Privacy Policy

Last updated: 18 June 2026 · Maintained by PilotPR.

PilotPR ("we", "us") handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, why, and your rights.

1. Information we collect

  • Account data: name, email, password hash, profile photo.
  • Workspace data: business name, brand assets, team members, role assignments, API keys.
  • Pass-holder contact data you upload: names, email addresses, phone numbers, and customer references — for the purpose of distributing pass install links on your behalf.
  • Pass content: templates, field values, barcodes, expiry, and any custom metadata you attach.
  • Install & scan events: install, removal, and scan events returned by Apple Wallet and Google Wallet, including coarse device type and timestamps.
  • API logs: request metadata, response codes, and webhook delivery attempts used to operate and debug your integration.
  • Billing identifiers (planned): Stripe customer and subscription IDs, billing address, ABN if provided. Card details will be stored by Stripe, not by us.
  • Technical data: IP address, browser, device and usage analytics needed to operate and secure the Service.

2. How we use information

  • To deliver, maintain, and secure the Service.
  • To distribute pass install links and deliver push updates to active passes.
  • To generate analytics dashboards on installs, removals, scans, and active passes.
  • To process payments and meet our tax and accounting obligations (once billing is enabled).
  • To detect fraud, abuse, and breaches of our Terms.
  • To send service announcements (you cannot opt out of essential operational emails).

3. AI processing

Where the Service uses AI features (for example, pass copy suggestions), inputs may be sent to AI model providers through Pilot-API during provider activation for the sole purpose of generating output for you. We contractually require that this content is not used to train foundation models.

4. Sub-processors & disclosure

  • Pilot backend — application API, authentication, data storage, and audit logging.
  • Apple Wallet (PassKit) & Google Wallet — pass delivery, push updates, install/scan events.
  • Stripe (planned) — payment processing, subscription management, GST calculation, and remittance.
  • AI providers — routing prompts through Pilot-API where AI features are used.
  • Email and SMS providers — delivering install links and notification messages on your behalf.

Some sub-processors are located outside Australia (including the United States and the European Union). By using the Service you consent to the cross-border disclosure of your personal information to these providers for the purposes described above.

5. Retention

  • Active account data is retained while your workspace is active and for 90 days after deletion, after which it is purged.
  • Pass-holder contact data is deleted within 30 days of workspace deletion or on written request.
  • Billing records (invoices, tax invoices) will be retained for at least 7 years once billing is enabled, as required by the Australian Taxation Office.
  • Backups containing residual personal information are rotated out within 35 days.

6. Security

We protect personal information with row-level security in our database, encryption in transit (TLS 1.2+) and at rest, hardened authentication, and least-privilege access controls. If a notifiable data breach occurs we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

7. Your rights

You may request access to or correction of your personal information at any time. You can manage most data directly inside the app. To make a formal request, or to lodge a complaint, email privacy@pilotapp.io. If you are not satisfied with our response, you may complain to the OAIC (oaic.gov.au).

8. Cookies

We use essential first-party cookies for authentication and session management. With your consent we also use functional, analytics and marketing cookies. You can change your choice at any time from the "Cookie preferences" link in the footer of every page.

9. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children.

10. Changes

We will post changes to this policy on this page and notify workspace owners by email for material changes.

11. Contact

Privacy enquiries: privacy@pilotapp.io.