Privacy Policy
We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). This policy explains what data we process, why, on what legal basis, and how we keep it secure. We collect only what a feature actually needs.
1. What LeadPilot does
LeadPilot is a B2B software platform for AI-assisted lead generation, e-mail outreach and a lightweight CRM. You connect your own mailbox and calendar; LeadPilot helps you research business contacts, draft messages with AI, send them through your own account, and track replies. We are a tool provider — you remain in control of whom you contact and what you send.
2. Data we process
- Account data: name, e-mail address, hashed password, language preference, role.
- Workspace content: leads, company profiles, campaigns, notes, tasks, message drafts.
- Connected mailboxes (IMAP/SMTP or Google/Microsoft login): when you connect a mailbox, we synchronise messages of that mailbox into the platform (sender, subject, body, attachments metadata) so you can read and reply in-app. Access credentials and OAuth tokens are stored encrypted (AES-256-GCM).
- Calendar: for a connected Google/Outlook calendar, event data (title, time) for the in-app calendar.
- WhatsApp notifications: the mobile number you provide and control messages, if you opt in.
- Billing data: plan, credit usage and, for paid plans, data needed by our payment provider.
- Technical data: log data for error analysis, security and abuse prevention.
3. Purposes & legal bases
- Providing the service (outreach, inbox, CRM, calendar, notifications) — performance of the contract (Art. 6(1)(b) GDPR; Art. 31 FADP).
- AI text generation, sorting and suggestions — performance of the contract and our legitimate interest in a useful product (Art. 6(1)(f) GDPR).
- Security, abuse prevention, deliverability protection — legitimate interest (Art. 6(1)(f) GDPR).
- Billing and support — contract and legal obligations.
- Optional connections (Google/Microsoft/WhatsApp) — your consent, which you can withdraw at any time by disconnecting in settings.
4. AI processing
For AI features (drafts, classification, suggestions) we transmit the necessary content to Anthropic (Claude). That content is not used to train generalised AI models. We send only what the respective feature requires.
5. Google user data (Limited Use)
Our use of information received from Google APIs (Gmail, Google Calendar) adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, Google user data is used only to provide the user-facing features you activate (inbox, sending, calendar). It is not sold, not used for advertising, not transferred to third parties except to provide or improve those features (or as required by law), and not used to train generalised AI models. Humans do not read your Google data except with your explicit permission, for security/abuse handling, or where required by law.
6. Recipients & sub-processors
| Processor | Purpose | Location |
|---|---|---|
| Railway | Hosting & database | EU (West) |
| Anthropic | AI processing | USA |
| Google / Microsoft | Mailbox & calendar, if you connect them | EU/USA |
| Meta Platforms (WhatsApp) | Delivery of notifications | EU/USA |
| Payment provider | Billing of paid plans | EU/USA |
7. International transfers
Where data is transferred outside Switzerland/the EEA (e.g. to AI or payment providers in the USA), we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the providers' supplementary measures.
8. Security
We use technical and organisational measures appropriate to the risk: encryption in transit (TLS), encryption of mailbox credentials and OAuth tokens at rest (AES-256-GCM), access controls and logging. No system is perfectly secure, but we work to protect your data accordingly.
9. Retention
Account and workspace data are kept until 90 days after the end of the contract; statutory retention obligations remain reserved. You can disconnect a mailbox at any time in settings; synchronised copies can be deleted there.
10. Your rights
You have the right to access, rectification, erasure, data portability and objection. To exercise them, contact datenschutz@thepilot.ch. The competent supervisory authority in Switzerland is the FDPIC (EDÖB); in the EU, your local data protection authority.
11. Recipients of outreach e-mails
LeadPilot customers send business enquiries to publicly available business contacts in a B2B context. For those recipients:
- Every outreach e-mail automatically carries sender identification and a one-click unsubscribe link.
- Opt-outs are respected permanently and platform-wide — once someone unsubscribes, no customer can contact that address again.
- The legal basis for contacting business addresses is typically the legitimate interest in B2B communication; lawfulness of each individual send is the responsibility of the respective customer (see our Terms).
- If you received an e-mail through LeadPilot and wish to be removed, use the unsubscribe link in that e-mail or write to datenschutz@thepilot.ch.
12. Cookies
We use only the cookies technically necessary to run the application (e.g. login session, language). We do not use advertising or cross-site tracking cookies.
13. Changes
We may update this policy as the product evolves. The current version is always available here; material changes will be communicated appropriately.
14. Applicable law
This Privacy Policy and our processing of personal data are governed by Swiss data protection law (FADP); where the GDPR applies, it applies in addition. Our registered seat and place of jurisdiction is Zug, Switzerland.