Security controls, terms, privacy, risk disclosure and compliance — plain English first, with the full legal text linked below. One entry point for procurement and security reviews.
PipSync is a signal-routing platform. We never hold your money. We hold your broker API keys — encrypted, trade-scope only. Trading is risky. You can cancel any time. Operator details are in the imprint.
Quick links: Security overview · Legal centre · Subprocessor register · Live status · DPA · DORA / NIS2 · AI governance
Every control below is on by default. No asterisks, no enterprise-only paywalls for the basics.
Vulnerability reports: [email protected]. Security questionnaires and the current control inventory are available on request. The dedicated security overview remains available for teams that need a shorter procurement entry point. Live production availability is tracked at system status.
These terms govern your use of PipSync ("we", "us"). The current contracting-entity status and contact details are listed in the Impressum. By creating an account you accept these terms.
PipSync is a signal-to-execution routing platform. We receive signals from sources you configure, optionally transform them, and submit orders to brokers on your behalf. We do not provide investment advice. We are not a broker-dealer. We do not hold client funds.
Subscriptions are billed monthly or annually in advance. You may cancel any time — access continues until the end of the current billing period. Consumer withdrawal and refund requests follow our refunds policy.
PipSync is provided "as-is". To the maximum extent permitted by law, our aggregate liability is capped at the fees you paid in the preceding 12 months. We are not liable for broker-side outages, slippage, or your own rule configurations.
Full text: /terms · German contract terms: /agb
We collect only what we need to run the service. Namely:
We do not sell or share your data with advertisers. We do not profile you for marketing. Data export or deletion: [email protected] or from Account settings.
Full text: /privacy
PipSync is a technical routing tool. We do not assess whether any signal, source, or trade is suitable for you. We do not recommend specific trades, sources, or brokers. Connecting a third-party signal source means you accept its risks.
Full text: /disclaimer · Performance disclaimer ·
We use a small number of strictly-necessary cookies to authenticate your session and remember UI preferences (dark mode, time-zone). We do not use cookies for advertising, retargeting, or cross-site tracking. Optional analytics cookies (self-hosted, aggregated) require your consent on first visit.
Full text: /cookie-policy
A Data Processing Addendum and the canonical subprocessor register are published for legal review. The Subprocessor Register lists version and effective date for every Art. 28 processor. The DPA entry point documents the processor schedule references.
Primary subprocessors:
We give customers 30 days' notice before adding or changing any subprocessor that handles personal data. Financial-sector customers can also reference our DORA / NIS2 readiness notes and AI governance posture.
We're small, we're honest about it. Every compliance milestone — on the record. Certifications (SOC 2, ISO 27001) are only stated once an independent report exists and is published through the same Trust process.
Internal controls, evidence owners and readiness gaps documented before external audit.
Independent review to confirm audit evidence is complete enough to start certification.
Unavailable until an independent auditor issues a report.
Certification remains unavailable until stage audits are completed.
Every legal document, in one place. No dead links.
Legal: [email protected] · Privacy: [email protected] · Security: [email protected] · Anything else: /contact
Postal address and registration identifiers are published in the Impressum.