1. Information We Collect
We collect information you provide directly and data generated through your use of the platform:
- Account data: Username, email address, company name, and job title when you register or submit a demo request.
- Security telemetry: Alert and event data you send to Pilot via webhooks from your security tools (SentinelOne, CrowdStrike, Defender, etc.). This data belongs to you.
- Usage data: Log files, session information, page views, and feature interactions for the purpose of platform reliability and performance.
- Support communications: Messages you send to our team via email or the contact form.
2. How We Use Your Data
- To provide and operate the Pilot security operations platform
- To authenticate your identity and maintain session security
- To send transactional emails (account notifications, password resets, incident reports)
- To respond to support requests and demo inquiries
- To detect abuse, enforce rate limits, and protect platform integrity
- To improve platform performance and reliability through aggregated, anonymized analytics
We do not use your security telemetry data to train machine learning models, profile your organization, or for any purpose other than operating the service on your behalf.
3. Data Sharing
We do not sell, rent, or trade your personal data. We may share data with:
- Infrastructure providers: Cloud hosting (compute, storage) under data processing agreements that prohibit secondary use.
- Email delivery: Transactional email providers for account and notification emails only.
- Legal compliance: When required by law, court order, or to protect the rights and safety of our users or the public.
4. Data Residency
By default, all platform data is processed and stored on infrastructure within the United States. Enterprise customers may request specific regional data residency (EU, UK, or APAC). Please contact us at [email protected] before onboarding if residency requirements apply to your organization.
5. Retention
- Incident & signal data: Retained for the duration of your subscription plus 90 days.
- Audit logs: Retained for 12 months from creation.
- Account data: Retained until account deletion is requested and processed.
- Demo request data: Retained for 12 months for sales follow-up, then deleted.
6. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (right to erasure)
- Request restriction of processing
- Data portability — receive your data in a machine-readable format
- Object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We will respond within 30 days.
7. Cookies
Pilot uses a single session cookie (sp_session) to maintain your authenticated state. This cookie is strictly necessary for the application to function and does not track you across sites. We do not use advertising cookies, analytics third-party cookies, or pixel trackers.
8. Security
We protect your data with industry-standard controls: TLS 1.2+ in transit, bcrypt password hashing, HMAC webhook verification, and full access audit logs. See our Security Practices page for details.
9. Children
Pilot is a professional security operations platform. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data to us, contact [email protected] and we will delete it promptly.
10. Changes to This Policy
We will update this page when the policy changes and revise the "Last updated" date. Material changes will be communicated via email to registered account holders at least 14 days before taking effect.