Privacy Policy

Last updated: March 1, 2026

MLPipeline Cloud B.V. ("MLPipeline Cloud", "we", "us") is committed to protecting your privacy and processing personal data in accordance with the General Data Protection Regulation (GDPR) and applicable European data protection laws. This policy describes what data we collect, how we use it, and your rights as a data subject.

1. Data Controller

MLPipeline Cloud B.V., registered in Amsterdam, the Netherlands, is the data controller for personal data processed through our platform and website. For inquiries regarding data protection, contact our Data Protection Officer at privacy@mlpipeline-cloud.com.

2. Data We Collect

We collect the following categories of personal data:

• Account information: name, email address, organization name, and billing details provided during registration.
• Usage data: pipeline execution logs, feature usage patterns, and platform interaction events for service improvement and debugging.
• Technical data: IP addresses, browser type, operating system, and device identifiers collected automatically when you access our website or platform.
• Communication data: content of support requests, feedback submissions, and other communications you send to us.

We do not access, process, or store the content of your ML training data, model weights, or pipeline artifacts beyond what is necessary to execute your pipelines on our infrastructure. Your ML data remains yours.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract performance: processing necessary to provide our platform services as described in the Terms of Service.
• Legitimate interest: usage analytics, security monitoring, and service improvement, balanced against your privacy rights.
• Consent: marketing communications and optional analytics cookies, which you may withdraw at any time.
• Legal obligation: retention of billing records and compliance with applicable tax and financial regulations.

4. Data Storage and Transfer

All personal data and customer content is stored within the European Union, in our eu-west-1 (Ireland) and eu-north-1 (Stockholm) regions. We do not transfer personal data outside the European Economic Area unless required by you (for example, if you choose to deploy to a non-EU region under an Enterprise plan) and appropriate safeguards are in place, such as Standard Contractual Clauses.

5. Data Retention

Account data is retained for the duration of your active account plus 30 days after account closure. Usage logs are retained for 90 days. Billing records are retained for 7 years as required by Dutch tax law. Pipeline execution data is retained according to the retention policy configured in your project settings.

6. Your Rights

Under the GDPR, you have the right to:

• Access your personal data and receive a copy in a portable format.
• Rectify inaccurate or incomplete personal data.
• Request erasure of your personal data (right to be forgotten).
• Restrict processing of your personal data in certain circumstances.
• Object to processing based on legitimate interest.
• Withdraw consent for processing based on consent.
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

To exercise any of these rights, contact us at privacy@mlpipeline-cloud.com. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies for authentication and session management. Optional analytics cookies are loaded only after you provide consent through our cookie banner. You can manage your cookie preferences at any time through the settings panel in the platform footer.

8. Sub-Processors

We engage a limited number of sub-processors to provide our services, all of which are bound by Data Processing Agreements compliant with GDPR requirements. A current list of sub-processors is available upon request.

9. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption at rest and in transit (TLS 1.3), role-based access controls, regular security audits, and employee access logging. Our SOC 2 Type II certification is in progress.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email to registered account holders at least 30 days before they take effect.