Last Updated: December 30, 2025

Pilot.com, Inc. Privacy Policy

Pilot.com, Inc. (“Pilot,” “we,” “us,” or “our”) provides back-office services, including bookkeeping services, controller services, tax services, R&D tax credit services, COO services, CFO services, and stock administration services, as well as software-as-a-service tools to local partners and their customers (together, our “Services”). This Privacy Policy (“Privacy Policy”) explains how we handle personal information when we market and sell our Services to prospective customers and local partners, deliver our Services to our customers, local partners and their customers, and operate our business.

We collect, use, and disclose information in order to market, sell, and provide services to businesses and other organizations in the United States - not to individual consumers. To the extent we process personal information about an individual (“you”), it is for one or more of the following purposes:

  • to market and sell our Services to the organization which employs you (or with which you are affiliated)
  • to provide our Services to an organization that has collected your information
  • to operate and/or improve our Services

As a provider of services to organizations we do not knowingly process data of individuals who are under sixteen years old.

Our website located at https://www.pilot.com, including all related tools, content, subdomains, and services offered therein (the “Site”), is intended solely for business use and is intended to be viewed and used by commercial and other entities in the United States. The Site is not for individual, family, or household use, and we do not target or market our services to consumers as defined under applicable consumer protection laws.

Privacy information applicable to job applicants and tax partner personnel

Job applicants:  If you are applying for a position at Pilot, please refer to our Job Candidate Privacy Policy.

Tax partner personnel:  If you are a representative of a third-party tax service provider that we use to fulfill the Pilot Tax Services, please see our Pilot Privacy Policy for Tax Services Providers for details about the types of information we collect, how we collect it, and how we use it in connection with our tax services.  

Questions?

If you have questions regarding our Privacy Policy or how we handle personal information, or if you are a California or Virginia resident and want to exercise any of the rights described below, please contact us at privacy[at]pilot.com.

Privacy policy at a glance

Our Privacy Policy contains the following sections:

Information for Prospective Customers.  This section explains the types of personal information we collect as part of our sales and marketing efforts, why we collect it, and how long we keep it.

Information for Customers.  This section explains the types of data we process when providing our Services - referred to as Customer Data, Business Record Data, and Administrative Data. It also covers why we process this data, how we use it to operate and improve our Services and business, and how long we keep it.

General Information.  This section explains how we handle personal information in connection with call recording and the categories of third parties to whom personal information may be disclosed. It also includes definitions for these third-party categories, information about updates to this Privacy Policy, how to manage your personal information, your rights, and how to contact us with questions or to exercise your rights.  

INFORMATION FOR PROSPECTIVE CUSTOMERS

This section applies to you if: 

  • You visit our website (including filling out any online forms we provide).
  • You visit our one of our offices.
  • You attend a Pilot-organized or Pilot-sponsored event whether online or in person.
  • We have obtained your personal information through our other marketing and sales activities, such as referrals, lead purchases, memberships in business associations, or marketing surveys.
  • You are in the process of purchasing our Services on behalf of your employer.
  • You are in the process of joining our local partner program whether individually or on behalf of your employer.
  • You are applying for a small business grant that we sponsor or are participating in another similar program.  

Information We Process

The table below shows what categories of personal information we collected in the past twelve months about people who represent the organizations we seek to serve, and where we got that information.  For details about how personal information may be disclosed outside of Pilot, see the General Information section below.


Personal Information Category

Example

Source(s)
 
Website visitor; Event attendee; Office visitor; Referral, lead purchase, or other sales and marketing; Representative of prospective customer purchasing Services; Representative of prospective partner

Identifiers
  • Name
  • Business email address
  • Business phone number
  • Business address
    		•
  • You
  • Someone else in your organization, if they provide us with your name and business contact information
  • An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
  • Your bookkeeper who participates in our local partner program, who refers you or your business to us
  • Our third-party data enrichment vendors
  • Publicly available information
  • Social media sites
  • Promotional partners
  • Integration partners
  • Lead sellers
  • Business associations we are members of
    		•

    Employment-related information
  • Your employer’s name
  • Your job title
    		•

  • You
  • Someone else in your organization, if they provide us with your name and business contact information
  • An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
  • Your bookkeeper who participates in our local partner program, who refers you or your business to us
  • Our third-party data enrichment vendors
  • Publicly available information
  • Social media sites
  • Promotional partners
  • Integration partners
  • Lead sellers
  • Business associations we are members of
    		•
     
    Website visitor; Representative of prospective customer purchasing Services; Representative of prospective partner

    Identifiers
  • Internet protocol (IP) address
  • Cookie identifier
    		•
  • Our tools for measuring activity on and use of our website collect your IP address and set Cookies on your browser
  • Our tools for identifying the organization with which you are associated based on your IP address collect your IP address
  • Our tools for monitoring the effectiveness of our advertising and sales campaigns, which include the use of Cookies
    		•

    Internet activity information
  • Information about your visit to our websites, including referring pages and your navigation through our websites
  • Information about your interactions with our marketing emails and digital advertisements
    		•
  • Our tools for managing email campaigns
  • Our tools for measuring activity on and use of our website and engagement with email marketing efforts, which include the use of Cookies
  • Our tools for monitoring the effectiveness of our advertising and sales campaigns, which include the use of Cookies

