Privacy Policy

Last updated: 30 June 2026 · Version: 1.1

WHO WE ARE

Ipek ("Ipek", the "App", the "Software") is a local-first desktop application for designing, running, and inspecting automation workflows on your own computer. Ipek is operated and published by LimanDoc ZZP, a sole proprietorship ("eenmanszaak") established in the Netherlands ("LimanDoc", "we", "us", "our").

This Privacy Policy explains what information we do and do not process when you use Ipek, our website, and related services, and what your rights are. It is written to be read alongside our Terms of Use.

We are a small team, and especially in these early days we take your privacy seriously and personally. If anything in this Policy concerns you, or you would prefer that we handle your data differently, please contact us at [email protected]. We read and consider every request individually and will work with you - this matters to us.

THE SHORT VERSION

We built Ipek to keep your data on your machine.

• •Your projects, the files you process, your workflow outputs, and your API keys stay on your device. We run no server that receives or stores them, and we cannot see, recover, or delete them for you.
• •When you connect Ipek to a third-party service using your own API key or credentials (for example an AI model provider, or a connector such as Linear or Zendesk), your data travels directly from your device to that provider. We do not sit in the middle of that exchange.
• •During this early-release period, the App sends us, by default, limited diagnostic and usage information so we can fix bugs and improve the product. It never includes your files, their contents, your file paths, or your credentials, and you can ask us to stop at any time.

The sections below give the detail.

1. SCOPE OF THIS POLICY

This Policy applies to:

• (a)the Ipek desktop application;
• (b)our marketing and documentation website; and
• (c)communications you have with us (for example, support email).

It does not apply to third-party services you choose to connect to or use through Ipek. Those services are operated by other companies under their own terms and privacy policies (see Section 3).

2. DATA THAT STAYS ON YOUR DEVICE (WE HAVE NO ACCESS)

Ipek is local-first by design. The following are created and stored only on your own computer, and are never transmitted to us:

• •your projects, workflows, and canvas layouts;
• •the input files and folders you process;
• •the contents of those files (including any document text, images, extracted data, tickets, feedback, or message bodies inside them);
• •the outputs and run artifacts your workflows produce;
• •run history, logs, and manifests;
• •worker/plugin packages and any worker source code, including code generated for you by AI features;
• •the API keys, tokens, and credentials you enter; and
• •your application settings.

This information is stored in your user profile and project folders on your device (for example, under a Ipek application-data directory and the project locations you choose). Because we operate no backend server that receives this information, we cannot access, retrieve, restore, or erase it on your behalf. You are responsible for backing it up and for the security of your device. Deleting it is done locally by you (see Section 11).

3. DATA YOU SEND TO THIRD PARTIES USING YOUR OWN KEYS ("BRING YOUR OWN KEY")

Ipek lets you connect to third-party services using your own accounts, API keys, or credentials. These may include, depending on the features you use:

• •AI / model providers, such as Anthropic (Claude) and Google (Gemini), used by the in-app assistant, the worker builder, and AI-powered workers;
• •connector services, such as Linear and Zendesk; and
• •any other service you choose to call from a worker.

When you use such a feature, the data you submit (for example, your prompts, selected text, or the records a worker is configured to send) travels directly from your device to the third-party provider you selected, authenticated with your own key. We do not proxy, intermediate, inspect, store, or retain that data, and we do not receive a copy of it.

Your use of each third-party provider is governed solely by your own agreement with, and the privacy policy of, that provider. You are responsible for reviewing those terms, for any charges on your provider accounts, and for deciding what data you send to them. Whether a provider uses your inputs or outputs to train its models is determined by your relationship with that provider, not by us. We do not host AI models, and we do not use any content you process to train models.

4. DIAGNOSTIC AND USAGE INFORMATION WE RECEIVE

To operate, secure, debug, and improve Ipek, the App may send limited diagnostic and product-usage information to PostHog, our third-party product-analytics and error-reporting provider, which processes and stores it on servers located in the European Union (PostHog's EU Cloud). This information may include:

• •basic technical details about your installation and device, such as the application version, operating-system family and version, processor architecture, and language setting;
• •a randomly generated installation identifier that is not derived from your name, account, or device hardware;
• •events that describe how the application's features are used;
• •sanitized error and crash reports; and
• •information about your use of in-app AI assistant and builder features, such as a generated project plan, so that we can diagnose and improve the worker generation prompts.

We do not require an account or your name, and we identify your installation only by the random identifier above; we do not sell this information. Because some of the information above can include text you typed, it may itself contain personal data, so please avoid entering sensitive personal information into the in-app assistant features. The files that are attached in the AI assistant are not processed at all.

We do NOT collect, receive, or have access to: your projects or the files you process; the contents of those files; your local file paths or folder structure (beyond, at most, an individual file name used to label an event); your API keys, tokens, credentials, environment values, or other secrets; your worker source code; or your workflow outputs. Error and crash reports are scrubbed to remove file paths, secrets, and similar sensitive values before they are sent.

Default during early release, your legal basis, and your choice. During Ipek's current early-release period, this diagnostic and usage reporting is enabled by default, because it is especially important for finding and fixing problems while the Software is young. We process this limited information on the basis of our legitimate interests (Article 6(1)(f) GDPR) in operating, securing, and improving the Software. When you first run the App, we show you a notice that links to this Policy and our Terms of Use, and you may opt out of this processing at any time by contacting us at [email protected].

5. UPDATES AND SOFTWARE DISTRIBUTION

Ipek may check whether a newer version is available by requesting a small version file from our update and distribution hosting (a content-delivery provider). As with any network request, that host and our distribution provider necessarily receive technical request metadata, such as your IP address and the application version and platform requested. This is used only to deliver updates and is not used to identify you. You are not required to install updates.

