Book a Demo

Pippa PA Data & Security Overview

Last Updated: November 2025

Powered by HighLevel/LeadConnector Infrastructure

1. How Pippa PA Handles Your Data

Pippa PA is the Data Controller; HighLevel / LeadConnector LLC is our Data Processor. All data is stored inside HighLevel’s encrypted cloud and never used for advertising or AI model training.

2. Where Your Data Is Stored

  • Google Cloud Platform (GCP)
  • Amazon Web Services (AWS)
  • LeadConnector secure environments

Certified under ISO 27001, SOC 2/3, PCI DSS (where applicable).

3. Security Measures

Encryption: AES-256 at rest, TLS 1.2+ in transit.
Access: RBAC, MFA, logging, audit trails.
Application: Firewall, Cloudflare DDoS, pen-testing.
Accounts: Password hashing, credential rotation.

4. Call, SMS & Messaging Security

  • Twilio – encrypted calls/SMS
  • WhatsApp API providers – end-to-end encrypted transport
  • SendGrid / Mailgun – encrypted SMTP, SPF/DKIM/DMARC

5. Data the AI Assistant Processes

Caller names, numbers, enquiry details, appointments, internal notes. Used only to deliver the receptionist service.

We do not train public AI models or sell data.

6. Data We Do NOT Collect

No bank logins, card numbers (handled by Stripe), biometric or national ID, unless you explicitly collect it.

7. Legal Basis for Processing (UK GDPR)

  • Contractual necessity
  • Legitimate interests
  • Consent (e.g. call recording)
  • Legal obligation

8. Data Retention

Data Type Retention
Contact Records Until deleted / account closes
Call Logs 12–24 months
Call Recordings 30–365 days (configurable)
Billing Data 6 years (legal)

9. International Data Transfers

Protected by SCCs, EU-US & UK DPF, ensuring GDPR compliance.

10. Sub-Processors Used

HighLevel/LeadConnector (core), Twilio, WhatsApp API providers, SendGrid/Mailgun, AWS/GCP, Stripe, Cloudflare. Full list on our Sub-Processor Disclosure.

11. Customer Data Rights

Access, correct, delete, restrict, export, withdraw consent, object, complain to ICO. Request via privacy@pippa-pa.com.

12. Data Breach Procedures

Immediate investigation, HighLevel incident response, user & ICO notification where required, prevention measures applied.

13. Your Responsibilities

Use the service responsibly, protect credentials, inform callers if recording, and avoid unnecessary sensitive data.

14. Contact

Email: privacy@pippa-pa.com  |  legal@pippa-pa.com
30 North Gould Street, Sheridan, Wyoming, WY82801, United States

Book Your Demo Call