Piperic Business Intelligence
Last Updated: 22 June 2026
Effective: 22 June 2026
This Privacy Policy explains how Rácz Akácosi Laura ("Piperic", "we", "us", "our")
handles personal data in connection with the Piperic website and services at piperic.com (the
"Service").
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and
applicable national law, the controller is:
Rácz Akácosi Laura — sole trader (egyéni vállalkozó), Hungary
Darvas László utca 3, 3900 Szerencs, Hungary
Hungarian tax number: 45746550-1-25
Email: privacy@piperic.com
Because we are established in the European Union and process the data of individuals in the EU, the
GDPR applies to our activities in full. Our lead supervisory authority is the Hungarian National
Authority for Data Protection and Freedom of Information (NAIH — *Nemzeti Adatvédelmi és
Információszabadság Hatóság*). You always retain the right to lodge a complaint with NAIH or with the
supervisory authority in your own country (see "Your rights" below).
This Policy has two parts:
Service (account holders, buyers, website visitors). Here we act as a controller in the ordinary
sense.
that appears on public business websites and is included in our datasets. This is the part that
matters most for a service like ours, and we treat it with specific transparency and rights
mechanisms.
| Data | Source | Why |
|---|---|---|
| Email address | You, at sign-up or purchase | Account access, mandatory service emails (verification, receipts), support |
| Name / billing details | You, at purchase (optional) | Invoicing and tax compliance |
| Payment details | Entered directly with our payment processor (Stripe) | Processing payment. We do not see or store full card numbers. |
| IP address & server logs | Automatically, on access | Security, fraud and abuse prevention, service integrity |
| Cookies (see A6) | Your browser | Authentication, security, and — with your consent — analytics |
We deliberately minimise what we collect. We do not sell your account or customer personal data.
provide support.
respond to lawful requests.
withdraw consent at any time.
years).
We share account/customer personal data only with the processors needed to run the Service, under
data-processing agreements:
We use Google Analytics 4 (provided by Google Ireland Limited) to measure aggregate website traffic, with Google Consent Mode v2. By default — and if you decline our cookie banner — Google Analytics runs in a privacy-preserving, cookieless mode: no _ga cookies and no identifiers are stored, and only aggregated, non-identifying signals are sent. Analytics cookies are set only if you accept via the banner. Google acts as our processor for this purpose (see https://policies.google.com/privacy); you can withdraw consent at any time via the Cookie preferences link in the footer. We use no advertising, no ad personalization, and no cross-site ad-tracking.
Our primary infrastructure is located in the European Union (Germany). Where any processor
transfers personal data outside the European Economic Area (for example, our payment processor, or Google for Google Analytics), we rely
on appropriate safeguards under Chapter V of the GDPR, such as the European Commission's Standard
Contractual Clauses and/or an adequacy decision.
We use a minimal set of strictly necessary cookies. We do not use advertising or cross-site
tracking cookies.
| Cookie | Purpose | Consent |
|---|---|---|
piperic_admin | Maintains an authenticated admin/login session. Signed. | Strictly necessary |
piperic_consent | Remembers your cookie choice (accept/reject). | Strictly necessary |
_ga, _ga_* | Google Analytics 4 — aggregate traffic measurement. Set only after you accept. | Consent required |
Strictly necessary cookies do not require consent. If you block them, you will not be able to log in. Analytics cookies (_ga) are set only if you accept them via our cookie banner; you can change or withdraw your choice at any time through the Cookie preferences link in the footer. If you decline, no analytics cookies are stored and Google Analytics runs only in a cookieless consent-mode.
We do not track individuals across third-party websites and our Service is not designed to profile the
browsing behaviour of our visitors.
We apply technical and organisational measures appropriate to the risk, including HTTPS/TLS encryption
in transit, restricted administrative access (authenticated, signed admin sessions), database access
limited to the local host, network-level abuse blocking, and access controls limiting personal data to
authorised personnel. No method of transmission or storage is completely secure, and we cannot
guarantee absolute security.
We maintain incident-response procedures. Where a personal-data breach is likely to result in a risk to
individuals, we will notify the competent supervisory authority within 72 hours where required, and
affected individuals where the law requires it.
The Service is a B2B tool not directed to children. We do not knowingly collect personal data from
anyone under 16.
This Part explains how we handle the limited personal data that appears on public business websites and is reflected in our datasets — for example, a business contact email or phone number published on a company's homepage or contact page. This is the heart of the Service, and we are transparent about it.
Piperic is a company- and website-level business-intelligence service. Our datasets are designed to
describe websites, technologies, companies, and market activity — not to profile individuals.
