Privacy Policy

This Privacy Policy describes how Bigweld Industries, LLC, a Florida limited liability company ("Bigweld," "we," "us," or "our"), collects, uses, shares, and protects information when you access or use the Piper software-as-a-service platform ("Piper"). This Policy applies to your use of Piper as an end-user agent. It does not apply to bigweld.industries generally; that website is governed by the Bigweld Industries Privacy Policy.

Your use of Piper is also governed by the Piper Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

1. Roles and Relationships

Piper is sold by Bigweld to Field Marketing Organizations ("FMOs") under a master services agreement (the "Master Agreement"). Insurance agents who are employed by or affiliated with an FMO and authorized by that FMO to use Piper (each, an "agent" or "you") are the end users of the platform.

For most information processed through Piper, your FMO is the primary controller and decision-maker, and Bigweld processes information on the FMO's behalf in accordance with the Master Agreement. Where Piper handles information that constitutes protected health information ("PHI") under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), Bigweld acts as a business associate of the FMO, and the parties' obligations are governed by a separate business associate agreement.

Because your FMO controls most aspects of your account and of the information processed through Piper, requests relating to your information will often be routed through your FMO. Section 10 explains how to make a request directly to Bigweld.

2. Information We Collect

2.1 Information your FMO provides

Your FMO provides Bigweld with information about you that Piper uses to provision your account and operate the platform, including:

• identity and contact information (name, email, phone, mailing address);
• employment and licensing information (FMO affiliation, hierarchy, agent code, role, license numbers, appointment status, length of service);
• production and activity information (sales, applications, training records, payouts, and related data your FMO chooses to share); and
• consumer-related information that your FMO has collected from individuals you serve, where Piper is used to manage agent activity in connection with that consumer information.

2.2 Information you provide to Piper

When you use Piper, you may provide:

• credentials and authentication factors managed through AWS Cognito;
• profile information you add or update within Piper;
• messages, notes, comments, and other content you submit;
• files and attachments you upload;
• configuration and preferences (notification settings, integration settings, defaults); and
• information you provide when contacting Bigweld support.

2.3 Information collected automatically

When you access Piper, Bigweld and its service providers automatically collect certain information, including:

• device and browser information (IP address, device identifier, operating system, browser type and version);
• session and authentication information (sign-in events, session identifiers, security tokens);
• usage information (pages and features accessed, actions taken, timestamps); and
• diagnostic and error logs needed to operate, secure, and debug the platform.

2.4 Information from integrated services

If you choose to connect a third-party calendar or scheduling integration to Piper, Piper receives information from that service as needed to provide the integration. Section 6 describes each integration in detail, including the specific data accessed and how Piper uses it.

3. How We Use Information

Bigweld uses information processed through Piper for the following purposes:

• to operate, maintain, secure, and improve Piper;
• to authenticate and authorize your access;
• to deliver platform features to you, your FMO, and other authorized users in your FMO's hierarchy;
• to provide the third-party integrations you connect, in accordance with Section 6;
• to detect, investigate, and prevent fraud, abuse, security incidents, and other unlawful or harmful activity;
• to respond to support requests and to communicate with you about Piper;
• to comply with applicable law, legal process, and regulatory requirements;
• to enforce the Terms of Service, the Master Agreement, and other applicable agreements; and
• to generate de-identified and aggregated data that does not include personally identifying information or PHI, which Bigweld may use to operate, secure, analyze, and improve the platform.

Bigweld does not sell information processed through Piper. Bigweld does not use information processed through Piper to serve targeted advertising, and Bigweld does not engage in cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act and analogous U.S. state laws.

4. How We Share Information

Bigweld shares information processed through Piper in the following circumstances:

With your FMO and authorized users. Information you submit through Piper, and information about your activity within Piper, is made available to your FMO and to authorized users in your FMO's hierarchy in accordance with the Master Agreement and the FMO's role configurations. Your FMO determines who within its organization can access what.

With service providers. Bigweld engages vendors that perform services on Bigweld's behalf, including cloud infrastructure and storage, identity and authentication, email delivery, application monitoring and error reporting, customer support tooling, analytics, AI processing, insurance quoting and enrollment, mapping, and insurance producer licensing data. These vendors are contractually limited to using information only as needed to provide their services and are bound by data protection commitments. The categories of sub-processors Piper relies on are described on the Piper Sub-Processors page.

