Privacy Policy

Last updated: May 2026

This policy explains what data Pilot collects, why we collect it, and what we do with it. We aim to collect the minimum needed to deliver the Service.

What we collect

• Account information: name, email, company, password hash.
• Brand and content data: your website URL, social handles, brand assets, posts you create or schedule.
• Connected accounts: OAuth tokens for the social platforms you connect (encrypted at rest, scoped to publishing and analytics).
• Usage data: features used, errors encountered, and aggregate engagement metrics — used to improve the product.
• Billing data: processed by Stripe; we never store your card number.

How we use it

• To operate and improve the Service
• To generate AI content tailored to your brand
• To send transactional and (with consent) product emails
• To detect and prevent abuse

How we share it

We share data with subprocessors who help us deliver the Service — including hosting (Vercel, Cloudflare R2), AI providers (Anthropic), email (Resend), payments (Stripe), and analytics (Sentry, Vercel Analytics). We don't sell your data.

Your rights

You can export, correct, or delete your data at any time from account settings, or by emailing privacy@pilot.ai. EU/EEA users have rights under GDPR; California users have rights under CCPA.

Data retention

We retain account and content data while your account is active. You can delete your account at any time, after which we purge personal data within 30 days (some legal/billing records retained as required by law).

Security

Encryption in transit (TLS 1.3) and at rest (AES-256). Tokens encrypted per-tenant. Targeting SOC 2 Type II certification.

Contact

Privacy questions: privacy@pilot.ai.