Privacy Policy — HumanPilot
Last updated: June 10, 2026
In accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable national laws.
1. Data controller
The personal data collected through HumanPilot is processed by the service's operator, acting under the "HumanPilot" brand. Any request regarding your data may be sent to the contact point indicated below.
Contact for data protection questions: contact@humanpilot.work
2. Data collected
2.1 What we collect
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Authentication, service communication | Performance of the contract (Art. 6(1)(b) GDPR) |
| Technical logs (IP, timestamps, user-agent) | Security, debugging, abuse prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
| Data submitted to the AI tools (Pillar A) | Processing to provide the AI response | Performance of the contract |
2.2 What we DO NOT collect
HumanPilot does not collect, store or ever access the following data:
- Instagram credentials (username, password);
- Instagram session cookies or tokens;
- Login data for third-party accounts;
- Accounts scraped while using the Chrome extension — this data stays exclusively in the user's local browser session and is never transmitted to our servers;
- Banking or card information (the service is free — no payment data is collected).
2.3 Cookies and similar technologies
HumanPilot only uses essential cookies: the authentication session cookies (Supabase) and a cookie storing your language preference. No advertising or cross-site tracking cookies are used.
3. Use of data
We use the collected data exclusively to:
- Provide and improve the HumanPilot service;
- Manage your account and subscription;
- Send you communications essential to the service (registration confirmation, renewal, termination, important updates);
- Ensure the security and technical stability of the platform;
- Comply with our legal obligations.
We do not sell, rent or transfer your personal data to third parties for commercial purposes.
4. Data sharing
Your data may be shared only with:
| Recipient | Reason | Location |
|---|---|---|
| Supabase | Authentication and database | Cloud infrastructure (AWS); transfers outside the EU/EEA are covered by Standard Contractual Clauses |
| Vercel | Site hosting | United States / global edge network; Standard Contractual Clauses |
| Groq | AI processing for the AI tools (data you submit to them) | United States; Standard Contractual Clauses |
Each processor is bound by a data processing agreement compliant with the GDPR (Art. 28 GDPR).
5. Retention period
| Data | Retention period |
|---|---|
| Active account (email + associated data) | For as long as the account exists; deleted within 30 days after account deletion |
| Technical logs | 90 days |
| Data submitted to the AI tools | Processed transiently to generate the response; not stored afterwards |
Upon expiry of the retention periods, data is securely deleted or anonymized.
6. Rights of data subjects (GDPR)
In accordance with the GDPR, you have the following rights over your personal data:
- Right of access (Art. 15): obtain a copy of your data processed by HumanPilot.
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right to erasure(Art. 17): request the deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Right to restriction of processing (Art. 18): request the suspension of the processing of your data in certain cases.
- Right to portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21): object to certain processing based on legitimate interest.
- Right not to be subject to an automated decision (Art. 22): applicable if significant decisions concerning you are made in a fully automated way.
To exercise your rights:
Send your request to contact@humanpilot.work. We undertake to respond within one (1) month in accordance with Art. 12 GDPR.
Complaints:
If you consider that the processing of your data does not comply with the GDPR, you may lodge a complaint with your local supervisory authority.
7. Data security
HumanPilot implements appropriate technical and organizational measures to protect your data against any unauthorized access, disclosure, alteration or destruction:
- Encryption of data in transit (HTTPS/TLS);
- Secure authentication via Supabase;
- Data access restricted to authorized personnel;
- Row Level Security on all user data; API keys and secrets stored server-side only.
In the event of a data breach likely to create a risk to your rights and freedoms, we undertake to notify you in accordance with Art. 34 GDPR.
8. Minors
HumanPilot is intended for people aged 18 and over. We do not knowingly collect personal data relating to minors. If you become aware that a minor has provided their data on our service, please contact us at contact@humanpilot.work.
9. Changes to the privacy policy
Any substantial change to this policy will be notified by email with reasonable notice. The version in force is always available on this page.
10. Contact
For any question regarding this policy or your data: contact@humanpilot.work