With third-party integrations you connect. If you connect a calendar or scheduling integration, Piper exchanges information with that service as described in Section 6.

For legal and safety reasons. Bigweld may disclose information if it believes in good faith that disclosure is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce its agreements, or protect the rights, property, or safety of Bigweld, its customers, its agents, or others.

In a business transfer. If Bigweld is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

With your consent. Bigweld may share information for purposes not described above with your consent or at your direction.

5. Authentication and Account Provisioning

Authentication for Piper is managed through AWS Cognito, which Bigweld operates as part of the platform. Your Cognito identity is provisioned, modified, and deprovisioned by your FMO; Bigweld does not independently issue or revoke credentials except in connection with security or compliance actions.

When your FMO offboards you or instructs Bigweld to revoke your access, your Cognito credentials are revoked, your active sessions are terminated, any active OAuth tokens or subscription URLs issued for Piper's calendar and scheduling integrations are revoked or invalidated server-side, and handling of information you submitted is governed by the data-retention and return provisions of the Master Agreement.

6. Calendar and Scheduling Integrations

Piper offers optional integrations with third-party calendar and scheduling services. Each integration is opt-in. You control whether to connect, and you may disconnect at any time. This section describes each integration, including what data Piper accesses, how Piper uses it, and how to revoke access.

6.1 Google Calendar

Scope and data accessed. When you connect Google Calendar to Piper, Piper requests the https://www.googleapis.com/auth/calendar.events OAuth scope. This scope allows Piper to view, create, update, and delete events on the calendars associated with your Google account. Piper does not request access to your Gmail, Drive, Contacts, or any other Google product, and Piper does not request the broader calendar scope.

How Piper uses the data. Piper uses the calendar.events scope solely to (a) create events on your Google calendar that correspond to appointments and activities scheduled through Piper, (b) update those events when the underlying Piper appointment changes, and (c) remove those events when the underlying Piper appointment is cancelled or deleted. Piper does not read or modify events on your Google calendar that were not created by Piper, except to the extent technically necessary to identify Piper-created events for update or removal.

Privacy-protective event content. By default, Piper writes appointment events to your Google calendar with limited descriptive content (such as a non-identifying title and time) and includes a link back to Piper for full appointment details. This default reduces the risk that information that might constitute PHI is exposed in your Google calendar. You may opt in within Piper to include richer event content; that opt-in is gated and is described in Piper's user interface at the point of choice.

Limited use. Piper's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, Piper does not use Google user data to serve advertising; does not transfer Google user data to third parties except as necessary to provide or improve the calendar integration feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with adequate notice; and does not allow humans to read Google user data unless Bigweld has obtained your affirmative agreement, the access is necessary for security purposes, the access is necessary to comply with applicable law, or the data has been aggregated and is used for internal operations in a manner that does not identify any individual.

Storage and retention. Piper stores the OAuth refresh token issued by Google and associates it with your Piper account so that Piper can continue to write events on your behalf. Piper does not copy or store the contents of your Google calendar beyond what is necessary to operate the integration (for example, the identifiers of events Piper itself created, so that Piper can update or delete them later).

Revocation and deletion. You may disconnect the Google Calendar integration at any time from the Integrations panel inside Piper or from your Google account at myaccount.google.com. When you disconnect, Piper deletes the OAuth refresh token associated with your Google account from Bigweld's systems and ceases all further calls to Google's APIs on your behalf. Disconnecting does not remove events that Piper previously created on your Google calendar; you may delete those events manually from your Google calendar.

6.2 Apple Calendar

Piper supports Apple Calendar through two methods.

ICS subscription URL. Piper can issue you a personal calendar subscription URL (an iCalendar/ICS feed) that you add to Apple Calendar as a subscribed calendar. The feed is read-only: Apple Calendar pulls the latest Piper events from the URL on its own schedule. Apple does not grant Piper any access to your Apple ID or to other content on your device.

On-device sync via the Piper mobile application. The Piper mobile application can write Piper events to the calendar on your device using the operating system's native calendar APIs (EventKit on iOS). This requires you to grant the Piper mobile application calendar permission through iOS. Calendar data written through this method is stored on your device under iOS's control.

Event content. The same privacy-protective default described in Section 6.1 applies to events Piper writes through Apple Calendar paths.