    • Inferences from personal information
  • Analysis of effective ways to position our products by sales personnel based on communications with you and/or your engagement with our website or marketing materials
  • Analysis of your business’s likelihood of purchasing based on your interactions with our sales and marketing materials
    		•
  • Sales and marketing service providers that provide scoring and analytical tools

    • Geolocation data
  • IP address
    		•
  • Our tools for measuring activity on and use of our website collect your IP address
    		•
     
    Event attendee; Office visitor

    Other
  • Dietary restrictions (for example, if you attend a live event)
    		•
  • You
    		•
     
    Referral, lead purchase, or other marketing

    Identifiers
  • Mobile ad ID
    		•
  • Our tools for monitoring the effectiveness of our advertising and sales campaigns
    		•
     
    Event attendee; Office visitor; Representative of prospective customer purchasing Services; Representative of prospective partner

    Audio and visual information
  • Recording of your voice and likeness in calls or videoconferences with our sales and service delivery personnel
  • Recording of your voice and likeness, or photographs of you, at in person and online events
  • CCTV footage of office
    		•
  • You, with your consent as required by law
    •

    How We Use Your Information

    We collect and process personal information to market and sell our Services.  Our goal is to enter into an agreement to provide our Services with your employer or an organization or business with which you are affiliated. Examples of how we process your information include:

    • Sending marketing communications.  We may send emails, SMS messages, or newsletters to (1) provide information about our Services or the services of our partners, (2) engage with you, and (3) analyze and improve our marketing efforts based on your engagement, such as analyzing whether you opened an email and how you interacted with it.  
    • Communicating during sales or partnership processes. This includes communication via email, SMS message, call, or videoconference.  
    • Managing lead lists.  This includes creating, managing, and organizing lead lists.  
    • Collecting information about Site visits. The purposes are to (1) understand your organization’s needs and your role, (2) optimize our sales efforts, (3) measure and improve the website performance, and (4) measure marketing effectiveness, including targeted marketing efforts and offline advertising.  Please see “Operation of our corporate website” below for additional information.
    • Offline marketing and advertising.  We may run offline advertising campaigns and measure their effectiveness.
    • Analyzing interactions with you. The purpose is to optimize our sales and partnership processes.
    • Improving sales and marketing processes.  We train our sales personnel and update strategies and initiatives based on information collected through sales and marketing efforts.
    • Market research and product research.  For example, we conduct surveys or analyze calls with prospects for marketing or product research and development purposes to assess industry needs and inform product development. 
    • Event management.  We handle event registrations and attendance, including communicating with you about events.

    IMPORTANT NOTE:  

    During the sales process, you may share sample financial data from your business, or grant us access to repositories that contain this data, so we can determine which Services to offer. This financial data may include personal information such as identifiers, individual names, job titles or relationship information, and commercial or employment-related information relating to transactions involving individuals and your organization (for example, invoice amounts or payroll amounts). It may also include information related to entities, such as names, transaction dates, and amounts.

    Although this financial data can contain personal information, we do not control what personal information is included. We only use it as part of your overall financial transaction data to evaluate your organization’s needs and recommend the appropriate Services. If you provide sample data, we store it in our email and file storage systems and analyze it using software tools provided by our service providers.

    Operation of Our Corporate Website

    Cookies and tracking technologies.  In accordance with applicable law, Pilot, our service providers, and other third party website services providers employ commonly-used technologies to recognize your visits and track your interactions with the Site.  These technologies include cookies, web beacons, pixels, local shared objects, local storage, event trackers and other tracking technologies (collectively, “Cookies”).  

    We use this tracking data to operate, improve, and personalize our corporate website. For example, we use Cookies to personalize and improve your experience on our corporate website and to record your preferences.  If you identify yourself on our corporate website, for example, by completing a web form, we match (using a service provider) your identifying information with a Cookie associated with you (but which does not identify you by name, email, or phone number). Matching helps us analyze the marketing effectiveness (for example, campaign results), communicate with you, provide relevant information, and determine sales efforts to apply to your company.  

    We also combine Cookie data from your visits with information from other website visitors to improve the website experience for all visitors.  For example, we use Webflow in order to better understand our users’ needs and to optimize their experience. Webflow tools help us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.). This enables us to build and maintain our website and manage our sales and marketing efforts based on how users interact with the Site. Webflow tools use Cookies to collect data on our users’ behavior and their devices, including tracking individual user visits (which can be recorded and reviewed by Pilot), as well as aggregating data from multiple user visits. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. 

    Third party website services providers like those that we use for online advertising purposes (for example, to track the effectiveness of our marketing campaigns) may collect personal information from visitors to our websites for their own purposes.  

    We also use Google Analytics to analyze how visitors interact with our corporate website.  When you visit one of our websites that has Google Analytics enabled, the URL of the webpage and your internet protocol address are sent to Google so that Google can provide us its analytics services.  Google also reads Google Analytics Cookies that are placed on your browser when you visit our corporate website.  Please refer to the Google Privacy & Terms for more information. 

