Privacy Policy

This Privacy Policy describes how InsightPilot ("we", "us") collects, uses, and protects personal information when you visit insightpilot.com, use our web application, or request a demo of our technology due diligence services.

Who We Are & Contact

InsightPilot provides fast, decision-ready technology due diligence for private and growth equity teams. Privacy inquiries: [email protected]
Security reports: [email protected] — see Vulnerability Disclosure Policy and security.txt.

Personal Information We Collect

• Account Information: name, work email, company, role, and profile details if you create or are provisioned an account.
• User Content: inputs, documents, notes, uploads, and feedback you submit to our forms or app (including demo intake details).
• Communications: emails and messages you send us (e.g., demo confirmations, scheduling, support).
• Job Applicants: CV/resume, contact details, and related materials if you apply for a role.
• Log & Usage Data: IP address, user agent, time zone, pages/features used, timestamps, and basic interaction events.
• Device Information: device/OS/browser details as provided by your environment.
• Cookies & Analytics: lightweight cookies and privacy-friendly analytics to operate, secure, and improve the site/app. We don't build personal profiles or engage in cross-site tracking.

How We Use Personal Information

• Service delivery & account management (contract/pre-contract)
• Communications (transactional updates; limited B2B marketing where permitted)
• Customer support & security (legitimate interests)
• Improvement & analytics (legitimate interests, privacy-respecting metrics)
• Legal compliance (legal obligation)
• Aggregated/Anonymized reporting that does not identify you

Sharing & Disclosures

• Service providers (processors): hosting/CDN, email delivery, analytics, and security tooling—under contracts limiting their use to our instructions.
• Business transfers: in an acquisition, merger, or similar transaction, your data may transfer as part of the business assets.
• Legal requests & safety: to comply with law, protect rights, investigate fraud/abuse, or ensure safety.
• Affiliates: if applicable, under this Policy's protections.
• With your consent: where we ask and you agree.

International Transfers

When data moves across borders, we use appropriate safeguards (e.g., Standard Contractual Clauses) and limit access to what's necessary for providers to perform their services.

Lawful Bases (EU/UK)

Contract/pre-contract; legitimate interests (security, service improvement, B2B communications); consent (where needed); and legal obligation.

Security

We use administrative, technical, and organizational measures to protect data. No system is perfect; please avoid sending sensitive data via email and report issues to [email protected].

Retention

We keep personal data only as long as needed for the purposes above (e.g., leads up to 24 months after last interaction), to comply with law, or resolve disputes, then delete or anonymize it.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing, and data portability. To exercise rights, email [email protected]. EU residents can lodge complaints with their authority (e.g., CNIL in France).

US State Disclosures

We do not "sell" personal information, nor do we "share" it for cross-context behavioral advertising. We don't use sensitive personal information to infer characteristics.

Children

Our services target business users and aren't directed to children.

Third-Party Links

Linked sites have their own policies. We're not responsible for their practices—please review their terms and privacy notices.

Changes

We may update this Policy; new versions will be posted here with a revised "Last updated" date.

Contact

Privacy: [email protected]
General: [email protected]