Privacy Policy
Last updated: 21 February 2026 Effective from: 21 February 2026 Data Controller: PiePilot AI Ltd. ("PiePilot", "we", "us") Data Protection contact: privacy@piepilot.ai
This Privacy Policy explains how PiePilot AI collects, uses, shares, and protects your personal data when you use the website at https://piepilot.ai, the Progressive Web App, or any associated service (the "Service"). It applies to all Users worldwide, with specific sections for residents of the UK, EEA, Brazil, and (where relevant) California.
If you have any question about how we handle your data, write to privacy@piepilot.ai and we will respond within 30 days (or sooner where the law requires it).
1. Who is the controller?
PiePilot AI Ltd. is the data controller for all personal data processed through the Service. We are a private limited company incorporated in England and Wales; registered office details will be added to the website footer once Companies House registration is finalised.
Where this policy refers to "Personal Data" we mean the same as in Article 4(1) UK GDPR / EU GDPR / Article 5(I) LGPD (Brazil): any information relating to an identified or identifiable individual.
2. What data we collect
We deliberately keep our data footprint small.
2.1 Data you give us directly
| Category | Examples | Why we need it |
|---|---|---|
| Account data | Email, name, hashed password (bcrypt), preferred language (en / pt / es), preferred display currency, referral code | Create and operate your account |
| Portfolio configuration | Selected broker label, portfolio template, target amount, investor level (beginner/intermediate/advanced), preferred-broker step-by-step preferences | Personalise AI output and the educational lesson library |
| Notification preferences | Email-alerts toggle, SMS/WhatsApp-alerts toggle, phone number (if you opt in) | Send the alerts and morning briefings you ask for |
| Subscription & billing data | Stripe customer ID, subscription ID, plan, premium-until date, transaction IDs | Operate your subscription; comply with tax law |
| Support interactions | Messages you send to PilotBot or to a human-escalated ticket | Provide customer support and improve the assistant |
2.2 Data generated automatically
| Category | Examples | Why |
|---|---|---|
| Authentication tokens | A signed JWT in an httpOnly secure cookie, with a localStorage fallback for browsers that block cross-site cookies | Keep you logged in securely |
| Activity logs | Lessons you have received (lessons_sent), date of last morning briefing, IP address used at registration (for anti-fraud rate-limiting only — never used for advertising) | Operate features and prevent abuse |
| Technical telemetry | Browser type, device class, locale, timestamps. We do not use Google Analytics or any third-party advertising pixel | Diagnose bugs and improve reliability |
2.3 Data from third parties
Where you connect a real broker (future feature), we will receive read-only portfolio data via the broker's OAuth/API and process it under a separate, opt-in consent specific to that integration. We will never ask for, store, or use your broker login credentials directly.
2.4 What we DO NOT collect
- We do not collect your real identity documents, national ID number, tax number, or proof of address. We do not perform KYC/AML because we do not handle client money.
- We do not collect special-category data (religion, ethnicity, health, sexual orientation, biometric, genetic, etc.). Please do not include such data in support messages or AI inputs.
- We do not sell your data to data brokers or advertising networks.
3. Cookies and similar technologies
We use a strict, privacy-first cookie setup:
- Strictly necessary cookies: a JWT session cookie (httpOnly, secure, sameSite=lax) and a CSRF mitigation cookie. These are essential to keep you logged in; they cannot be disabled.
- Functional storage (localStorage): your preferred language (
pp_lang), your dismissed-banner flag (pp_demo_disclaimer_dismissed_v1), and an offline cache of static app shell assets (Service Worker). All purely first-party, no third-party trackers. - No advertising or analytics cookies. We do not embed Google Analytics, Meta Pixel, or any third-party tracker.
You can clear all PiePilot cookies and localStorage at any time via your browser settings; doing so will simply log you out.
4. Legal bases under UK GDPR / EU GDPR
For each processing purpose, we rely on one of the lawful bases set out in Article 6:
| Purpose | Lawful basis |
|---|---|
| Creating and securing your account, providing the core Service, sending transactional account emails | Performance of a contract (Art. 6(1)(b)) |
| Sending the daily/weekly morning briefing, premium alerts, marketing-grade product update emails | Consent (Art. 6(1)(a)) — you opt in via the Notifications panel and can withdraw at any time |
| Anti-fraud rate-limiting (e.g. 5 referral attempts per IP per day) | Legitimate interest in protecting the integrity of the Service (Art. 6(1)(f)) — balanced against your rights |
| Keeping payment and tax records | Legal obligation under UK tax law and similar (Art. 6(1)(c)) |
| Defending or bringing legal claims | Legitimate interest (Art. 6(1)(f)) |
For Brazilian users, the equivalent bases under LGPD Article 7 apply (execução de contrato, consentimento, cumprimento de obrigação legal, legítimo interesse).
5. Use of generative AI (Anthropic Claude)
When you interact with the AI-powered parts of the Service (sentiment, recommendations, morning briefings, PilotBot, Golden Lessons), we send a minimum-necessary subset of your portfolio configuration and message text to Anthropic (Claude Sonnet 4.5) for inference. Specifically:
- What we send: ticker symbols, weights, technical indicators (RSI/PE/change %) we have for your selected universe, your selected language, the question or context you asked, and a server-generated session ID.
- What we DO NOT send: your name, email, phone number, IP address, password, Stripe customer ID, or any other personally identifying field.
- Anthropic's commitments: under Anthropic's Commercial Terms, your inputs and the AI outputs are not used to train Anthropic's models. Anthropic processes the data under its own privacy policy (https://www.anthropic.com/legal/privacy) and retains it for a limited operational period only.
- Data centre region: inferences are routed to Anthropic's US-region endpoints. Transfers from the UK/EEA rely on the UK International Data Transfer Addendum (IDTA) and EU Standard Contractual Clauses (SCCs).
If you do not want to use AI-powered features, you can still use the basic dashboard, but features such as sentiment, recommendations, morning briefings and PilotBot will be unavailable.
6. Who we share data with
We share Personal Data with a small, carefully chosen set of processors, each bound by a written Data Processing Agreement (DPA):
| Processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Stripe Payments UK Ltd. | Card processing, subscription billing | UK / US | SCCs + IDTA |
| Anthropic PBC | AI inference (see §5) | US | SCCs + IDTA |
| Resend Inc. | Transactional email delivery | US | SCCs + IDTA |
| MongoDB Atlas | Encrypted database hosting | EEA where contractually possible | SCCs |
| Cloudflare Inc. | DDoS protection, CDN, TLS termination | Edge network | SCCs |
| Twilio Inc. (future) | SMS / WhatsApp delivery — only when you opt in | US | SCCs |
We will also disclose Personal Data when we are legally required to (court order, valid law-enforcement request, regulatory mandate). Such requests are reviewed by a senior officer and, where lawful, the affected User is notified.
We do not sell Personal Data. We do not share data with advertising networks or data brokers.
7. International transfers
When your Personal Data is transferred outside the UK or EEA (typically to the US for AI inference, payment processing, or email delivery), we rely on:
- The UK International Data Transfer Addendum (IDTA) issued by the ICO;
- The European Commission's Standard Contractual Clauses (Module 2 — controller to processor); and
- Supplementary safeguards, including encryption-in-transit (TLS 1.2+), encryption-at-rest, principle of minimum-necessary disclosure, and a transfer-impact assessment for each processor.
You can request a copy of the safeguards by emailing privacy@piepilot.ai.
8. How long we keep your data
| Data | Retention period |
|---|---|
| Account data (active account) | While the account exists |
| Account data (deletion request) | Erased immediately under Art. 17 UK GDPR; backups overwritten within 30 days |
| Payment-transaction records | 7 years after the last transaction (UK tax law) — anonymised within 30 days of account deletion (user_id and user_email set to null; only the financial amount, currency, Stripe ID, and timestamp remain for audit) |
| Anti-fraud logs (referral_attempts) | 90 days |
| AI prompt session data we keep server-side | 30 days, then purged |
| Support tickets | 24 months after closure |
9. Security
We take a defence-in-depth approach:
- Passwords are stored only as bcrypt hashes with per-password salts.
- All authentication uses JWT with HS256 signed by a 256-bit secret rotated periodically; tokens expire after 7 days and can be revoked server-side.
- HTTPS / TLS 1.2+ is enforced everywhere; HSTS is configured on the public domain.
- The Stripe webhook endpoint validates the
Stripe-Signatureheader againstSTRIPE_WEBHOOK_SECRETto prevent forged payloads. - Database access is restricted to the application service account with least-privilege IAM.
- We rate-limit registration, login, and referral endpoints to prevent brute force and credential-stuffing.
- We do not log card numbers, full tokens, or password material anywhere.
In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the ICO (UK), the competent EU supervisory authority, and/or the ANPD (Brazil) within 72 hours as required by law, and notify affected Users without undue delay.
10. Your rights
You have the following rights, exercisable at any time by emailing privacy@piepilot.ai with proof of account ownership. We will respond within 30 days (extendable to 60 days for complex requests, with notice to you).
| Right (UK / EU GDPR Article) | What it means |
|---|---|
| Access (Art. 15) | A copy of all Personal Data we hold about you |
| Rectification (Art. 16) | Correct inaccurate data |
| Erasure (Art. 17) | "Right to be forgotten" — implemented directly in-app via Settings → Danger Zone → Delete account |
| Restriction (Art. 18) | Pause processing in disputed scenarios |
| Portability (Art. 20) | Receive your data in a structured, machine-readable JSON export |
| Objection (Art. 21) | Object to processing based on legitimate interest |
| Withdraw consent (Art. 7(3)) | Turn off marketing/briefing emails any time in Settings |
| Lodge a complaint | UK Users → ICO (ico.org.uk); EU Users → your national DPA; Brazilian Users → ANPD (gov.br/anpd); Spanish Users → AEPD (aepd.es) |
Brazilian (LGPD) and Californian (CCPA) specifics
- LGPD (Brazil): in addition to the above, you may request information about the entities with which we share your data (Art. 18 V LGPD).
- CCPA (California, USA): we do not sell Personal Data within the meaning of the CCPA. Californians have the right to know, the right to deletion, and the right to non-discrimination for exercising those rights.
11. Children
The Service is not directed at, and we do not knowingly process Personal Data of, children under the age of 18. If you believe we have inadvertently collected data from a minor, write to privacy@piepilot.ai and we will erase it.
12. Automated decision-making
Some Service outputs are AI-generated (sentiment classifications, suggested actions, morning briefings). These are educational and do not produce legal or similarly significant effects on you within the meaning of Article 22 UK/EU GDPR — they do not deny you a service, set your price, or otherwise restrict your rights. You always remain free to disregard the AI output and we do not act on it for you.
13. Changes to this Policy
We will publish material changes on this page, update the "Last updated" date, and notify registered Users by email and in-app banner at least 14 days before they take effect. The previous version remains archived and can be requested at privacy@piepilot.ai.
14. Contact
- Privacy & data-rights requests: privacy@piepilot.ai
- Security incidents: security@piepilot.ai
- Billing & legal queries: legal@piepilot.ai
- Post: registered office address to be added to website footer
PiePilot AI Ltd. — an educational AI copilot. General education, not personalised advice. We process the minimum data needed to teach you well.