    Social Media Features. Our corporate website uses social media features, like buttons that let you share content on social media platforms (“Social Media Features”). These Social Media Features may collect your internet protocol address and information about the page you are visiting on our website, and they may set a Cookie to enable the feature to work properly. 

    Social Media Features are either hosted by a third party or hosted directly on our corporate website. Your interactions with these features are governed by the privacy policy of the company that provides them.

    Links to other sites.  Our corporate website includes links to other websites whose privacy practices may differ from those of Pilot. If you visit or submit personal information to any of those sites, your information will be handled according to their privacy policies. We encourage you to review the privacy policy of any website you visit.

    Re-targeted advertising.  Re-targeted (or behavioral) advertising uses information about your web browsing—such as the pages you visit or searches you make—to show you more relevant ads. This information is linked to a cookie ID (an alphanumeric number) and may come from Pilot or third-party website publishers. 

    If you would like to opt out of re-targeted advertising from Pilot that occurs when visiting third party websites: 

    • Visit the opt-out pages of Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
    • If you are located in the European Union, click here

    If you are located in California or Virginia, you may also opt out of our tag manager placing targeting cookies on your browser when you visit our corporate website, by clicking the “Do not sell or share my personal information” link at the bottom of our corporate website.  

    You can also control Cookies by adjusting the Cookie and advertising preferences settings in your browser.  Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

    How long we retain information for prospective customers

    We retain your business contact information and related sales and marketing activity in our systems for the following purposes: 

    • Maintaining records of our relationships with customers, prospective customers, partners, and prospective partners 
    • Analyzing and improving our sales and marketing efforts and Services (including developing new Services based on feedback you share during our interactions) 
    • Complying with legal obligations 
    • Resolving disputes
    • Enforcing our agreements 
    • Completing any outstanding transactions
    • Detecting and preventing fraud or other illegal activities 

    We generally retain this information until either you request that we delete your information or we determine that we no longer need your information for the purposes noted above.  

    We may retain your business email address indefinitely to keep a record of email marketing opt-out or deletion requests.

    If you have not identified yourself on our website, the primary marketing tools that we use to monitor website and email marketing activity delete records of your visit or email engagement starting 90 days or 365 days after your last activity in accordance with their retention policies.

    Retention of internet activity information collected by third party website services providers is determined by the applicable third party.

    INFORMATION FOR CUSTOMERS

    This section applies to you if you are affiliated with one of our customers or with a customer of one of our local partners (“Partner Customers”) and want to understand how we process personal data when providing our Services and operating our business.

    Information We Process

    In connection with providing our Services, we process three categories of data that can include personal information: Customer Data, Business Record Data, and Administrative Data.  The sections below explain each category in more detail, including how we use the data and how long we retain it.  For information about how personal information may be disclosed outside of Pilot, please see the General Information section. 

    Customer Data.  Customer Data is financial or business data provided by our customers - or provided at their direction - for the purpose of Pilot delivering the Services.  It also includes excerpts and reports of that data prepared as part of the Services for customers. Customer Data also includes data provided by Partner Customers (or at their direction), as well as data provided by partners who deliver services to Partner Customers on their behalf. It also includes any excerpts or reports of that data created as part of those partner-provided services.  

    We receive this information directly from our customers and Partner Customers or from third parties, such as when customers authorize us to access third-party data repositories.  For example:   

    • We may import transaction data from a customer’s payment processor, payroll provider, bookkeeping software, or other service provider, or from a data aggregating service such as Plaid.  This may occur through software integrations (such as APIs) or through log-in credentials provided by the customer.  We may develop more efficient ways to obtain transaction information from third-party sources, and may update the methods of data retrieval based on the customer’s original authorization.  Subject to any applicable third-party provider terms, Customer Data includes metadata from these third-party data repositories that we may have access to.
    • A partner may upload Partner Customer transaction data into our proprietary application or connect a software integration between a Partner Customer’s third-party data repository and our application in order to use our Services to provide bookkeeping services to the Partner Customer.  

    This financial and business information may include personal information such as: 

    • Identifiers 
    • Names of individuals
    • Relationships of individuals with customers (for example, job titles)
    • Commercial information or employment-related information connected to transactions between individuals and our customers (like invoice amounts or payroll amounts)
    • Business ownership information 

    This financial and business information may also include information related to entities, such as names, transaction dates, and amounts.  

    Customer Data that we use as part of our COO Services may also include social security numbers, identification documents, other government identifiers, and individual contact information (such as addresses) depending on the tasks we perform for COO Services customers (for example, payroll processing).

    Customer Data provided as part of our tax preparation services often includes personal information such as the names of corporate officers and directors, ownership information, business contact information, and social security numbers of certain individuals when required to prepare tax returns or complete information returns. 

    Customer Data provided in the context of our stock administration services may include personal information like employment status (active or terminated), personal contact information (personal email and address), and social security numbers (if provided by the individual equity holder).

    Customer Data also includes financial information that we generate on behalf of our customers in the course of providing our Services, such as reports of financial information, which may incorporate personal information.  Depending on the customer’s form of business organization, the financial statements we prepare on behalf of our customers may include the names of individuals.

