DocsPilot docspilot

Privacy Policy

Last updated:

DocsPilot ("DocsPilot", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

1. What We Collect

We collect information you provide directly to us and information generated automatically when you use our services.

Information you provide

  • Account data: name, email address, password (hashed), profile photo.
  • Payment data: billing address, last 4 digits of card (full card details are processed by Stripe and never stored on our servers).
  • Communications: messages you send to our support team or via our contact form.
  • Repository content: code, README files, and commit metadata from GitHub repositories you choose to connect.
  • GitHub OAuth token: the access token issued by GitHub when you connect your account. This token is stored encrypted at rest using AES-256 and is used solely to read repository content on your behalf. You can revoke it at any time from your GitHub settings or your DocsPilot account.

Information collected automatically

  • Usage data: pages visited, features used, search queries, and interaction patterns.
  • Device data: IP address, browser type and version, operating system, referring URLs.
  • Log data: server logs capturing requests, error codes, and response times.

2. How We Use It

We use the information we collect to:

  • Provide, operate, and improve our services.
  • Process transactions and send related information (receipts, invoices).
  • Send transactional and service-related communications.
  • Send marketing communications (you can opt out at any time).
  • Monitor and analyse usage trends to improve user experience.
  • Detect, investigate, and prevent fraudulent or illegal activities.
  • Comply with legal obligations.

3. Cookies

We use cookies and similar tracking technologies to operate and improve our services.

Category Purpose Retention
Strictly necessaryAuthentication, security, session managementSession / 30 days
FunctionalPreferences, language, UI state1 year
MarketingAd attribution (opt-in only)90 days

4. Third-Party Services

We share data with these subprocessors only as necessary to operate our service:

Platforms & Infrastructure

  • Stripe — PCI-DSS Level 1 certified payment processor. Card details are handled exclusively by Stripe and never stored on our servers.
  • GitHub — Repository access via OAuth 2.0. Access tokens are encrypted at rest and used solely to read repository content on your behalf.
  • Supabase — Authentication and managed database hosting. Data at rest is encrypted and access is governed by row-level security policies.
  • Vercel — Frontend hosting and global edge delivery for server-rendered pages and static assets.
  • Railway — Backend application hosting. Services run in isolated containers with environment-variable-based secret management.
  • Resend — Transactional email delivery for account notifications, receipts, and product communications.
  • OpenRouter — Unified routing layer for AI inference requests across upstream providers.
  • Cloudflare — DNS, DDoS mitigation, and edge caching to protect and accelerate service delivery.

AI Providers

Repository content may be transmitted to the following AI providers to generate documentation. No personally identifiable information is included in these requests.

  • OpenAI — AI inference provider. Submitted data is not used to train models under the default API terms.
  • Google — AI inference provider. Data is processed per Google's Cloud terms and not used to improve models without opt-in.
  • Anthropic — AI inference provider. Data is not used for model training under Anthropic's commercial API terms.

We do not sell your personal data to any third party.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy:

  • Account data: retained while your account is active plus 30 days after deletion request.
  • Payment records: 7 years (legal requirement).
  • Support messages: 2 years.
  • Usage logs: 90 days.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We will make reasonable efforts to honour requests where we are able to do so.

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data.
  • Portability: receive your data in a machine-readable format.
  • Restriction: ask us to stop processing your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Opt-out of sale (CCPA): we do not sell personal information. California residents may submit a "Do Not Sell" request regardless.

To exercise any of these rights, email privacy@docspilot.dev or use our contact form. We respond within 30 days.

7. Security

We implement technical and organisational measures to protect your data, including TLS encryption in transit and AES-256 encryption at rest.

No method of transmission over the internet is 100% secure. If you believe your data has been compromised, contact us immediately at security@docspilot.dev.

8. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time with a notification. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact for Data Requests

For all privacy-related enquiries, requests, or complaints:

DocsPilot

Email: privacy@docspilot.dev

Subject line: Privacy Request — [Your Name]

EU/EEA residents may also lodge a complaint with your local supervisory authority.

Ready to get started with a product that respects your data?

← Back to DocsPilot Data request → Start free