AnswerPilotBack to home

Privacy Policy

Last updated: [DATE]

This policy explains what data AnswerPilot (operated by [LEGAL ENTITY NAME]) collects, how we use it, and the choices you have. The short version: we collect what we need to run the product, your questionnaire content stays yours, and we never use it to answer anyone else’s questionnaires or to train AI models.

1. Data we collect

  • Account data — email address, company name, and authentication data, to create and secure your workspace.
  • Content you provide — answer library entries, questionnaire questions, drafts, and approvals. This may include descriptions of your security posture.
  • Billing data — handled by Stripe; we store your Stripe customer ID and subscription status, never card numbers.
  • Usage data — standard logs (IP address, timestamps, pages/endpoints) for security and debugging.

2. How we use AI

When you draft a questionnaire, the relevant questions and matching entries from your answer library are sent to our AI provider (Anthropic) via API to generate a draft. Anthropic’s API does not use this data to train its models by default. Your library is only ever used to answer your own questionnaires — workspaces are isolated with row-level security at the database layer.

3. Subprocessors

We share data only with the vendors required to run the Service:

  • Supabase / AWS — database, authentication, and hosting of your content (encrypted at rest and in transit).
  • Vercel — application hosting and delivery.
  • Anthropic — AI draft generation (API; no training on your data by default).
  • Stripe — payment processing.
  • [VOYAGE AI — semantic search embeddings (only if enabled)]
  • [EMAIL PROVIDER, ANALYTICS — add if/when used]

4. Retention and deletion

Your content is retained while your account is active. If you delete your account or request deletion at [PRIVACY EMAIL], we delete your content within [30] days, except minimal records required for tax and legal compliance.

5. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact [PRIVACY EMAIL] and we will respond within 30 days.

6. Security

Data is encrypted in transit (TLS) and at rest, workspaces are isolated with Postgres row-level security, and billing state can only be modified by verified Stripe webhooks. No method of transmission or storage is 100% secure, but we treat your security answers with the sensitivity they deserve — they are the product.

7. Children

The Service is for business use and not directed to anyone under 16.

8. Changes

We will notify you of material changes to this policy by email or in-app before they take effect.

9. Contact

[LEGAL ENTITY NAME] · [ADDRESS] · [PRIVACY EMAIL]