    When customers subscribe to multiple Services, one Service may obtain Customer Data from another Service to avoid requesting the same information multiple times. Similarly, if a Partner Customer purchases a Pilot-provided Service, we may use the Partner Customer’s pre-existing Customer Data along with contextual information from the applicable partner to prevent duplicate requests. For long-term customers, we may also use Customer Data from prior years’ Services for current Services.

    IMPORTANT NOTE:  Customers give us access to certain third-party systems and services.  Information practices of these third parties are governed by their own privacy policies and data governance programs.  These practices are outside of Pilot’s control.

    How we use Customer Data.  We process Customer Data on behalf of our customers or Partner Customers to provide, maintain and improve our Services.  Examples include:

    To Provide, Monitor, and Improve our Services.  We use Customer Data to provide, monitor, and improve our Services.  For example: 

    • We review reconciliations of transaction data to prepare financial statements for our customers.  
    • We develop automated rules that increase efficiency in tasks such as categorizations based on learnings from Customer Data.
    • We develop AI-based methods of processing Customer Data to deliver the Services.
    • We may aggregate Customer Data to provide benchmarking insights in a deidentified fashion. 
    • We test, analyze, and deploy new features of our Services intended to improve their scope, efficiency or quality, such as by automating parts of financial statement preparation, or to enable customer insights into their financial information.  These activities may involve processing Customer Data.  For example, our Pilot AI product feature enables customers to ask a generative AI-powered chatbot about their books.  We use a tool that tests the quality of outputs of the chatbot to keep responses helpful to customers.
    • We make product development investments based on trends we observe in customer behavior.

    To Manage Our Relationship With Our Customers.  We monitor customer transactions, bank balances, and other indicators to ensure appropriate billing or pricing, monitor account health, and contact our customers to discuss their subscription needs.  

    To Provide Customer Service and Technical Support.  We may also process Customer Data when handling customer or partner support requests.

    For Research Using Aggregated or De-Identified Information.  We may conduct research, such as benchmarking studies, and share aggregated or combined insights from multiple customers or users—as long as no customer, Partner Customer, or individual can be identified.  These insights may be shared with customers or with third parties (such as advertisers or partners) for research, academic, marketing, or promotional purposes.  We or our third-party partners may publicly report aggregated findings, but never in a way that identifies any customer, Partner Customer, or individual.

    For example:

    • We may analyze which vendors are used most frequently and publish the results.

    • We may sample aggregated expense data and publish high-level insights on our website or social media.

    How long we retain Customer Data.  Except as discussed below in Business Records Data, we retain Customer Data relating to tax preparation for at least seven years from the due date (including extensions) of the related tax filing. 

    We retain other types of Customer Data to: 

    • Assist former customers (upon request and at current hourly rates) with questions that arise after their subscription ends 
    • Comply with legal obligations
    • Resolve disputes
    • Enforce our agreements 
    • Complete any outstanding transactions
    • Detect and prevent fraud or other illegal activity 

    We generally retain Customer Data until we receive a request to delete it, in which case, subject to any applicable legal requirements, we will take reasonable steps to remove or de-identify Customer Data in our systems that is not contained in Business Record Data.  Former customer credentials stored in our database are queued for deletion 120 days after the customer relationship ends, and standard backups of former customer Quickbooks Online account data and certain raw financial transaction data are queued for deletion 7 years after the customer relationship ends, in each case, unless otherwise required by law.  We retain Customer Data incorporated into our reconciliation rules in a manner that does not identify the customer indefinitely and in accordance with applicable law.

    Free trial customers’ Customer Data is queued for deletion thirty days after the trial’s expiration if the customer does not continue with Pilot.

    Business Record Data.  Business Record Data is created as we deliver our Services and communicate with customer and partner representatives; it is the record of the work we perform.  For example, our personnel interact with customers and partners through various channels, such as email, our proprietary application (app.pilot.com), messaging tools, and conference or video calls.  These interactions generate Business Record Data.

    Business Record Data includes: 

    • Communications, instructions, authorizations, and sign-offs from customers and partners that we rely on to provide our Services 
    • Work papers
    • Records of computations and processing of customer and Partner Customer financial data
    • Customer financial statements at the start (if applicable) and end of the Services, and drafts prepared during our Services
    • Information related to delivering Services, such as meeting scheduling information and follow up questions to customer
    • Information relating to our internal methodology, including processes and timelines that we use to gather information from customers 

    This table contains the categories of personal information we collected in Business Record Data in the last twelve months and its sources:


    Personal Information Category
    Example
    Source(s)

    Identifiers
  • Name
  • Business email address
  • Business phone number
  • Business address
    		•
  • Individual points of contact of our customers or partners who correspond with us as we provide our services.
  • Customer or partner points of contact provide personal information about additional points of contact.
    		•

    Employment-related information
  • Your employer’s name and your job title
    		•
  • Individual points of contact of our customers or partners who correspond with us as we provide our services, for example, a job title commonly appears in an email signature.
  • Customer or partner points of contact provide personal information about additional points of contact.
    		•

    Audio and visual information
  • Recording of your voice and likeness in calls or video conferences with our personnel (for example sales and service delivery personnel)
    		•
  • Individual points of contact of our customers or partners who participate in calls or video conferences, with their consent

    • Inferences from personal information
  • Customer or partner satisfaction survey results
    		•
  • Individual points of contact of our customers or partners who respond to customer satisfaction surveys
    •

    How we use Business Record Data.  We collect and process Business Record Data for our business purposes, including:

    To Provide Our Services and Operate Our Business.  We use Business Record Data to provide our Services and customer/partner support and for other business purposes,  such as service delivery management, analysis and improvement of our processes, new product and process research and development, and recordkeeping.

