Introduction
Onpilot AI ("Onpilot," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at onpilot.ai, our platform, APIs, and related services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.
Information We Collect
Information you provide to us
- Account information: name, email address, company name, and password when you create an account.
- Billing information: payment method details processed securely through Stripe. We do not store full card numbers on our servers.
- Content and data: any data, documents, or content you upload to configure or train your agents.
- Communications: information you provide when you contact our support team or respond to surveys.
Information collected automatically
- Usage data: pages visited, features used, API call volumes, token consumption, and interaction patterns.
- Device information: browser type, operating system, IP address, and device identifiers.
- Cookies and similar technologies: see our Cookie Policy for details.
Information from third parties
We may receive information from authentication providers (e.g., Google OAuth) when you choose to sign in using a third-party service.
How We Use Your Data
We use the information we collect to:
- Provide, operate, and maintain our Services.
- Process transactions and send related billing information.
- Improve and personalize your experience, including AI model performance.
- Communicate with you about updates, security alerts, and support messages.
- Detect, prevent, and address technical issues, fraud, or abuse.
- Comply with legal obligations and enforce our terms.
- Generate aggregated, anonymized analytics to improve our platform.
We do not sell your personal data to third parties.
Data Sharing
We may share your information only in the following circumstances:
- Service providers: trusted third parties that help us operate our Services (e.g., hosting, payment processing, email delivery). These providers are contractually obligated to protect your data.
- Legal requirements: when required by law, court order, or governmental regulation.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
- With your consent: when you explicitly authorize us to share your information.
Sub-processors
The current, authoritative list of Sub-Processors that process Customer Data is published at onpilot.ai/sub-processors. A non-exhaustive summary is shown below; please refer to the dedicated page for the complete list, locations, and the data each Sub-Processor processes.
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | Global |
| Cloudflare | CDN, DDoS protection, DNS | Global |
| Stripe | Payment processing | United States |
| Resend | Transactional email delivery | United States |
Data Retention
We retain your personal data only for as long as necessary to provide our Services and fulfil the purposes described in this policy. When you delete your account:
- Account data is deleted within 30 days of the deletion request.
- Agent training data and conversation logs are permanently removed within 30 days.
- Billing records may be retained for up to 7 years to comply with tax and accounting obligations.
- Aggregated, anonymized data that cannot identify you may be retained indefinitely.
Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Regular security assessments and penetration testing.
- Role-based access controls and principle of least privilege.
- Continuous monitoring and automated threat detection.
For more details, see our Security page.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Under GDPR (EEA/UK residents)
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your personal data ("right to be forgotten").
- Restriction: request restriction of processing in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests or direct marketing.
- Withdraw consent: withdraw consent at any time where processing is based on consent.
Under Canadian data protection law
If you are located in Canada, you have rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including the right to access, correct, and withdraw consent for the processing of your personal data.
To exercise any of these rights, contact us at info@onpilot.ai. We will respond within 30 days.
International Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: info@onpilot.ai
- Company: Onpilot AI
- Address: Toronto, Ontario, Canada
© 2026 Onpilot AI. All rights reserved.