Last updated · May 18, 2026
This Privacy Policy describes how Honest Dev LLC, a California limited liability company ("we", "us", "our", "Honest Dev"), collects, uses, discloses, and protects personal information in connection with our website at https://pilotpm.ai (the "Site") and the PilotPM platform and related services (collectively, the "Services").
This Policy applies to:
This Policy does not apply to third-party services that the Services connect to (such as Slack, Linear, Jira, Notion, HubSpot, Salesforce). Those services have their own privacy policies, which we encourage you to read.
Geographic scope. The Services are currently provided to U.S.-based users only. We do not target or knowingly serve users in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States. If you are located outside the United States, please do not use the Services.
We collect information you provide when you:
When you authorize an integration (Slack, email, App Store, HubSpot, Salesforce, Linear, Jira, Notion, etc.), we receive the data those services share through their APIs based on the scopes you grant. This may include messages, contacts, deal records, tickets, reviews, documents, and metadata. We access only what is necessary to provide the Services to you.
The Site and the Services use cookies, local storage, and similar technologies for:
We do not use third-party advertising cookies. You can control cookies through your browser settings, but disabling strictly-necessary cookies will prevent the Services from functioning.
We may collect publicly available information about you or your organization (e.g., company size, industry, public LinkedIn profile) to support sales and account management.
We use information for the following purposes:
(a) Provide the Services: create and maintain your account, deliver AI-drafted replies, ingest signals from your integrations, render the user interface, send service communications;
(b) Process payments: bill paid-tier customers through Stripe, retry failed payments, prevent fraud;
(c) Support: respond to your questions, troubleshoot issues, send service announcements;
(d) Improve the Services: aggregate de-identified analytics (we do not use your content to train AI models — see Section 4);
(e) Security and integrity: detect, investigate, and prevent fraud, abuse, security incidents, and violations of our terms;
(f) Legal compliance: comply with applicable laws, respond to lawful legal process, and protect our rights;
(g) Communications: send onboarding emails, product updates, security alerts, and occasional marketing (with the ability to opt out for non-transactional messages);
(h) Business operations: corporate transactions (mergers, acquisitions, financings), audit, and internal record-keeping.
For the purposes of the California Consumer Privacy Act and California Privacy Rights Act ("CCPA/CPRA"), the categories of personal information we have collected in the past twelve (12) months are:
| Category | Examples | Collected? |
|---|---|---|
| A. Identifiers | Name, email, account ID, IP address, cookie ID | Yes |
| B. Cal. Civ. Code § 1798.80(e) records | Name, address, phone, payment information (via Stripe) | Yes (for paid customers) |
| C. Protected classifications | Age, race, gender, etc. | No |
| D. Commercial information | Subscription tier, billing history | Yes (for paid customers) |
| E. Biometric information | Fingerprints, voiceprints | No |
| F. Internet/network activity | Browsing, search history on the Site, interaction with the Services | Yes |
| G. Geolocation data | Precise GPS location | No (we may infer city-level from IP) |
| H. Sensory data | Audio, electronic, visual | No |
| I. Professional information | Job title, employer, work email | Yes |
| J. Education information | Non-public education records | No |
| K. Inferences | Profile or characteristics derived from other categories | Yes (workspace-scoped) |
| L. Sensitive personal information | SSN, driver's license, precise geolocation, racial origin, religious beliefs, mail/email contents, etc. | No (we do not knowingly collect SPI as defined under CPRA) |
If you submit content into the Services that contains personal information about your end-users or other individuals (for example, customer support transcripts), we process that content on your behalf as a service provider — see Section 9.
The Services use third-party large language models (currently Anthropic Claude) to generate AI Output from your inputs. The model provider operates under a no-training agreement with us, meaning your content is not used to train, fine-tune, or otherwise improve the underlying models.
We may use de-identified, aggregated metrics (such as average response times, feature-usage counts, error rates) for our own product analytics and benchmarking. Such metrics do not identify you, your organization, or your end-users.
We do not sell your personal information. We share personal information only in the following circumstances:
We use third-party service providers to operate the Services. Each is bound by contract to use information only to provide services to us and to protect it under standards consistent with this Policy. Material sub-processors include:
A current list of material sub-processors is maintained at https://pilotpm.ai/subprocessors.
When you authorize an integration with a third-party service (Slack, HubSpot, etc.), data flows between PilotPM and that service per your authorization.