6. WEBSITE INFORMATION

If you visit our website, we (and our hosting and analytics providers) may process standard technical information such as your IP address, browser type, pages viewed, and referring page, including through cookies or similar technologies where applicable. Where the law requires consent for non-essential cookies or analytics, we will ask for it. You can control cookies through your browser settings.

If you join our waitlist or mailing list, we process the email address you provide, on the basis of your consent, to notify you about availability, launch, discounts, and related updates. The signup form is hosted on Cloudflare, and the email addresses are stored with our email provider, Resend (Resend, Inc.), which we also use to send these messages. You can withdraw your consent and unsubscribe at any time, after which we will remove your address from the list.

7. PURCHASE AND BILLING INFORMATION

Ipek is currently provided free of charge and does not require an account. If we introduce paid plans in the future, purchases will be handled by third-party payment processors. In that case, those processors will receive the information necessary to complete your transaction (such as your email address and payment details). We would receive transaction and billing records (for example, that a purchase occurred, the amount, and your email address) but not your full payment-card details. Any such email address would be used to process and support your purchase and to send service-related messages, and not for unrelated marketing without your consent.

8. SUPPORT COMMUNICATIONS

If you email us or otherwise contact us for support, we process the information you provide (such as your email address and the contents of your message) in order to respond and to keep records of support requests. Please do not send us sensitive files, secrets, or credentials in support messages.

9. THE LOCAL MCP / EXTERNAL-AGENT SERVER (OPTIONAL)

Ipek includes an optional local server (an "MCP" / external-agent interface) that is turned OFF by default. When you enable it, it runs on your own machine, binds to your local loopback address, and is protected by a token you control. It lets local tools or agents you authorize inspect and work with your Ipek projects on your device. It is local to your machine; enabling it does not send your data to us. If you enable it and connect external tools to it, you are responsible for what those tools do with the access you grant (see the Terms of Use).

10. HOW WE USE THE INFORMATION WE RECEIVE

We use the limited information described in Sections 4-8 to:

• •provide, maintain, secure, and improve Ipek and our website;
• •diagnose, reproduce, and fix bugs, crashes, and reliability problems;
• •understand which features are used so we can prioritize development;
• •deliver software updates;
• •process and support purchases (if and when paid plans exist); and
• •respond to your requests and comply with our legal obligations.

11. SHARING AND SUB-PROCESSORS

We do not sell your personal data. We share the limited information we receive only with service providers who process it on our behalf and under contract, namely:

• •PostHog, our product-analytics and error-reporting provider (EU servers);
• •Cloudflare, for website and waitlist hosting and for distributing the application's downloads and update files (content delivery);
• •Resend (Resend, Inc.), which stores our waitlist/mailing-list email addresses and delivers our waitlist and product emails; and
• •if and when paid plans exist, our payment processor(s).

We may also disclose information where required by law, to enforce our terms, or to protect our rights, users, or the public. If we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to this Policy.

We do not act as a controller or processor of the content you keep on your device or send to third-party providers under your own keys (Sections 2-3); for that content, you and/or your chosen provider are responsible.

12. INTERNATIONAL TRANSFERS

We seek to keep the limited diagnostic and usage information we receive within the European Union. Where any processing by a service provider involves a transfer of personal data outside the European Economic Area, we rely on appropriate safeguards recognized under the GDPR, such as European Commission adequacy decisions or Standard Contractual Clauses.

13. DATA RETENTION

• •Data on your device is retained until you delete it; we hold no copy of it.
• •Diagnostic and usage information (including any analytics queued locally on your device before it is sent) is retained only as long as needed for the purposes above - as a general rule, no longer than 24 months - and is then deleted or aggregated.
• •Support correspondence is kept for as long as needed to handle your request and for a reasonable period afterwards.
• •Waitlist and mailing-list details are kept until you unsubscribe or we close the list.
• •Billing records, if any, are kept for as long as required by applicable law (under Dutch law, business and tax records must generally be kept for seven years).

14. YOUR RIGHTS

Under the GDPR and applicable Dutch law, and in relation to the limited personal data we actually process, you have the right to: access your data; have it rectified; have it erased; restrict or object to its processing; data portability; and, where processing is based on consent, to withdraw that consent at any time. To exercise these rights, contact us at [email protected]. We may need to verify your request.

Please note that, because Ipek stores your projects, files, and outputs only on your own device and we hold no copy and no account identifying you, we are often unable to locate or act on that on-device content for you - you remain in direct control of it.

You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

15. CHILDREN

Ipek is not directed to children. It is intended for users who are at least 16 years old, or older where required by local law. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can address it.

16. SECURITY

We take reasonable measures to protect the limited information we receive. However, no method of transmission or storage is completely secure. Importantly, because Ipek is local-first, the security of your projects, outputs, and the API keys and credentials you enter depends primarily on the security of your own device and operating-system account. API keys and credentials you enter are stored locally on your device, within the application's settings and project configuration (not in a dedicated operating-system keychain) and without additional encryption by Ipek; treat your device, your backups, and those credentials accordingly, and revoke any key you believe has been exposed. Some local run logs and outputs may also contain data drawn from your inputs or from the services your workflows call, so review them before sharing them with us or with others. The Software is provided "as is" as described in the Terms of Use.

17. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will post the revised version with a new "Last updated" date and, where the changes are material, we will take reasonable steps to bring them to your attention. Your continued use of Ipek after the changes take effect constitutes acceptance of the updated Policy.

18. CONTACT

If you have any questions, requests, or complaints about this Privacy Policy or your data, contact us at: