1. Introduction

ToolPilot ("we", "our", or "us") operates the website toolpilot.cloud. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

2. Information We Collect

Information You Provide

Account information: email address, name when you create an account
Payment information: processed securely through Stripe — we never store your card details
Uploaded files: photos, PDFs, and other files you upload for processing
Communications: messages you send us via email or contact form

Information Collected Automatically

Usage data: pages visited, features used, timestamps
Device information: browser type, operating system, screen resolution
Cookies: essential cookies for authentication and preferences

3. How We Use Your Information

To provide and operate our tools and services
To process payments and deliver purchased products (e.g., AI headshots)
To send transactional emails (order confirmations, results ready)
To improve our services and develop new features
To respond to support requests
To prevent fraud and ensure security

4. File Processing & Storage

Photos and documents you upload are processed by our AI systems to deliver the requested service. Files are temporarily stored during processing and are automatically deleted within 24 hours of processing completion. We do not use your uploaded files to train AI models.

Generated headshots are available for download for 7 days after generation, after which they are permanently deleted.

5. Third-Party Services

We use the following third-party services:

Stripe — payment processing (Privacy Policy)
Supabase — authentication and database
Google AI (Gemini) — AI image and text generation
Vercel — hosting and deployment
PostHog — privacy-focused analytics

6. Data Security

We implement industry-standard security measures including HTTPS encryption, secure authentication, and access controls. Payment data is handled exclusively by Stripe and never touches our servers.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

Access your personal data
Correct inaccurate data
Delete your account and associated data
Export your data in a portable format
Object to or restrict processing
Withdraw consent at any time

To exercise these rights, email us at privacy@toolpilot.cloud.

8. Cookies

We use essential cookies for authentication and session management. We use PostHog for privacy-focused analytics, which respects Do Not Track settings. We do not use advertising cookies or sell data to advertisers.

9. Children's Privacy

ToolPilot is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact us via our form.