Privacy Policy

AskPilot ("we", "us", or "our") is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our platform.

This policy is designed to comply with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018), the European General Data Protection Regulation (GDPR - Regulation EU 2016/679), and other applicable data protection laws.

1. Data Controller

AskPilot is the data controller responsible for your personal data. For company-uploaded content, the organization that subscribes to AskPilot acts as the data controller, and AskPilot acts as the data processor.

2. Data We Collect

2.1 Account Information

• Full name and email address
• Company name, address, and tax ID (CNPJ)
• Password (stored encrypted)
• Role within the organization

2.2 Usage Data

• Questions asked through the chat
• Feature usage patterns and frequency
• Device information, IP address, and browser type

2.3 Company Content

• Documents, SOPs, and knowledge base content uploaded by administrators
• AI-generated responses derived from uploaded content

3. How We Use Your Data

• Provide, maintain, and improve the AskPilot service
• Generate AI-powered responses from your organization's knowledge base
• Process payments and manage subscriptions
• Send service-related communications (updates, security alerts, support)
• Analyze usage patterns to improve our platform
• Comply with legal obligations and enforce our Terms of Use

4. Legal Basis for Processing (LGPD & GDPR)

We process your personal data based on the following legal grounds:

• Consent — When you create an account and accept our Terms, or when you opt in to receive marketing communications.
• Contract performance — Processing necessary to provide the service you subscribed to.
• Legitimate interest — Improving our service, ensuring security, and preventing fraud.
• Legal obligation — Compliance with tax, accounting, and data protection regulations.

5. Data Sharing and Third Parties

We share your data only with trusted third parties that are necessary to operate the Service:

• AI Processing (OpenAI) — Questions and relevant knowledge context are sent to OpenAI to generate responses. OpenAI does not use this data to train its models under our agreement.
• Hosting & Database (Supabase / Vercel) — Your data is stored and processed on secure cloud infrastructure.
• Payment Processing (Stripe) — Payment information is processed directly by Stripe. We do not store credit card details.
• Analytics (Vercel Analytics) — Anonymous usage data is collected to help us improve the platform.

We do not sell, rent, or trade your personal data. We will only share data beyond these purposes if required by law or with your explicit consent.

6. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our service providers operate. When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and data transfer impact assessments.

For transfers from Brazil, we comply with the LGPD requirements for international data transfers, including ensuring the recipient country provides an adequate level of data protection or that appropriate contractual guarantees are in place.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. Account data is retained while your account is active and for up to 5 years after deletion to comply with tax and legal obligations.

Company content (knowledge base) is deleted within 30 days of account termination or upon written request. Anonymized and aggregated data may be retained indefinitely for analytical purposes.

8. Your Rights

Under the LGPD and GDPR, you have the following rights regarding your personal data:

• Right of access — Request a copy of the personal data we hold about you
• Right of rectification — Request correction of inaccurate or incomplete data
• Right of deletion (erasure) — Request deletion of your personal data, subject to legal retention requirements
• Right of data portability — Receive your data in a structured, machine-readable format
• Right to restrict processing — Request that we limit processing of your data in certain circumstances
• Right to object — Object to processing based on legitimate interest
• Right to withdraw consent — Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@askpilot.com.br. We will respond within 15 days (LGPD) or 30 days (GDPR) of receiving your request.

9. LGPD-Specific Provisions (Brazil)

In compliance with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018), we ensure that all processing of personal data of individuals in Brazil follows the principles of purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability.

Our Data Protection Officer (DPO/Encarregado) can be reached at dpo@askpilot.com.br for any inquiries regarding the processing of your personal data.

You have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD) if you believe your data protection rights have been violated.

10. GDPR-Specific Provisions (EU/EEA)

For users in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR). Data transfers outside the EU/EEA are protected by Standard Contractual Clauses and other appropriate safeguards.

You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have not adequately addressed your concerns.

11. Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Data encryption in transit (TLS/SSL) and at rest
• Multi-tenant data isolation — each organization's data is completely separated
• Secure authentication with encrypted password storage
• Regular security assessments and monitoring

12. AI and Data Processing

AskPilot uses artificial intelligence to process and respond to questions. It is important to understand:

• Your company data is never used to train public AI models
• AI responses are generated solely from your organization's uploaded knowledge base
• Questions and context are sent to the AI provider (OpenAI) only for the purpose of generating a response and are not stored by the provider for training purposes

13. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential cookies — Required for authentication, security, and basic platform functionality. Cannot be disabled.
• Analytics cookies — Help us understand how users interact with the platform. Can be disabled.
• Preference cookies — Store your settings such as language and theme preferences.

14. Children's Privacy

AskPilot is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through the platform at least 30 days before they take effect. We encourage you to review this policy periodically.

16. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, please contact us:

AskPilot
Data Protection Officer (DPO): dpo@askpilot.app
General inquiries: privacy@askpilot.app

For Brazil: You may also contact the ANPD (Autoridade Nacional de Proteção de Dados) at www.gov.br/anpd. For the EU: Contact your local Data Protection Authority.