Privacy Policy
Kitpipe is designed around minimal data collection. We do not require accounts, do not track your identity, and do not sell any information to third parties. This page explains exactly what we do and don't collect.
Contents
What we collect
Kitpipe collects only what is technically necessary to provide the service:
- IP address. Your IP address is used as a temporary session key to route shared content (text, files, whiteboard strokes) to the correct room. It is not stored beyond your active session.
- Uploaded files. Files you upload via the server upload feature are stored temporarily on our servers to allow cross-device access. They are automatically deleted after 24 hours.
- Shared text. The contents of the shared notepad are held in memory on the server for the duration of the session and are not written to persistent storage.
- Whiteboard data. Drawing actions are relayed in real time via WebSockets and are not permanently stored.
We do not collect names, email addresses, passwords, payment information, or any form of personal identification.
How we use it
The data described above is used solely to operate the service:
- Routing text, files, and whiteboard actions between devices in the same session room.
- Serving uploaded files back to devices that request them within the 24-hour retention window.
- Basic server-side logging for error diagnosis and abuse prevention.
We do not use your data for advertising, profiling, or any purpose beyond operating Kitpipe.
Data storage & retention
- Uploaded files are stored on our servers for a maximum of 24 hours, then permanently deleted.
- Session text and whiteboard data are held only in server memory and are cleared when the session ends or the server restarts.
- Server access logs may be retained for up to 30 days for security and diagnostic purposes, after which they are deleted.
- IP addresses used as room keys are not written to any database.
Sharing & third parties
We do not sell, rent, or share your data with third parties for commercial purposes. Limited exceptions apply only where legally required:
- Compliance with a valid legal order, subpoena, or court order.
- Protection of the rights, property, or safety of Kitpipe, its users, or the public.
The Cloud Browser feature is powered by Hyperbeam. When you launch a cloud browser session, a connection is established with Hyperbeam's infrastructure. Please review Hyperbeam's privacy policy for details on how they handle session data.
P2P file transfers (the "Share Large Files" section) are routed directly between peers using WebRTC. Kitpipe's servers act only as a signalling relay to establish the connection and do not have access to the transferred file contents.
Cookies & local storage
Kitpipe does not use tracking cookies. We use the browser's localStorage exclusively to save your preferences on your own device:
- kitpipe-theme — stores your light/dark theme preference.
- kitpipe-private-room — stores the room key if you have joined or created a private room, so it persists across page refreshes.
These values never leave your device and are not transmitted to our servers.
P2P file transfers
The large file sharing feature uses WebRTC peer-to-peer connections via SimplePeer and StreamSaver. File data flows directly between browsers and is never routed through or stored on Kitpipe's servers. Optional password protection encrypts the transfer on your end before it leaves your device.
Be aware that the receiving party will see your WebRTC connection address during a P2P session, which may expose your IP address to them. Use a VPN if you wish to keep your IP private from other participants.
Security
We take reasonable technical measures to protect data in transit and at rest, including HTTPS encryption for all connections. However, no system is completely secure. Private rooms add an additional layer of access control — only users with the room key can join your session. We recommend using private rooms for any sensitive content.
Children's privacy
Kitpipe is not directed at children under the age of 13. We do not knowingly collect any information from children. If you believe a child has used the service to upload personal data, please contact us and we will take steps to remove it promptly.
Your rights
Because Kitpipe does not require accounts or store personal identifiers, most traditional data rights (access, rectification, portability) do not apply in the conventional sense. You can:
- Clear your local theme and room preferences at any time by clearing your browser's localStorage.
- Request deletion of any uploaded file by contacting us — we will delete it immediately rather than waiting for the 24-hour automatic deletion.
- Leave a private room at any time via the settings panel, which removes your room key from localStorage.
If you are in the EU/EEA and believe you have additional rights under GDPR, please contact us and we will respond within 30 days.
Changes to this policy
We may update this policy as the service evolves. Any changes will be reflected on this page with an updated "Last updated" date at the top. Continued use of Kitpipe after changes are posted constitutes your acceptance of the revised policy. We will not make retroactive changes that reduce your privacy protections without providing clear notice.
Contact us
If you have any questions, concerns, or requests relating to this privacy policy, please get in touch:
privacy@kitpipe.com