We may disclose information when we believe in good faith that disclosure is necessary to:
(a) Comply with applicable law, regulation, legal process, or governmental request;
(b) Enforce our Terms of Service, MSA, or other agreements;
(c) Detect, prevent, or address fraud, security, or technical issues;
(d) Protect the rights, property, or safety of Honest Dev, our users, or the public.
If Honest Dev is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred to the successor or acquirer. We will notify users of any change in ownership or use of personal information.
We may share information for other purposes with your express consent.
When you connect a third-party service, that service's privacy policy governs your information at that service. We are not responsible for the privacy practices of third parties.
Paid-tier payments are processed by Stripe. We do not store full payment-card numbers. Stripe's privacy policy is at https://stripe.com/privacy.
The Services rely on Anthropic Claude as the underlying AI model. Anthropic's policies are available at https://www.anthropic.com/legal.
We retain personal information for as long as needed to provide the Services and for legitimate business purposes:
You may request deletion of your personal information at any time — see Section 8.
If you are a California resident, you have the following rights under California law:
(a) Right to know. You may request that we disclose:
(b) Right to delete. You may request that we delete personal information we have collected from you, subject to exceptions allowed by law (e.g., where we need to retain information to provide a service you requested, comply with legal obligations, or detect fraud).
(c) Right to correct. You may request that we correct inaccurate personal information we maintain about you.
(d) Right to opt out of "sale" or "sharing" of personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. Therefore, there is nothing for you to opt out of in this respect.
(e) Right to limit use of sensitive personal information. As noted in Section 3, we do not knowingly collect sensitive personal information.
(f) Right to non-discrimination. We will not discriminate against you for exercising your rights. We do not offer financial incentives in exchange for personal information.
To exercise any of these rights, contact us at support@pilotpm.ai with "Privacy Request" in the subject line. We may need to verify your identity before responding — typically by confirming control of the email address on your account. We will respond within the timeframes required by applicable law (typically 45 days, with one 45-day extension if reasonably necessary).
You may use an authorized agent to submit a request on your behalf. We will require written authorization from you and may require additional verification.
When a paid-tier customer ("Customer") uses the Services to process personal information about its own end-users (for example, communications with the Customer's own customers), we act as a "service provider" as defined under CCPA/CPRA with respect to that personal information. In that role:
(a) We process such personal information solely on behalf of the Customer and for the purposes specified in our agreement with the Customer (the PilotPM Master Service Agreement).
(b) We do not retain, use, or disclose such personal information for any purpose other than providing the Services to the Customer, except as permitted by law (such as detecting fraud or security incidents).
(c) We do not combine such personal information with personal information we receive from other sources to create profiles for our own commercial purposes.
(d) Our agreement with each Customer reflects the contractual restrictions required by CCPA/CPRA on service providers.
If you are an end-user of a Customer and want to exercise privacy rights with respect to your personal information, please contact that Customer directly. We will support the Customer in responding to your request to the extent required by law.
We maintain administrative, physical, and technical safeguards designed to protect personal information, including:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.
The Services are intended for U.S.-based users only. We process information on servers located in the United States. By using the Services, you understand and agree that your information will be transferred to and processed in the United States, which may have different data-protection laws than your country.
We do not target users in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States. If you are located outside the United States, please do not use the Services.
The Services are not directed to anyone under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If you believe we have collected personal information from someone under 18, contact us at support@pilotpm.ai and we will delete it.
Our Site does not respond to "Do Not Track" browser signals. We treat all users consistently regardless of DNT settings.
The Site and the Services may contain links to third-party websites or services. We are not responsible for the privacy practices of any third party. We encourage you to read the privacy policies of any third-party services you use.
We may update this Policy from time to time. Material changes will be communicated by email to the account contact on file or by a prominent notice on the Site, at least fifteen (15) days before they take effect. The "Last updated" date at the top of this Policy reflects the most recent change. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
For privacy questions or to exercise your rights, contact us at:
Honest Dev LLC
Attn: Privacy
support@pilotpm.ai
For general questions about the Services, see https://pilotpm.ai or email support@pilotpm.ai.
This Policy is provided in addition to, and does not replace, our Terms of Service (https://pilotpm.ai/terms) or, for paid-tier customers, the PilotPM Master Service Agreement presented at checkout. In case of conflict between this Policy and a written agreement signed by both parties, the signed agreement prevails.