ChangePilotHome

Draft v1 — pending legal review

Placeholder working draft for pre-launch testing. The factual content below (vendors, data categories, retention) is accurate for the current build; legal language is pending counsel review.

Privacy Policy

Last updated: 2026-04-17 (draft)

1. What we collect

  • Account data: email, name, password hash, organization membership, role.
  • Project content: the descriptions, task lists, comments, and files you create in the product.
  • Usage signals: pages visited, feature interactions, error reports, anonymized performance telemetry.
  • Billing data: handled by Stripe (we don’t see card numbers; we store your Stripe customer ID and subscription status).

2. How we use it

  • Run the product: host your projects, send your notifications.
  • Generate AI plans from your descriptions — your text is sent to the AI provider (see §4) and returned to you. Outputs are saved against your account.
  • Improve the product using aggregated, anonymized signals — not your raw content. If we ever train a model on customer content, we’ll ask you first.
  • Enforce usage limits, detect abuse, respond to security incidents.
  • Send transactional email (verify, reset, important product notices).

3. Who sees it inside ChangePilot

Your project content is visible only to you and the teammates you invite. Within an organization, administrators can see their org’s projects per our role-based-access rules. ChangePilot staff access customer data only for support (at your request), security investigation, or legal compliance — and the access is logged.

4. Sub-processors (third-party vendors)

We use the following vendors to operate the Service:

  • Supabase — authentication and database (PostgreSQL).
  • Vercel — application hosting and CDN.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Anthropic and Google — AI model providers that process the text you submit to the planner. They process content for us under enterprise data-processing terms and do not retain it for training.
  • Sentry — error monitoring. Sensitive fields are scrubbed before reports are sent.
  • Upstash — rate-limiting and caching.

5. Retention and deletion

We keep your data while your account is active. If you close your account, we retain your data for 30 days so you can recover it, then delete or anonymize it within 90 days except where a law requires longer retention (e.g. tax records).

6. Your rights

You can access, correct, export, or delete your personal data. Account-level exports are on the roadmap; in the interim, request via /contact and we’ll respond within 30 days.

If you’re in the EEA, UK, California, or another jurisdiction with specific privacy rights (GDPR, CCPA, etc.), those rights apply. The lawful bases we rely on are contract (to provide the Service) and legitimate interest (to operate and secure it).

7. Cookies and similar technologies

We use strictly necessary cookies for authentication and session management, and a small number of functional cookies for preferences (dark mode, feature-flag bypass for developers). We don’t use advertising cookies.

8. Security

Data in transit is encrypted with TLS. Data at rest is encrypted by our database and storage providers. Responsible-disclosure contact: see /contact.

9. Changes to this Policy

We may update this Policy as the Service evolves. If the change is material, we’ll notify you by email or in-product notice at least 14 days before it takes effect.

10. Contact

Questions or requests: /contact.