Pilot
Back to homeSign in
Legal

Privacy Policy

Last updated · May 23, 2026

This policy describes what data Pilot collects when you use the Service at trypilot.dev, why we collect it, who we share it with, and the choices you have. It applies to the workspace owner, members, and visitors to the public marketing site.

01

What we collect

We collect only what we need to operate the Service. Concretely:

  • Account information. When you sign in with Google, we receive your name, email address, and Google account identifier. We store these to authenticate you and to display you in your workspace.
  • Workspace metadata. The workspace slug, members, roles, and connection settings you configure.
  • Repository content and metadata.Through the GitHub App you install, we read repository files, branches, commits, and pull-request metadata that Pilot needs to draft specs and open pull requests. We don’t persist your source code beyond what’s required to generate a suggestion, a spec, or a pull request, and we don’t push code to your repository without an action you approve.
  • Analytics connections. A PostHog personal API key you supply. We store it encrypted at rest with AES-256-GCM and use it only to read the events and experiment results Pilot needs.
  • Experiments, suggestions, and decisions. The specs, hypotheses, allocations, decision-engine outputs, and promotion history Pilot generates and stores on your behalf.
  • Service logs. Standard server logs (timestamps, IP, user agent, route, status code) used to operate and secure the Service.
  • Product analytics.Pilot uses analytics to understand how the dashboard is used and to debug issues. We don’t sell this data.
  • Waitlist signups. If you join the waitlist, we store your email, the time you joined, and your position in the queue.

We don’t ask for, and try not to receive, special categories of personal data (such as health, biometric, or government-ID data). Please don’t submit them.

02

How we use it

We use the data above to:

  • Operate the Service — authenticate you, render the dashboard, run the agents, open pull requests, and refresh experiment results.
  • Communicate with you about your account — for example, waitlist updates, security notices, and material changes to the Service.
  • Keep the Service secure — detect abuse, debug failures, and respond to incidents.
  • Improve the Service — diagnose issues and prioritize what to build next, in aggregate.
  • Comply with legal obligations and enforce our terms.
03

Service providers we share data with

We use a small number of vendors to deliver the Service. Each processes data only on our instructions and under a written agreement.

  • Vercel hosts the application and runs the cron jobs that refresh results and evaluate decisions.
  • Neon (or an equivalent managed PostgreSQL provider) stores the workspace database.
  • Google handles sign-in. We receive your name, email, and account identifier as described above.
  • GitHub hosts your repositories. The GitHub App you install scopes Pilot’s access to the repositories you choose.
  • PostHog is the analytics provider you connect. The API key you supply stays in our database, encrypted at rest, and is only sent to PostHog.
  • Anthropic provides the language models behind Pilot’s agents. Prompts and context sent to Anthropic may include excerpts of your repository content and your experiment data.
  • Resend sends transactional email (waitlist notifications, account emails).

We don’t sell or rent personal data, and we don’t share it for advertising.

04

Cookies and sessions

Pilot uses a small number of first-party cookies — primarily a signed session cookie (issued via iron-session) that keeps you logged in, and a transient state cookie used during the Google OAuth handshake. We don’t use third-party advertising cookies on the product or marketing pages.

05

Security

We follow practices appropriate to the sensitivity of the data we handle: TLS in transit, AES-256-GCM at rest for the PostHog API keys you supply, scoped GitHub App permissions, principle of least privilege for staff access, and regular dependency updates. No system is perfectly secure; if you believe you’ve found a vulnerability, please use the contact block below.

06

Data retention

We retain workspace data for as long as your workspace is active, plus a short period afterward so accidents can be reversed. When you delete a workspace, we delete the associated rows — including the encrypted PostHog key — within thirty days, except where law requires longer retention or where data has been aggregated and anonymized.

Service logs are retained for up to ninety days, then deleted or anonymized.

07

Your choices and rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict our processing of your personal data, and to object to processing or withdraw consent where we rely on it. You can exercise these rights by writing to us at the address below. We won’t charge you for a first request in a year, and we’ll respond within the period required by applicable law.

You can stop our access at any time by uninstalling the GitHub App, disconnecting your PostHog project from the dashboard, or requesting deletion of your workspace.

08

International transfers

Pilot and most of its service providers are based in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US. We rely on appropriate transfer mechanisms — such as the EU Standard Contractual Clauses — where required.

09

Children

The Service is not directed to children under 16, and we don’t knowingly collect personal data from them. If you believe a child has provided personal data to us, please write to us and we’ll delete it.

10

Changes to this policy

We may update this policy from time to time. If we make material changes, we’ll let you know — by email to the address on your account, by a notice in the dashboard, or both — before they take effect.

Contact

Questions about this policy, a request about your data, or a possible security issue? Write to us at privacy@trypilot.dev.

Pilot© 2026trypilot.dev
DashboardDemoPrivacyTermsSecuritySupport