shall have the right to obtain without undue delay from the controller the erasure of personal data concerning him/her, when the following circumstances occur (The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent; the personal data have been processed unlawfully; when the company is obliged to erase such data). (V) The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each of the recipients to whom the personal data have been communicated, unless this is impossible or would require a disproportionate effort. (VI) Every user shall have the right not to be subject to a decision based solely on “automated processing”, including profiling, that produces legal effects on him or her or significantly affects him or her in a similar way. (VII) The user shall have the right to receive the personal data concerning him/her, which he/she has provided to a data controller, in a structured, commonly used and machine-readable format.

Data Transfer

Third-Party Service Providers

TxPipe discloses users' information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Platform, and in some cases collect information directly, for example as explained in “Payment Processing” above. All in compliance with laws and regulations already cited.

Below is an illustrative list of functions for which we may use third-party service providers:

  • Hosting and content delivery network services
  • Analytics services
  • CRM providers
  • Lead generation partners
  • Marketing and social media partners
  • Customer support services
  • Payment processors
  • Functionality and debugging services
  • Professional service providers, such as auditors, lawyers, consultants, accountants and insurers

Demeter Customers

When we act on behalf of our Customers (as a data processor or service provider), we may provide End Users' personal information to our Customers in order to comply with their requests, End Users' requests and/or regulator requests, among others.

Occasionally, we will provide our Customers with aggregated information that does not identify End Users directly, in order to provide information about usage, demographics (such as location) or other general information. Anonymized Information We share aggregated, automatically-collected or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users' interests, habits and usage patterns for certain programs, content, services, marketing and/or functionality available through the Platform. We do not share personal identifiable information in this case.

Demeter legal´s obligations

TxPipe or Demeter will preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your express consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order; (iii) in order to protect the safety of any person and to protect the safety or security of our Platform or to prevent spam, abuse, or other malicious activity of actors with respect to the Platform; or (iv) to protect our rights or property or the rights or property of those who use the Platform.

Data Storage

The Platform’s primary storage of information is in the United States and the EEA. In line with the laws and regulations of these jurisdictions.

To facilitate our global operations, we may process personal information from around the world, including from other countries in which TxPipe has operations, in order to provide the Platform.

If you are accessing or using our Platform or otherwise providing personal information to us, you are agreeing and consenting to the processing of your personal information in the United States and other jurisdictions in which we operate.

If you are a Customer, you are responsible for informing your End Users of how and where their personal data will be processed at the time of collection. We recommend reading our terms of service for more details.

Data Retention

We retain personal information for as long as needed to provide our Services. Note however, that with respect to our Customers with active accounts, we may retain certain essential account information, but otherwise regularly delete other information that is less essential to the provision of our Services in order to minimize our storage of data.

We also will retain personal information that we've collected from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).

Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a "litigation hold"). In this case, the information must be retained as long as needed for exercising respective potential legal claims.

When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

Data Security

We take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to personal data only to those employees, agents, contractors and the third parties who have a business need-to-know.

We also have procedures in place to deal with any suspected data security breach. If required, we will notify you and any applicable regulator of a suspected data security breach. We also require those parties to whom we transfer your personal information to provide acceptable standards of security.

Notwithstanding, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. It is important that you are aware of this, and take responsibility for the data you share with us or third party companies. Therefore, take special care in deciding what information you send to us via email.

For End Users

TxPipe has no direct relationship with End Users (as described in the “Data Collection section”). Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to End Users when End Users wish to exercise the rights set forth above.

However, if an End User sends a request to TxPipe to access, correct, update, or delete his/her information, or no longer wishes to be contacted by a Customer that uses our Services, we will direct that End User to contact the Customer's website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their End Users' requests.

Links to Third Party Sites

This Privacy Policy applies only to the Platform. The Platform may contain links to other websites not operated or controlled by TxPipe ("Third Party Sites''). Demeter or Txpipe are not responsible for websites which do not operate or control. The policies and procedures we describe here do not apply to Third Party Sites, and links to such Third Party Sites on the Platform do not imply that TxPipe endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

Changes To This Privacy Policy

This Privacy Policy is constantly changing, so we encourage you to review it periodically, as our Platform and our business may change. As a result, from time to time it may be necessary for Demeter to make changes to this Privacy Policy. Adapting to new and emerging federal and state regulations. Your continued use of our platform will be taken as consent given by you to us that you accept this “privacy policy”.

Contact Information

TxPipe is a Delaware LLC with the following contact information:

TxPipe LLC

2810 N Church St

Wilmington, Delaware, 19802-4447

hello@txpipe.io