Pilot logoLogo

Legal

Privacy Policy

Last updated: March 5, 2026

This Privacy Policy describes how Pilot collects, processes, stores, and discloses data across the marketing website, waitlist flow, and application services. It also describes user controls, security safeguards, and deletion workflows.

1. Scope

This policy applies to Pilot-operated properties, including `pilot-ops.vercel.app`, the waitlist, and the product app. It covers data collected directly from users, data received from third-party integrations, and system-generated operational data.

2. Data We Collect

  • Identity and account data: name, email, profile image, account ID, provider account records, session token metadata, IP address, and user agent.
  • Onboarding and profile data: business context and onboarding fields (for example use case, business type, goals, lead volume, and offering details).
  • Waitlist submissions: name, email, and timestamps.
  • Instagram integration data: professional account ID, app-scoped user ID, username, access token, expiry timestamps, and sync metadata.
  • Messaging and CRM data: contact identifiers, conversation-derived fields (stage, sentiment, lead score), notes, tags, follow-up metadata, HRN flags, and action logs.
  • Automation and Sidekick data: triggers, prompts, response configuration, chat sessions/messages, and execution logs.
  • Billing/usage metadata: usage event records and plan/checkout metadata needed to enforce product limits.
  • Diagnostics and performance telemetry from infrastructure and analytics tools.

3. End-to-End Data Flow

  1. A user creates an account or submits the waitlist form, and core profile/session data is stored in PostgreSQL.
  2. If Instagram is connected, OAuth is initiated with Instagram Graph API scopes and access tokens are exchanged and stored.
  3. Instagram events are delivered to Pilot webhooks. Webhook signatures are validated before processing.
  4. Events are evaluated by automation and Sidekick workflows to classify intent, apply routing rules, and determine HRN handoff.
  5. Contact and operational records are updated in PostgreSQL and replies are sent through Instagram Graph API endpoints.
  6. Logs and usage records are stored to support reliability, debugging, billing enforcement, and product analytics.

4. How We Use Data

  • Provide authentication, account management, and product access.
  • Operate Instagram automation, contact management, and workflow routing.
  • Generate and deliver Sidekick or automation-assisted responses.
  • Maintain platform integrity, fraud prevention, and abuse control.
  • Monitor service health, troubleshoot incidents, and improve product quality.
  • Support billing, subscriptions, and usage-limit enforcement.
  • Respond to legal obligations and enforce contractual rights.

5. Storage and Security Architecture

Pilot stores operational data in PostgreSQL (Neon). Access is constrained by row-level policies built around authenticated user identity checks (for example `user_id = auth.uid()` and equivalent scoped checks). Core relational records use foreign-key constraints with cascading deletion for dependent records where applicable.

Webhook ingestion includes signature validation before processing. Access to integrated third-party APIs is performed with scoped credentials and server-side environment secrets.

6. Third-Party Processors and Integrations

  • Meta/Instagram Graph API for Instagram messaging and account integration.
  • Neon/PostgreSQL for persistent application data storage.
  • Vercel for hosting, analytics, and performance insights.
  • Better Auth for authentication/session management patterns.
  • Google Gemini for AI generation/classification features.
  • Cloudinary for user-uploaded image hosting workflows.
  • Polar for billing and subscription infrastructure in-app.

7. Retention

Data is retained while accounts remain active and for a reasonable period thereafter to support security, dispute handling, product integrity, and legal compliance. Retention windows may vary by data type and operational necessity.

8. User Controls and Deletion

  • Instagram disconnect control is available in product settings and removes stored Instagram integration records.
  • Users can delete selected records in-product (for example specific chats, FAQs, or offers where controls exist).
  • Full account deletion requests may be submitted through support channels listed below.
  • When account deletion is executed, dependent records tied through cascading foreign keys are deleted from associated tables.

9. International Processing

Pilot and its subprocessors may process data in multiple regions. By using the service, users acknowledge such processing as required to provide the product.

10. Open-Source License Notice

Pilot includes open-source code distributed under the GNU Affero General Public License v3.0 (AGPLv3). For full terms, see the LICENSE file.

11. Policy Updates

This policy may be updated periodically. Material changes will be reflected by updating the "Last updated" date on this page.

12. Contact

For privacy and deletion requests, contact Pilot on X, LinkedIn, GitHub, or message Pilot on Instagram.