Privacy Policy
Last updated: July 16, 2026
Information We Collect
We collect only the information necessary to provide and improve PilotStack:
- Information you provide: Name and email address when you subscribe to our newsletter, submit a contact form, or respond to a survey.
- Information collected automatically: Page visits, referral source, browser type, device type, and approximate geographic region via analytics cookies. We do not collect precise location data or fingerprint your device.
- Information we do not collect: We never collect payment information, government IDs, sensitive personal data, or browsing history outside our domain.
How We Use Your Information
We use collected information solely to:
- Deliver the content and services you request
- Send newsletter emails (only with your explicit consent via double opt-in)
- Analyze aggregate traffic patterns to improve our content and user experience
- Respond to support inquiries and feedback
We never sell your personal information to third parties. We never use your data for automated decision-making or profiling beyond aggregate analytics.
Cookies and Tracking
We use a minimal set of cookies to operate the site. You can manage cookie preferences through your browser settings at any time.
- Essential cookies: Required for site functionality (e.g., session management). No opt-out needed as these are necessary for operation.
- Analytics cookies: We use a privacy-preserving analytics service to understand which pages are most visited and how users navigate the site. These are anonymized and do not identify individual visitors.
- Third-party cookies: We do not use advertising cookies, social media pixels, or cross-site tracking cookies.
Data Retention
We retain your personal information only as long as necessary:
- Newsletter subscriber data is retained until you unsubscribe, at which point it is deleted within 30 days.
- Contact form submissions are retained for 12 months and then deleted.
- Anonymized analytics data is retained for 26 months per standard anonymization practices.
Your Rights (GDPR)
If you are a resident of the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("Right to be forgotten"): Request deletion of your personal data when it is no longer necessary for the purpose collected.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request a machine-readable copy of your data to transfer to another service.
- Right to object: Object to processing of your data for analytics or marketing purposes.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.
Your Rights (CCPA)
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Right to opt out: Opt out of the sale of your personal information. We do not sell personal information, so no action is needed.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your CCPA rights, contact us at [email protected]. We will verify your identity before processing your request.
Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit via TLS 1.3 for all site traffic
- Encryption at rest for any stored personal data
- Regular security reviews of our infrastructure and dependencies
- Access controls limiting data access to authorized personnel only
Third-Party Services
We use limited third-party services that may process your data under their own privacy frameworks:
- Newsletter delivery: We use a third-party email service to send newsletters to subscribers who have opted in. This service acts as a data processor under GDPR Article 28.
- Analytics: We use privacy-focused analytics that anonymize IP addresses and do not share data with advertising networks.
- Hosting: Our website is hosted on Vercel's infrastructure, which is SOC 2 certified and GDPR-compliant.
We require all third-party processors to maintain GDPR and CCPA compliance through Data Processing Agreements.
International Data Transfers
If we transfer personal data from the EEA to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Article 46.
Changes to This Policy
We will notify subscribers of material changes to this privacy policy via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of PilotStack after changes constitutes acceptance of the updated policy.
Contact
For privacy-related inquiries or to exercise your data rights, contact us at [email protected]. We aim to respond to all requests within 30 days.