DocsPilot

Privacy Policy

Last updated:

GDPR & CCPA compliant

DocsPilot, Inc. ("DocsPilot", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

1. What We Collect

We collect information you provide directly to us and information generated automatically when you use our services.

Information you provide

  • Account data: name, email address, password (hashed), profile photo.
  • Payment data: billing address, last 4 digits of card (full card details are processed by Stripe and never stored on our servers).
  • Communications: messages you send to our support team or via our contact form.
  • Repository content: code, README files, and commit metadata from GitHub repositories you choose to connect.
  • GitHub OAuth token: the access token issued by GitHub when you connect your account. This token is stored encrypted at rest using AES-256 and is used solely to read repository content on your behalf. You can revoke it at any time from your GitHub settings or your DocsPilot account.

Information collected automatically

  • Usage data: pages visited, features used, search queries, and interaction patterns.
  • Device data: IP address, browser type and version, operating system, referring URLs.
  • Log data: server logs capturing requests, error codes, and response times.

2. How We Use It

We use the information we collect to:

  • Provide, operate, and improve our services.
  • Process transactions and send related information (receipts, invoices).
  • Send transactional and service-related communications.
  • Send marketing communications (you can opt out at any time).
  • Monitor and analyse usage trends to improve user experience.
  • Detect, investigate, and prevent fraudulent or illegal activities.
  • Comply with legal obligations.

Legal bases (GDPR): We process your data on the basis of contract performance, legitimate interests, legal obligation, and — where required — your consent.

3. Cookies

We use cookies and similar tracking technologies to operate and improve our services.

Category Purpose Retention
Strictly necessaryAuthentication, security, session managementSession / 30 days
FunctionalPreferences, language, UI state1 year
MarketingAd attribution (opt-in only)90 days

You can manage cookie preferences at any time. See our Cookie Policy for full details and opt-out instructions.

4. Third-Party Services

We share data with trusted third parties only as necessary to operate our service:

  • Stripe — payment processing (PCI-DSS Level 1 certified).
  • GitHub — repository access (OAuth tokens stored encrypted).
  • AWS — infrastructure hosting (eu-west-1 and us-east-1 regions).
  • Resend — transactional email delivery.

We do not sell your personal data to any third party.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy:

  • Account data: retained while your account is active plus 30 days after deletion request.
  • Payment records: 7 years (legal requirement).
  • Support messages: 2 years.
  • Usage logs: 90 days.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honour all requests regardless of jurisdiction.

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data.
  • Portability: receive your data in a machine-readable format.
  • Restriction: ask us to stop processing your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Opt-out of sale (CCPA): we do not sell personal information. California residents may submit a "Do Not Sell" request regardless.

To exercise any of these rights, email privacy@docspilot.dev or use our contact form. We respond within 30 days.

7. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, least-privilege access controls, regular security audits, and an incident response plan.

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, contact us immediately at security@docspilot.dev.

8. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice in the product at least 14 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact for Data Requests

For all privacy-related enquiries, requests, or complaints:

DocsPilot, Inc.

Email: privacy@docspilot.dev

Subject line: Privacy Request — [Your Name]

EU/EEA residents may also lodge a complaint with your local supervisory authority.

Ready to get started with a product that respects your data?

← Back to DocsPilot Data request → Start free trial →