    To Manage Our Relationship With Our Customers.  We monitor customer communications to ensure appropriate pricing, monitor account health and sentiment, and contact our customers to discuss their subscription needs.

    Customer Service and Technical Support. We may offer various Internet chat services, for example, to speak with a Pilot support representative. A transcript of the chat session may be retained to resolve questions or issues related to our Services.

    How long we retain Business Record Data.  We retain Business Record Data to:

    • Maintain documented customer and partner instructions and approvals 
    • Maintain a record of our relationships with customers and partners and the work we performed 
    • Comply with legal obligations
    • Resolve disputes
    • Enforce our agreements
    • Complete any outstanding transactions
    • Detect and prevent fraud or other illegal activity  

    We retain this data for as long as we may have a legal or business reason to keep it, which is at least up to the end of the longest applicable statute of limitations period.  We may delete this data earlier if we determine that it is not necessary to retain for these purposes.  

    Customer Data may also exist in Business Record Data.  In these cases, we process this Customer Data only for recordkeeping and legal purposes, in the context of our business relationships with customers or partners.  

    The retention period for service fulfillment partners providing Pilot Tax Services, R&D Tax Credit Services, and Stock Administration Services is governed by the service fulfillment partners’ privacy policy and data governance practices.

    Administrative Data.  Administrative Data includes information used for managing and operating our Services.  This includes, for example:

    • Service management information, such as user account credentials to log into our proprietary application app.pilot.com, billing information, etc. 
    • Service usage information, such as log data or metadata from service delivery communications and customer interactions (for example, email senders and recipients, subject lines, dates of communication, and response times) 
    • Information derived from Customer Data that we use for service delivery, account-based sales and marketing, and operational purposes (for example, account status indicators like whether a customer has account balances or expenses over certain thresholds)
    • Usage Data.  Usage Data is usage information that we automatically collect when you access our proprietary application app.pilot.com, which is part of our Services.  This includes:
      • IP addresses 
      • Log files
      • Unique device identifiers
      • Pages viewed
      • Browser type 
      • Links you click within or when you leave our Services
      • Session replays of your interactions with app.pilot.com that we use for product research and customer support.  We use Mixpanel for this purpose.  To opt out of session replay please contact privacy[at]pilot.com
      • Other usage information collected through Cookies

    Categories of personal information we collected in the last twelve months and sources from which we obtain that information are listed in the table below:


    Personal Information Category
    Example
    Source(s)

    Identifiers
  • Name
  • Business email address
  • Business phone number
  • Business address
  • Internet protocol address
  • Cookie identifiers
    		•
  • You
  • Individual points of contact of our customers or partners who correspond with us as we provide our services
  • Customer or partner points of contact provide personal information about additional points of contact
  • Pilot’s systems collect identifiers like internet protocol addresses and Cookies automatically
    		•

    Employment-related information
  • Your employer’s name and your job title
    		•

  • You
  • Our third-party data enrichment services
    		•

    Internet activity information
  • Information about a user’s navigation through our application
  • Your responses to a customer satisfaction survey included in the email signatures of correspondence related to Pilot Services
    		•
  • Our tools for measuring activity on and use of our application, which include the use of Cookies and may include session replay functionality

    • Inferences from personal information
  • Analysis of effective ways to improve our services for all customers
    		•
  • Our analysis of metadata that we collect about the use of our products and services
    •

    How we use Administrative Data.  We use Administrative Data for our business purposes, including:

    Account Registration. We use your name, business address, business phone number, and business email address to register an account for you for certain Services we provide (such as creating an account in our application) and to send you important information. If you set up an account that others can access, please note that those users may be able to see, change, or delete your personal information.

    To Provide Our Services and Operate Our Business. We use your personal information to operate our business, including providing our Services to your employer, providing support related to our Services, and protecting our Services, including to combat fraud and to protect your information.  For example: 

    • We collect Usage Information to support the proper, efficient, and secure operation of our Services, including our application app.pilot.com, and to evaluate uptake of features.  
    • We collect IP addresses to track and aggregate non-personal information, such as understanding the regions from which users access our Services to comply with U.S. trade restrictions. 
    • We may also collect IP addresses from users when they log into the Services as part of our log-in and security features.  
    • We use Cookies to remember your preferences and navigation through our application, as well as to store work-in-progress data so your experience is smoother and more efficient. 
    • Our service delivery personnel summarize tasks completed in our time-keeping software.

    Customer Service and Technical Support. We use your name, business contact information, information about how you use our Services, and details about your computer configuration to answer questions, troubleshoot issues, and follow up with you about your experience. 

    Communicate with You and Tell You About Other Services. We may use your business contact information to communicate with you about our Services or offer you products and services, either from Pilot or from third parties (such as our Integration Partners), that we think may be useful to you. Please see below under “General Information—Your Rights and Managing Your Privacy” for the choices you have regarding these communications.  We also track changes in a customer’s business to monitor account health and identify opportunities for customer outreach and sales opportunities; for example, if your business has a financing event we may contact you about additional services.  

    To Improve Services and Develop New Services. We use Administrative Data to personalize your experience, develop new features or services, and to improve the overall quality of Pilot’s Services.  For example: 

    • We use Usage Data to understand how our application is performing and where improvements are needed.  
    • We use Cookies to understand how users interact with app.pilot.com and identify ways to improve user experience.
    • We use a tool that tracks anonymized individual user visits (which can be recorded and reviewed by Pilot) to assist with debugging and for security purposes.

    Feedback. If you provide suggestions or respond to surveys (which are always optional), we may combine your input with feedback from other customers to better understand how our Services are used and how we can improve them.

    For Research Using Aggregated or De-Identified Information. We may conduct research, such as benchmarking studies, and share aggregated or combined insights from multiple customers or users—as long as no customer, Partner Customer, or individual can be identified.  These insights may be shared with third parties (such as advertisers or partners) for research, academic, marketing, or promotional purposes.  We or our third-party partners may publicly report aggregated findings, but never in a way that identifies any customer, Partner Customer, or individual.

    How long we retain Administrative Data.  We retain Administrative Data as long as we need it to: 

    • Provide our Services
    • Maintain a customer’s account for the entire period during which a customer subscribes to our Services
    • As otherwise needed to operate our business  

    We retain and use Administrative Data as required by applicable law and Pilot’s records and information management policies.  This includes using data to comply with our legal obligations, resolve disputes, enforce our agreements, complete any outstanding transactions, detect and prevent fraud, improve our Services, develop new services, and for any other business use, including disclosure to third parties or publicly, provided that we will not publicly disclose Administrative Data that identifies a customer or Partner Customer by name or its employees without the customer’s or Partner Customer’s consent, unless otherwise required by law.  

    We retain Administrative Data until we determine that we no longer need it for the purposes described above.  We may retain different types of Administrative Data for different periods.  Currently, we retain Administrative Data indefinitely.  

    If you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and, unless you have opted out of receiving marketing communications, let you know about products and services that may interest you.

    GENERAL INFORMATION

    Call Recordings

    We record calls and video conferences that occur during sales conversations, service delivery, customer relationship management, and in the context of managing our local partner program.  These recordings contain identifiers of individual participants in the call, such as name, as well as audio and, if a participant has their camera on in a video conference, visual information.  We use these recordings and recording transcripts for training, note-taking, service delivery, add-on services identification, analyzing and improving our processes, maintaining Business Record Data, marketing research and development, and product research and development.  Recordings may be shared with Pilot personnel who need to access them for these business purposes.  

    We store the recordings in our systems, including systems provided by our vendors that we use to store and analyze the recordings.  We retain recordings until either:

    • You request deletion (subject to any legal limitations) or  
    • We determine that we no longer need your information for the purpose for which we collected it, which, subject to applicable legal requirements, is generally three years.

    How We Disclose Your Personal Information

    In the course of providing our Services and operating our business we disclose personal information outside of Pilot as described below.

    Service Providers. We provide or make available information, including personal information and Usage Data, to service providers who help us operate our business and deliver our Services.  These service providers may perform functions such as website design, telephony and system administration, marketing, sales, automated notetaking, customer support, data enrichment, email communications, communication management, data security, fraud detection and prevention, customer care, data storage, or analytics. Service providers may also collect information on our behalf.  Our contracts with service providers require them to keep personal information confidential, follow our instructions, and/or not use personal information for any purpose other than providing the agreed services or as permitted by law.  

    A list of these service providers that we use in the course of providing our Services and that process or may process Customer Data containing personal data is available here.  From time to time we may update this list.

    Some service providers may generate data (e.g., log data, aggregated or anonymized data) from their services that we do not control, which is subject to their privacy policies. For example, our billing system provider, Zuora anonymizes certain data it processes on our behalf and may use that anonymized data independently.  See Zuora’s privacy policy for more information.

    Service Fulfillment Partners.  We work with non-affiliated service fulfillment partners which fulfill certain of our Services, like our tax services, R&D credit services, and stock administration services.  These service fulfillment partners generally contract directly with our customers.  We disclose customer business contact information to these service fulfillment partners for customer relationship management purposes and we also disclose, or provide access to, Customer Data to these service fulfillment partners so that they can perform the applicable Pilot services.  Service fulfillment partners may use service providers to process Customer Data in connection with their provision of the Pilot services.  These partners’ activities are subject to their privacy policies and data governance programs.

    Integration PartnersWe may access Customer Data through integrations with other vendors providing back office or financial services (for example, payroll services providers) to more efficiently perform our Services.  We develop, or work with these integration partners to develop, these integrations.  

    We may inform customers about an integration partner’s service or product by contacting an individual point of contact at a customer or providing reference materials to customers. We may participate in partner programs and may receive incentives for referrals. 

    If a customer (whether a Pilot customer or an integration partner customer) chooses to use an integration partner’s services and provides consent, we may share information about the customer. This may include personal information about the customer’s representatives, such as business contact information. It may also include information about how the customer or its users interact with each company’s services or products. An integration partner’s activities are governed by its own privacy policy and data governance program.

    Promotional Partners.  From time to time we host events or provide content with partners who offer other services of interest to our customers.  We may share attendee information with these partners at an attendee’s direction.  These partners may then contact attendees.  These partners’ activities are subject to their privacy policies and data governance programs. 

    Third Party Website Services Providers.  We use services of third parties that are not “service providers” (as defined in the California Consumer Privacy Act (CCPA)) on our website.  These include ad networks and analytics and marketing services that we use for internet marketing and website analytics.

    Response to Subpoenas and Other Legal Requests. We may share information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.  We may also share information with parties in civil litigation in accordance with our customer agreements and as required by law.

    Protection of Pilot and Others. We may share account information, personal information and Usage Data to enforce or apply our agreements; or protect the rights, property, or safety of Pilot, our Services, our users, or others. This may include exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personal information of our customers for commercial purposes in violation of the practices described in this Privacy Policy.

    AffiliatesWe may disclose the information you provide or that we collect to our affiliates for service delivery purposes.

    Sale or Liquidation of Our Business. If we sell, merge, or transfer any part of our business, or any part of our business is acquired as part of bankruptcy or similar proceedings, we may transfer to the acquirer information in our possession or control, including personal information. 

    Business Advisors.  We may disclose information customers provide to us or that we collect or prepare to professional advisors who are subject to professional or contractual confidentiality requirements such as lawyers, bankers, auditors, brokers, and insurers.

    Per Customer Instructions.  An authorized representative of a Pilot customer may from time to time instruct us to disclose information to a third party that includes personal information.  

    With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your personal information may be shared with other third parties.  

    De-identified and Aggregated Data

    Once de-identified or aggregated in a way that does not reasonably permit reidentification, data is not personal information and we may use it for any purpose and retain it for any period.

    International Data Transfers

    In accordance with and as permitted by applicable laws and regulations, we reserve the right to transfer your information and process and store it outside your country of residence to locations where we or our third party service providers operate. Our service fulfillment partners use personnel who are located outside of the United States.  Information that we provide or make available, or that you provide directly, to our service fulfillment partners may, as permitted by law, be transferred outside the United States for purposes of Service fulfillment.

    How to Contact Us 

    If you have questions or comments about this Privacy Policy, please contact us. We welcome your feedback and comments.

    Via Email. If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at privacy[at] pilot.com.

    Via Direct Mail. Pilot.com, Inc., PO Box 7775 #86889, San Francisco, California 94120-7775.

    Changes to our Privacy Policy

    From time to time we may change or update our Privacy Policies. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.

    If we make material changes to the way we process your personal information, we will provide you notice via our Services or by other communication channels, such as by email or posting on this website. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may provide a notice of non-renewal in accordance with your agreement with us. All changes are effective immediately upon posting, and your use of our Services after a notice of material change or posting of an updated Privacy Policy shall constitute your consent to all changes. 

    Your Rights and Managing Your Privacy

    Updates and Access. You can update information that you have provided to us (for example, in the context of account creation).  Contact your account manager to make a request or email privacy[at]pilot.com.  In addition, as required by applicable law (see for example, “Privacy Rights Under State Laws” below), you may contact us to confirm whether we maintain any of your personal information and to review it in order to verify its accuracy. Where you have determined that the personal information we collected about you is inaccurate, you may also request that your personal information be updated or corrected.  Subject to applicable law, you may also request that we delete your personal information. Requests to access, correct, amend or delete your personal information should be sent to privacy[at]pilot.com.

    The main point of contact on a customer account can remove Pilot access to customer third party systems, for example, in connection with the end of our Services.  

    IMPORTANT NOTE:  If you believe that one of our customers collects data about you that we are processing, please contact the customer directly.

    Managing Marketing Communications From Us. We will honor your choices about receiving marketing communications from us. Please note that even if you choose not to receive marketing communications from us, we will continue to send you required Service or transactional communications.

    Managing SMS Communications From Us.  If you would like to stop receiving SMS communications from us in the sales context, please contact us per above or follow opt-out instructions in the SMS text message (such as replying or texting “STOP” if you receive an SMS from us).  Please note that even if you choose not to receive SMS messages from us in the sales context, we may continue to use your phone number in the context of providing our Services to you or for security purposes.  We will not share your mobile telephone number with third parties for their marketing purposes.

    Cookies and Other Tracking Technologies. You have control over some of the Cookies that we use on our corporate websites. Information on changing your browser settings to opt out of Cookies can be found in your browser settings. For the third party services and re-targeted advertising described in “Information for Prospective Customers—Types of information we collect—Operation of our corporate website” you can opt-out by following the instructions at the links provided.  If you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.  If you have enabled strict privacy settings on your browser, our cookies consent tool may not function properly for you.

    Do Not Track. Like many other companies, our Services and corporate website are not currently configured to respond to browsers’ “Do Not Track” signals.  If you configure your browser to send a “Do Not Track” signal, Convert Experiences will not load and set Convert’s Cookies.

    Privacy Rights under State Laws

    If the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (VCDPA), applies to you (for example, if you are a “consumer” under the CCPA), you have the following rights with respect to personal information that we process in our capacity as a “business” under the CCPA (“controller” under the VCDPA), which includes personal information described in the following sections and subsections:  

    1. “Information for Prospective Customers” 
    2. The “Business Record Data” (other than any “Customer Data” contained in “Business Record Data”) and “Administrative Data” sections of “Information for Customers” 
    3. The “Call Recordings” section of “General Information”

    If you submit a verifiable consumer request, you have the right, subject to either the CCPA or VCDPA, if and as applicable:

    • To receive disclosure of:
      • The categories of personal information that we have collected about you
      • the categories of sources of the personal information we have collected about you
      • the business or commercial purpose for our collecting, selling or sharing of personal information about you
      • the categories of third parties to whom we disclose your personal information (please note that this Privacy Policy provides the information that we would provide upon verifiable request for this data category and the above three data categories) 
      • the categories of personal information that we have sold or shared 
      • the categories of third parties to whom personal information was sold or shared
      • the categories of third parties to whom personal information was disclosed for a business purpose
      • the specific pieces of personal information that we have collected about you (subject to applicable legal limitations)
    • To request deletion of your personal information by us, subject to applicable legal limitations
    • To request correction of inaccurate personal information
    • To be free of discrimination on the basis of having exercised your rights under the CCPA or VCDPA

    In the last twelve months, we have “sold” or “shared” within the meaning of the CCPA the following categories of personal information to the following categories of third party:


    Category of Personal Information
    Category of Third Party to Whom Disclosed

    Identifier (cookie or internet protocol address)
    Third party web services providers

    Internet activity information
    Third party web services providers

    Geolocation data (to the extent that is determinable from your internet protocol address)
    Third party web services providers

    The purpose for selling or sharing the information above is targeted advertising and marketing.

    In the last twelve months, we have disclosed the following categories of personal information to the following categories of third party:

    Information for Prospective Customers:


    Personal Information Category
    Categories of Third Parties (not Service Providers) to whom Disclosed for Business Purpose
     
    Website visitor; Event attendee; Referral, lead purchase, or other marketing; Representative of prospective customer purchasing Services; Representative of prospective partner

    Identifiers
  • Integration partners
  • Promotional partners
    		•

    Employment-related information
  • Integration partners
  • Promotional partners

    		•
     
    Website visitor; Representative of prospective customer purchasing Services; Representative of prospective partner

    Identifiers
  • Third party website services providers
    		•

    Employment-related information
  • Third party website services providers
    		•

    Internet activity information
  • Third party website services providers
    		•

    Geolocation data
  • Third party website services providers
    		•
     
    Event attendee; Representative of prospective customer purchasing Services; Representative of prospective partner

    Audio and visual information
  • Promotional partners
  • Publicly on our website
    		•

    Information for Customers - Business Record Data


    Personal Information Category
    Categories of Third Parties (not Service Providers) to whom Disclosed for Business Purpose

    Identifiers
  • Service fulfillment partners
  • Integration partners
    		•

    Employment-related information
  • Service fulfillment partners
  • Integration partners

    		•

    For additional disclosures required by CCPA Section 1798.110(c) and Section 1798.115(c)(2), as well as additional information related to our data processing in our capacity as a “business” under the CCPA, please see the tables and sections set forth above in this Privacy Policy. 

    You have the right to opt out of “sales” or “sharing” within the meaning of the CCPA of your personal information if you are a California resident.  You can opt out of our “selling” or “sharing” of your personal information if you are a California resident, or targeted advertising if you are a Virginia resident, by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our webpages and adjusting the Cookie  and advertising preferences settings in your browser.  

    To our knowledge, we have not sold or shared personal information of consumers (as defined in the CCPA) under 16 years of age.  For California residents:  Pilot does not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m) of the California Consumer Privacy Act Regulations (“Section 7027(m)”).  The purposes described in Section 7027(m) include performing services reasonably expected by an average California resident who requests the services; preventing, detecting, and investigating security incidents; resisting malicious, deceptive, fraudulent, or illegal actions directed at us; ensuring the physical safety of natural persons; short-term, transient use; performing services on our behalf; verifying or maintaining the quality of our Services; and/or other collecting or processing of sensitive personal information where the collection or processing is not for the purpose of inferring characteristics about a California resident.

    If you have any questions about how we handle your information, the contents of this Policy, how to update your records or how to obtain a copy of the information that we hold about you or exercise your rights under the CCPA or VCDPA, please write to privacy[at]pilot.com.  We will generally verify your identity using information in your inquiry and data in our possession. We may ask you for additional information to verify your request.  A consumer’s authorized agent may also submit a request on behalf of the consumer.  The authorized agent should follow the process outlined above.  Pilot will request proof that the consumer gave the authorization written permission to submit the request and, depending on the nature of the information, will require the consumer to either verify their own identity directly with Pilot or directly confirm with Pilot that they provided the authorized agent permission to submit the request.

    The prior version of our Privacy Policy is available here.