1. Introduction
PathPilot (“we,” “our,” or “us”) is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, store, and disclose information when you use our AI agent platform across cloud, private cloud, and on-premise deployments.
By using our Services, you agree to the practices described below.
2. Information We Collect
2.1 Information You Provide Directly
This includes:
Name, email address, company details, and login credentials
Configuration data and business rules used to customize AI agents
Information submitted in support requests or onboarding forms
Any data you upload or send while using the Services
2.2 Customer Data Processed by AI Agents
“Customer Data” refers to any data you provide, store, or process through PathPilot, including:
User messages
Internal notes or CRM data
Financial or account-related information
Documents, structured data, or workflow payloads
Customer owns all Customer Data.
PathPilot does not use Customer Data to train machine learning models unless explicitly approved in writing.
2.3 Metadata We Collect Automatically
To ensure system performance, reliability, and debugging, we collect operational metadata, such as:
Timestamp and execution metrics
Tool usage and system events
Error logs and performance traces
API request metadata
Overall agent telemetry
Metadata does not include Customer Data or PII content.
2.4 Information from Third-Party Integrations
If you integrate third-party services (e.g., CRM, ticketing, LLMs), we may process:
Identifiers
Routing information
Integration metadata
We process this only as needed to provide the Services.
3. How We Use Information
We use collected information to:
3.1 Provide, Maintain, and Improve Services
Including:
Running AI agents
Debugging and troubleshooting
Performance monitoring and instrumentation
Product development and new features
3.2 Communicate With You
We may send:
Security notices
Account and system notifications
Product updates
Support communications
Marketing emails (opt-in only)
3.3 Ensure Security and Compliance
Such as:
Detecting unauthorized access
Monitoring system integrity
Enforcing product policies
3.4 Fulfill Legal Obligations
We may process or disclose information to comply with applicable laws and regulations.
4. How We Handle & Retain Customer Data
4.1 Cloud Deployment (PathPilot-Hosted)
For our cloud offering:
Customer Data is retained for a maximum of 90 days.
After 90 days, Customer Data is automatically deleted unless required for security, legal, or contractual reasons.
PathPilot may access Customer Data strictly for debugging, support, or incident resolution.
We attempt to avoid storing PII; however, it is the customer’s responsibility to remove or anonymize PII before sending data to PathPilot.
4.2 Private Cloud / VPC Deployment
For customer-controlled cloud environments:
Customer Data is stored entirely in your infrastructure.
PathPilot may request temporary access for debugging, but access is fully controlled and granted by the customer.
Customers determine their own retention policies.
4.3 On-Premise Deployment
For installations inside customer datacenters:
Customer Data never leaves the customer’s environment.
PathPilot may request temporary access for debugging or support purposes.
Customers choose their own retention periods and PII-handling policies.
5. How We Share Information
We do not sell Customer Data or Metadata.
We may share information in the following circumstances:
5.1 Service Providers / Subprocessors
We may share limited information (often metadata only) with trusted vendors supporting:
Hosting
Monitoring
Logging
AI inference (if using PathPilot cloud LLMs)
Email or notification services
These parties are bound by confidentiality and data protection agreements.
5.2 Legal Requirements
We may disclose information when required by law, regulation, subpoena, or government request.
5.3 Business Transactions
In case of merger or acquisition, information may be transferred under strict confidentiality protections.
We do not share Customer Data with third parties except as required to operate the platform.
6. Your Responsibilities Regarding PII
PathPilot does not intend to store or retain personal identifiable information (PII).
However:
Customers are responsible for removing or anonymizing PII before sending data to PathPilot cloud agents.
If PII is included, it will be treated as Customer Data and subject to retention/deletion terms above.
7. Data Security
We implement industry-standard security measures, including:
Encryption at rest and in transit
Access controls
Network and application firewalls
Secure SDLC practices
Audit logging and monitoring
Security responsibilities differ for customer-managed deployments.
8. Data Retention & Deletion
Cloud Customer Data is retained no longer than 90 days.
Metadata is retained according to internal operational policies.
For on-prem and VPC deployments, retention is controlled by the customer.
You may request deletion of account-level data at any time.
9. Children’s Privacy
PathPilot is not intended for children under 13.
We do not knowingly collect personal information from children under 13.
10. International Data Transfers
Your data (including metadata) may be processed in the United States.
By using our Services, you consent to such transfers.
11. Changes to This Privacy Policy
We may update this Policy periodically.
Material changes will be communicated via email or in-product notice.
Continued use of our Services constitutes acceptance of the updated policy.
12. Contact Us
For questions or concerns: