Legal

Privacy Policy

Last updated May 20, 2026

Pilotiq is operated by Arincen Ltd. (“Pilotiq”, “we”, “us”). This Privacy Policy explains what information we collect when you use our website, hosted product, and open-source CMS, how we use it, and the choices you have.

By using Pilotiq you agree to this policy. If you do not agree, please do not use the service. Questions? Email [email protected].

1. Information we collect

We collect only what we need to run the service, support you, and improve the product.

  • Account information you provide: name, email, password, company, and (where relevant) profile details.
  • Workspace content you create or upload: articles, brand guidelines, media assets, schemas, agent configurations, and any data you import from connected sources (Google Drive, GitHub, Notion, etc.).
  • Usage data: pages visited, features used, agent runs, error logs, and approximate device/browser information.
  • Billing information: handled by our payment processor (Stripe). We never see or store full card numbers — only the last four digits and the expiry date for receipts.
  • Communications: messages you send us via the contact form, email, or in-app chat.

2. How we use your information

  • Operate Pilotiq — store your content, run agents, and deliver the features you signed up for.
  • Authenticate you and keep your account secure.
  • Bill you for paid plans, top-ups, and Pilotiq Credits.
  • Provide support and respond to your messages.
  • Send essential service notices (security, billing, downtime, material policy changes).
  • Send product updates only if you opt in — you can unsubscribe at any time.
  • Improve the product with aggregated, de-identified usage statistics.

3. AI providers and your content

Pilotiq is an AI-first product. When agents run, prompts and the relevant content are sent to the AI provider that powers that task.

  • When you use Pilotiq Credits, prompts are routed through the Pilotiq meta-model gateway to AI providers we contract with — currently Anthropic (Claude), DeepSeek, and Google (Gemini). See our dedicated AI privacy page (/ai-privacy) for the full data path and what we log per call.
  • When you bring your own AI key, prompts go directly to that provider under your account, and that provider’s terms govern that traffic. Pilotiq does not retain those prompts beyond what is needed to run the task.
  • We do not use your content to train any AI model — ours or a third party’s. Our agreements with AI providers prohibit them from training on your content.
  • You can choose which providers and models are allowed in your workspace. Some workflows can be restricted to your BYO keys only.

4. The Pilotiq meta-model gateway

When you select the “Pilotiq (auto)” model in your chat panel, your message is sent to pilotiq.io’s inference gateway. The gateway picks the best backend provider (Anthropic, DeepSeek, or Google) for the message, forwards it under our data-processing terms with that provider, streams the response back, and debits Pilotiq Credits at the provider’s wholesale rate plus a small margin.

  • Every gateway call is recorded in an internal audit log: timestamp, the license that made the call, the provider and model that answered, token counts, status (success, failure, credits-exhausted), and the router’s reasoning category (rules, classifier, or hint). The first 8 characters of the runtime token are recorded for operator triage.
  • We do NOT store the prompt content, system instructions, tool definitions, or model output in the audit log. The gateway only sees these to forward them upstream — they are not persisted on Pilotiq infrastructure.
  • Audit log rows are retained for 90 days, then automatically deleted. We use them to debug routing, detect abuse, and answer your billing questions.
  • You can opt out of the gateway entirely by switching your chat panel’s model dropdown to a BYO-key model, or by setting `license: false` when wiring our AI plugin in a self-hosted deployment.

5. Sharing with service providers

We share data only with vendors that help us run the service, under written data-processing agreements. Categories include cloud hosting, email delivery, error monitoring, payment processing, customer support tooling, and the AI providers described above.

We do not sell your personal information, and we do not share it with advertisers.

6. Legal requests

We may disclose information if required by law, valid legal process, or to protect the rights, property, or safety of Pilotiq, our users, or the public. Where legally permitted, we will notify the affected account before disclosing.

7. Storage, security, and retention

  • Data is stored on encrypted infrastructure with reputable cloud providers in the EU and the United States.
  • We use TLS in transit, encryption at rest, role-based access controls, and audit logging.
  • We retain workspace content while your account is active. After you delete your account or a specific workspace, we permanently remove the content within 30 days, except where we are legally required to keep it longer (e.g. tax records).
  • Backup copies are rotated and removed within 90 days.

8. Your rights

Depending on where you live, you have rights over your personal information — including the right to access, correct, export, restrict, or delete it, and to object to certain processing.

  • You can view and edit most of your data directly inside Pilotiq.
  • To exercise any of the rights above, email [email protected] from the address on your account. We respond within 30 days.
  • If you’re in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

9. Cookies and tracking

  • We use a small number of essential cookies for login, security, and remembering your preferences.
  • We use first-party, privacy-respecting analytics to understand product usage. We do not use third-party advertising trackers.
  • You can disable non-essential cookies in your browser without breaking core functionality.

10. Self-hosted and open source

The Pilotiq CMS is open source. When you self-host the CMS on your own infrastructure, your content stays with you — we do not see, collect, or process it.

In a self-hosted deployment, you are the data controller for your users’ data. If you also use paid Pilotiq plugins (agent library, AI orchestration, media library) with your own AI keys, prompts go directly from your deployment to the AI provider; Pilotiq only validates your license.

11. Children

Pilotiq is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

12. International transfers

Pilotiq is operated globally. Your information may be transferred to, stored in, and processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we’ll notify account holders by email or in-product at least 14 days before the changes take effect. The “Last updated” date at the top of this page always reflects the current version.

Privacy questions, data requests, or feedback on this policy: email [email protected]. We aim to respond within one business day.