We collect, from public websites:
platform, analytics/CDN/frameworks, page metadata, language, country signals, parked/live status,
AI-related signals such as robots.txt / llms.txt / ai.txt directives);
example, a general or role-based business email such as info@ or sales@, a business phone number,
or public social-profile links).
Where contact information identifies, or could identify, an individual (for example, a named person's
business email), it constitutes personal data and is handled as described in this Part. We
distinguish, where feasible, between role/organisational contacts (e.g. office@company.com) and
personal contacts, and we apply additional caution to the latter.
We do not:
All Public Website Data is collected from publicly accessible web pages and public internet signals
(such as a site's homepage and standard public files like robots.txt, llms.txt, ai.txt,
humans.txt, and the terms/ToS page). We do not source this dataset from private consumer databases or
from any source requiring authentication.
Where Public Website Data includes personal data, we process it on the basis of our **legitimate
interests** (and those of our business customers) in providing B2B market intelligence, technology
analytics, and lead-research tools, in a strictly business context.
We have carried out a Legitimate Interests Assessment (LIA) weighing those interests against the
rights and freedoms of the individuals concerned. In summary:
for the purpose of being contacted in a business capacity;
(see B6);
B7).
We keep this LIA documented and available to our supervisory authority on request. We do not rely
on consent for this processing, because the data is not collected directly from the individual; consent
would not be an appropriate or valid basis here.
Note on direct marketing. If *you* (a customer) use exported contact data to send marketing, you become an independent controller and must establish your own lawful basis, run your own LIA where relevant, honour objections, and comply with the ePrivacy/anti-spam rules in your jurisdiction. We do not authorise unlawful marketing, and the right to object to direct marketing under Article 21(2) GDPR is absolute.
Because we obtain this personal data from public sources rather than from the individual directly,
Article 14 GDPR applies. We provide the required information through this Privacy Policy, which is
publicly accessible and linked from every page, and through the per-record information available on
each domain profile. Where we contact an individual or business directly, we provide Article 14
information at the latest at the time of first communication.
We recognise that the "disproportionate effort" exemption in Article 14(5)(b) is interpreted narrowly
by supervisory authorities, and we therefore make this notice prominent and provide an immediate,
self-service objection and removal mechanism (below) rather than relying on that exemption alone.
If your personal data, or personal data relating to your business, appears in our datasets, you have
the right to:
right to object to any direct-marketing use;
To exercise any of these rights, or to request removal, contact privacy@piperic.com or use our
removal/opt-out page at https://piperic.com/removals. We will respond within one month
(extendable by two further months for complex requests, with notice), free of charge in ordinary
cases. When we act on an erasure or objection request, we suppress the relevant record so that it is
not re-added on subsequent crawls.
Recommended: implement a working /removals page and a suppression list before relying on this clause. The clause is only as strong as the mechanism behind it.
Our primary outputs are company- and website-level insights. Where personal contact data is
included:
through controlled, paid exports, in a business context, and subject to the Terms of Service;
We retain Public Website Data for as long as it remains useful for the business-intelligence purpose
and is reflective of the public web, and we re-crawl and refresh records over time. Records subject to
an accepted erasure or objection request are suppressed and not re-added. We retain a record for up to 24 months after it was last seen on the public web, after which it is re-validated or removed.
We use automated systems to analyse public website signals and to generate company- and website-level
insights (categorisation, technology detection, language identification). This processing is directed
at websites and companies, not at evaluating individuals personally, and it does not produce legal or
similarly significant effects on individuals within the meaning of Article 22 GDPR.
Detections and classifications are automated and may be incomplete or inaccurate (see Terms of Service
§11). If you believe a record about your business is inaccurate, you may request rectification under
B5.
Customers who access or export data are responsible for ensuring that their own use complies with
applicable laws, including data-protection, privacy, marketing, and anti-spam laws. We provide
business-intelligence data; we do not control, and are not responsible for, how customers use it once
exported.
This is a B2B service and is not directed to children. We do not knowingly collect personal data
relating to children through this dataset.
You may exercise any of the rights described above by contacting privacy@piperic.com. If you are in
the EEA and believe your data-protection rights have been infringed, you may lodge a complaint with
your local supervisory authority. Our lead authority is:
NAIH — Nemzeti Adatvédelmi és Információszabadság Hatóság
Website: https://naih.hu
We may update this Policy from time to time. The current version is always published at
https://piperic.com/privacy with the "Last Updated" date above. Material changes will be made
prominent.
Rácz Akácosi Laura — sole trader (egyéni vállalkozó), Hungary
Darvas László utca 3, 3900 Szerencs, Hungary
Privacy contact: privacy@piperic.com