Skip to main content

Privacy Policy

This policy explains how Data Pilot collects and uses personal data when you use our website and desktop application.

Last updated: August 30, 2025

1. Who we are

Data Pilot operates the website getdatapilot.com and the Data Pilot desktop application. For most processing described here we act as data controller. For features where we process content on your behalf such as storing documentation texts, ERD structure, and the structure of your queries we act as processor under your instructions.

2. What we collect

  • Account data: name, email, company, role, password hash, plan and seat information.
  • Service data: documentation texts, ERD diagram structure, connection metadata labels, workspace settings, and the structure of queries saved to your account. Query results remain in your databases unless you choose to export.
  • Usage and device data: app version, feature interactions, crash reports, anonymized device identifiers, IP address, timestamps, and basic telemetry for security and diagnostics.
  • Billing data: payment method tokens, billing contact, VAT details, invoices handled by our payment processor.
  • Support data: messages you send to support and related attachments.
  • Cookies and similar: see the Cookies section below.

3. How we use data and legal bases

  • Provide the service including authentication, saving documentation and query structure, license checks, and syncing settings. Legal basis: contract performance.
  • Security and fraud prevention including logs, rate limiting, and abuse detection. Legal basis: legitimate interest.
  • Product analytics to improve reliability and usability with aggregated metrics. Legal basis: legitimate interest or consent where required.
  • Billing and taxes including subscriptions and invoices through our processor. Legal basis: contract performance and legal obligation.
  • Communication about changes, incidents, or policy updates. Legal basis: contract performance and legal obligation.
  • Marketing emails only with your consent. You can opt out at any time.
  • AI features: if you use your own AI key processing is performed by your chosen provider under their terms. If you use Data Pilot managed AI we process your prompts and outputs to provide the feature and to secure the service. We do not use your prompts or outputs to train our own models. Legal basis: contract performance.

4. Sharing and processors

We do not sell personal data. We share data with service providers who act as our processors and only under written contracts.

  • Hosting and infrastructure to run the service and store account data.
  • Payment processing for subscriptions and invoices.
  • Email and support to send service emails and manage tickets.
  • Analytics and crash reporting to improve stability and performance.
  • AI model providers if you opt in to Data Pilot managed AI. If you bring your own AI key you contract directly with that provider.

We maintain an updated list of sub processors in our Privacy Resources. See Subprocessors.

5. International transfers

Where data is transferred outside the EU or EEA we rely on an adequacy decision or on Standard Contractual Clauses combined with additional safeguards. You can contact us for a copy of the relevant transfer mechanism where appropriate.

6. Retention

  • Account data is kept while your account is active and then deleted or anonymized after a reasonable period.
  • Documentation, ERD structure, and workspace settings persist until you delete them or close the account.
  • Security logs are typically kept up to ninety days unless needed for an investigation.
  • Billing records are retained as required by tax and accounting law.

7. Your rights

If you are in the EU or EEA you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. You can withdraw consent where consent is the basis. You can exercise rights through our Contact page or by email.

You also have the right to lodge a complaint with the Italian Data Protection Authority Garante per la protezione dei dati personali.

8. Cookies and similar technologies

We use necessary cookies to run the site and optional cookies for analytics. Where required we ask for your consent through a banner. You can change preferences at any time via Cookie Settings.

  • Necessary: session management, security, load balancing.
  • Analytics: aggregated metrics about pages and features. We configure analytics to respect privacy features where available.
  • Advertising: not used by default.

Cookies can be session or persistent. You can block cookies in your browser settings but some features may not work. For more details see our Cookie Policy.

9. AI features

  • Bring your own key: prompts and outputs are sent directly to your chosen AI provider under your contract and policies.
  • Managed AI: if you select Data Pilot managed AI we process prompts and outputs to provide the feature and to secure the service. We do not use your prompts or outputs to train our own models.
  • Avoid sending personal data in prompts unless necessary and lawful. If you process personal data with AI features you are responsible for having a valid legal basis and for providing any required notices to data subjects.

10. Security

We implement reasonable technical and organizational measures including encryption in transit, access controls, and regular monitoring. Secrets and credentials are stored with encryption at rest where applicable. No method is perfectly secure and you should protect access to your databases and credentials.

11. Payments

We use a payment processor such as Stripe to handle payments and store payment methods. Card data is processed by the processor and not stored by us. We receive limited billing information needed for invoices and compliance.

12. Children

Data Pilot is for business users and is not directed to children. We do not knowingly collect personal data from anyone under eighteen. If you believe a child has provided personal data contact us to delete it.

13. Regional notices

If you are in jurisdictions with specific rules we will comply with applicable law. For California residents we do not sell or share personal information as defined by California law. You can contact us with questions about your rights.

14. Changes to this policy

We may update this policy to reflect changes in our service or in the law. We will post the new version with an updated date and when changes are material we will provide reasonable notice.

15. Contact

For privacy requests or questions contact us at privacy@getdatapilot.com or through our Contact page.

You can also contact the Italian Data Protection Authority Garante per la protezione dei dati personali.

To review or change your cookie choices open the cookie preferences in the site footer or your browser settings.