Privacy Policy

Scope of this policy

This policy describes how Pilot collects, uses, shares, retains and protects the personal data we receive when you contract the service, browse our website or use the product. It applies to corporate customers, to the end users they enable and to those who contact us through commercial channels.

Pilot acts as a data controller with respect to the commercial data we collect directly (site visitors, prospects, commercial contacts) and as a data processor with respect to the data your company uploads or synchronizes within the product. In both cases we apply the same technical and organizational safeguards.

What data we collect

We collect data in three categories:

Account and billing data: name, corporate email, company name, job title, country, tax data necessary to issue an invoice.
Product usage data: access logs, actions performed within the platform, account settings, adoption metrics by module.
Data uploaded by your company: contacts, customers, opportunities, messages, documents, calendars, transcripts, accounting records and any other content your company enters or synchronizes with Pilot through authorized integrations.

We do not collect special categories of data (health, religion, political views or others considered sensitive) unless your company uploads them voluntarily within the corresponding modules. In that case, your company is responsible for the legal basis of the processing.

Legal basis for processing

We process your personal data based on:

Contractual performance to deliver the contracted service.
Legitimate interest to improve the product, prevent fraud and maintain operational security.
Explicit consent for commercial communications and for non-essential cookies.
Legal obligation when competent authorities require it through a valid order.

How we use your data

We use personal data to:

Operate the platform and deliver the contracted features.
Provide technical support, service communications and operational notifications.
Handle billing, collections and compliance with tax obligations.
Improve the product, measure adoption and diagnose problems.
Send commercial communications (only if you gave consent or if there is an ongoing contractual relationship).

We do not sell personal data to third parties. We do not use the data uploaded by your company to train public artificial intelligence models.

How we share data with third parties

We share personal data with third parties only in these scenarios:

Subprocessors that provide us with infrastructure, security, communications, payment and support services. Each one signs data processing agreements compatible with the GDPR and Law 8968.
Integrations that your company explicitly authorizes from the product (for example, synchronization with your CRM or your accounting).
Public authorities when there is a valid legal order.
Professional advisors (legal, accounting, auditors) under a duty of confidentiality.

The up-to-date list of subprocessors is published in the security section of the site and is updated at least 30 days in advance of any relevant change.

International transfers

Your data may be processed in countries other than yours, whether due to the distributed nature of the infrastructure or to subprocessors based in other jurisdictions. In all cases we apply standard contractual clauses or equivalent mechanisms to ensure an adequate level of protection.

Retention

We retain personal data while the account is active and for the minimum period necessary after termination to comply with legal, tax and audit obligations. As a general reference:

Account and billing data: up to 10 years after termination, due to accounting and tax requirements.
Data uploaded by your company: deleted within 90 days after termination, unless an express request for additional retention is made.
Operational and security logs: up to 24 months.

Your rights

As the owner of your personal data, you have the right to:

Access the data we hold about you.
Rectify inaccurate data.
Request erasure when the data is no longer necessary.
Object to processing based on legitimate interest.
Request the portability of your data in a structured format.
Withdraw consent when consent is the legal basis.

We respond to requests within a maximum of 30 days. To exercise any of these rights, write to us at privacy@pilot.cr.

Cookies and similar technologies

We use cookies and similar technologies to operate the site, remember preferences and measure traffic. The full policy, the cookie categories and the opt-out options are described in the cookie policy.

Minors

Pilot is a B2B product intended for companies. It is not designed for minors under 18, nor do we intentionally collect their data. If we detect minors' data uploaded without a legal basis, we delete it once notified.

Changes to this policy

We may update this policy to reflect legal or product changes. Material updates are communicated at least 30 days in advance to active customers. The date of the last update appears above.

Contact

For inquiries, exercising rights or privacy-related complaints, write to us at privacy@pilot.cr. We respond in fewer than 30 business days.