Revocation. You may revoke the ICS subscription at any time by removing or unsubscribing from the calendar within Apple Calendar; this stops your device from pulling further updates. To request that the underlying subscription URL be invalidated entirely on Bigweld's side, contact Bigweld support. You may revoke device-local sync at any time from your iOS device's privacy settings; the Piper mobile application will then stop writing further events through that path. Revoking either method does not remove events Piper previously wrote to your Apple Calendar; you may delete those events from Apple Calendar directly.

6.3 Calendly

Data accessed. When you connect your Calendly account to Piper, Piper uses Calendly's API to read availability and event-type information from your Calendly account, to record bookings created through Calendly that relate to Piper appointments, and to coordinate scheduling between Piper and Calendly. Piper does not request access to Calendly data unrelated to that scheduling function.

Use of the data. Piper uses Calendly information to display your availability inside Piper, to associate Calendly bookings with the corresponding Piper records, and to keep the two systems in sync. Piper does not use Calendly information for advertising and does not share it with third parties except as described in Section 4.

Revocation and deletion. You may disconnect Calendly at any time from the Integrations panel inside Piper or by revoking the Piper application from your Calendly account settings. When you disconnect, Piper deletes the OAuth credentials associated with your Calendly account from Bigweld's systems and ceases all further calls to Calendly's API on your behalf. Disconnecting does not remove records of past bookings that Piper or Calendly retained before disconnection.

7. HIPAA and Protected Health Information

Piper may handle information that constitutes PHI under HIPAA, including agent appointment data that relates to Medicare-eligible consumers. Where Piper handles PHI, Bigweld acts as a business associate of your FMO, and the parties' rights and obligations with respect to PHI are governed by a separate business associate agreement between Bigweld and your FMO.

Bigweld implements administrative, physical, and technical safeguards designed to protect PHI in accordance with the HIPAA Security Rule and the business associate agreement. If you have questions about how PHI is handled in connection with your FMO's use of Piper, contact your FMO.

8. Data Retention

Bigweld retains information processed through Piper for as long as is necessary to provide the platform to your FMO, to comply with applicable legal, accounting, tax, and reporting obligations, to resolve disputes and enforce agreements, and to support legitimate business interests such as security, fraud prevention, and records of legal claims. Specific retention periods for FMO-controlled information are governed by the Master Agreement.

When information is no longer needed for the purposes described in this Policy and is not required to be retained by law or under the Master Agreement, Bigweld will delete, anonymize, or securely archive it.

9. Security

Bigweld uses commercially reasonable administrative, technical, and physical safeguards designed to protect information processed through Piper against loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of data in transit, encryption of data at rest, access controls, logging and monitoring, vulnerability management, and periodic security review.

No method of transmission over the Internet or electronic storage is completely secure, and Bigweld cannot guarantee absolute security. In the event of a security incident affecting your information, Bigweld will notify your FMO and applicable authorities as required by law and the Master Agreement.

10. Your Rights and Choices

Depending on where you reside, you may have rights with respect to information about you, including the right to access, correct, delete, or obtain a portable copy of that information; the right to opt out of certain processing; and the right to lodge a complaint with a data protection authority. Bigweld will support your FMO in honoring these rights to the extent the FMO is the controller of the information.

To exercise rights with respect to information your FMO controls — including most agent records, production data, and consumer-related information processed through Piper — contact your FMO.

To exercise rights with respect to information Bigweld independently controls — for example, information you submit when contacting Bigweld support directly — email support@bigweld.industries. Bigweld may need to verify your identity before responding, and may need to coordinate with your FMO depending on the nature of the request.

11. Children's Privacy

Piper is intended for licensed insurance agents who are at least eighteen (18) years old. Bigweld does not knowingly collect information from children under 16 through Piper. If you believe a child has provided information through Piper, contact Bigweld at the address in Section 13 and Bigweld will take steps to delete it.

12. Changes to This Policy

Bigweld may update this Policy from time to time. The "Last updated" date at the top reflects the date of the most recent changes. For material changes, Bigweld will provide notice through an in-app message in Piper or by email to the address associated with your account at least thirty (30) days before the changes take effect. Your continued use of Piper after the effective date of a change constitutes your acceptance of the updated Policy.

13. Contact

Questions about this Policy or about Bigweld's privacy practices with respect to Piper should be directed to: