Privacy Policy

1. Introduction

This Privacy Policy explains how Pilot Wealth ("we", "us", "our"), operated by Pilot Wealth, collects, uses, stores, and protects your personal information.

By using our service, you consent to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial and territorial privacy legislation, and other Canadian privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our service, we may collect:

• Account Information: Name, email address, username
• Profile Data: Account preferences, settings, profile photo
• Financial Inputs: Budgets, income data, expenses, transaction descriptions, financial goals (entered by you voluntarily)
• Communications: Messages you send us, support requests, feedback

2.2 Automatically Collected Information

When you use our service, we automatically collect:

• Device Information: Device type, operating system, browser type and version
• Usage Data: Features used, pages visited, time spent, click patterns
• Technical Data: IP address, timestamps, error logs, performance metrics
• Cookies: Session identifiers, authentication tokens, preferences (see Cookie Policy)

This data helps us improve security, detect abuse, and enhance user experience.

2.3 AI Interaction Data

When you use AI-powered features (financial advisor, analysis, etc.):

• Your prompts and questions sent to the AI are processed
• AI-generated responses are logged temporarily
• Token usage is tracked for plan enforcement and billing
• Conversation history may be stored to provide context

2.4 Bank Connection Data (via Plaid)

If you use our PRO or PREMIUM features to connect bank accounts via Plaid:

• Plaid securely handles your bank credentials (we never see them)
• We receive: account balances, transaction history, account names
• Data is encrypted in transit and at rest
• You can disconnect accounts at any time

Plaid's privacy policy applies to data they process: https://plaid.com/legal/#privacy-statement

3. How We Use Your Information

We use collected information to:

• Provide the Service: Enable core features, process transactions, sync data
• Authenticate Users: Verify identity, manage sessions, prevent unauthorized access
• Personalization: Customize dashboards, recommendations, and insights
• Billing & Payments: Process subscriptions, enforce plan limits, manage upgrades
• Analytics & Improvement: Understand usage patterns, identify bugs, improve features
• Security: Detect fraud, prevent abuse, monitor for suspicious activity
• Communications: Send service updates, notifications, marketing (with consent)
• Legal Compliance: Comply with federal, provincial, and territorial laws, respond to legal requests, enforce Terms

4. AI & Automated Processing

Pilot Wealth uses artificial intelligence (AI) systems provided by third-party vendors (e.g., Anthropic) to generate financial insights, recommendations, and analysis.

You acknowledge and agree that:

• AI outputs are probabilistic and may be inaccurate
• AI-generated content is not financial, legal, or professional advice
• Decisions based on AI outputs are solely your responsibility
• Your prompts may be processed by third-party AI providers subject to their privacy policies
• We do not guarantee accuracy, completeness, or reliability of AI responses

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Secure login via Clerk with multi-factor authentication available
• Access Controls: Role-based permissions, principle of least privilege
• Monitoring: Real-time threat detection, rate limiting, abuse prevention
• Regular Audits: Security reviews, vulnerability scanning, penetration testing

6. Third-Party Services

We use trusted third-party providers to operate our service. These partners may access your data:

6.1 Essential Service Providers

• Clerk (Authentication & User Management) - Privacy Policy
• Stripe (Payment Processing) - Privacy Policy
• Plaid (Bank Connections - PRO/PREMIUM) - Privacy Policy
• Supabase (Database & Backend) - Privacy Policy
• Render.com (Web Hosting) - Privacy Policy

6.2 AI Service Providers

• Anthropic (AI Processing) - Subject to their respective privacy policies

6.3 Analytics & Monitoring

• We may use analytics services to understand usage patterns (e.g., Google Analytics, if applicable)
• You can opt out of analytics tracking through browser settings or extensions

These third parties process data under their own privacy policies. We encourage you to review them. We are not responsible for their privacy practices.

7. Data Retention

We retain your personal data:

• Active Accounts: As long as your account is active and in good standing
• After Deletion: Backup copies may be retained for up to 90 days for recovery purposes
• Legal Requirements: As required by federal, provincial, or territorial law for tax, accounting, or legal purposes
• Security Logs: May be retained longer for fraud prevention and security analysis

You may request account deletion at any time through your account settings or by contacting us. Deletion is subject to legal retention requirements and may take up to 30 days to complete.

8. Your Privacy Rights

Depending on your location in Canada, you may have the following rights:

8.1 Rights Under PIPEDA (Federal)

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Withdrawal of Consent: Withdraw consent for certain data processing activities
• Complaint: File a complaint with the Privacy Commissioner of Canada

8.2 Provincial Privacy Rights

If you reside in Alberta, British Columbia, or Quebec, you may have additional rights under provincial privacy legislation (PIPA, PIPA-BC, or Law 25):

• Enhanced Access: Additional rights to access and understand how your data is used
• Deletion: Request deletion of your personal data (subject to exceptions)
• Portability: Receive your data in a structured, machine-readable format (Quebec)
• De-indexing: Request removal from search engine results in certain circumstances (Quebec)

8.3 Additional Rights (GDPR, CCPA, etc.)

If you are in the EU, California, or other jurisdictions with enhanced privacy laws:

• Restriction: Restrict certain processing activities
• Objection: Object to processing based on legitimate interests
• Opt-Out: Opt out of sale of personal information (we don't sell data)

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: contact.pilotwealth@gmail.com

We will respond to verified requests within 30 days (or as required by applicable provincial law). We may require identity verification to prevent unauthorized access.

9. Children's Privacy

Pilot Wealth is not intended for individuals under the age of majority in their province or territory (18 in most provinces, 19 in BC, NS, NB, NL, NT, YT, and NU). We do not knowingly collect personal information from minors.

If we become aware that we have collected data from a minor without parental consent, we will delete it immediately. If you believe a minor has provided us with personal information, please contact us.

10. International Data Transfers

Your data may be processed and stored in countries outside of Canada, including the United States, where our service providers operate.

These countries may have different data protection laws than Canada. By using our service, you consent to the transfer of your data to these jurisdictions.

We ensure that third-party providers implement appropriate safeguards to protect your data in accordance with this Privacy Policy, PIPEDA, and applicable provincial/territorial laws.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve the service
• Detect and prevent fraud

Types of Cookies We Use:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how users interact with the service
• Preference Cookies: Store your settings and customizations

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features.

12. Legal Disclosure & Law Enforcement

We may disclose your information if required to:

• Comply with federal, provincial, or territorial laws, regulations, or legal processes (e.g., subpoenas, court orders)
• Enforce our Terms and Conditions
• Protect the rights, safety, or property of Pilot Wealth, our users, or others
• Prevent fraud, abuse, or illegal activity
• Respond to government or regulatory requests

We will notify you of legal requests unless prohibited by law or if notification would compromise an investigation.

13. Marketing Communications

With your consent, we may send you:

• Product updates and new feature announcements
• Tips and educational content
• Promotional offers and discounts

You can opt out of marketing emails at any time by clicking "Unsubscribe" in the email or updating your communication preferences in your account settings.

Note: You cannot opt out of essential service communications (e.g., security alerts, billing notifications).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification (for significant changes)
• Displaying an in-app notification

Your continued use of the service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us