Data Processing Agreement
Effective Date: December 2025 Security and performance move together. Our Data Processing Agreement outlines how Piloteer processes data responsibly, protects sensitive information, and supports global compliance while enabling real-time performance intelligence.
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the agreement between Piloteer Labs Inc. (“Piloteer,” “Processor,” “we,” or “us”) and the organization using Piloteer services (“Customer,” “Controller,” or “you”).
This DPA describes how Piloteer processes personal data on behalf of Customers in connection with the Piloteer platform, including Commander and Hunter, in accordance with applicable data protection laws such as the General Data Protection Regulation (GDPR), UK GDPR, and other relevant privacy frameworks.
Piloteer acts as a data processor, processing personal data only on documented instructions from the Customer and only to deliver contracted services.
2. Scope of Processing and Platform Functionality
Piloteer provides AI-powered performance intelligence software that analyzes communication patterns, workflow signals, and behavioral interactions to generate operational insights for leadership and revenue teams.
Processing activities may include:
Secure hosting of customer data
Analysis of communication transcripts and interaction metadata
Generation of behavioral and performance signals
System monitoring, logging, and platform security operations
Delivery of analytics dashboards and performance insights
Piloteer does not sell personal data and does not use Customer data to train external public AI models or unrelated third-party systems.
3. Roles and Responsibilities
Customer Responsibilities (Controller)
The Customer determines:
The purpose and lawful basis for data processing
Which data is collected and uploaded to the platform
The configuration and use of Piloteer within its organization
The Customer represents that it has obtained all necessary rights, permissions, and notices required to process personal data through Piloteer.
Piloteer Responsibilities (Processor)
Piloteer agrees to:
Process personal data only on documented Customer instructions
Maintain technical and organizational safeguards aligned with industry standards
Limit personnel access to data on a need-to-know basis
Assist Customers in fulfilling GDPR obligations where reasonably required
Piloteer operates under a least-privilege access model and maintains internal governance over platform development, infrastructure, and data handling.
4. Categories of Personal Data and Data Subjects
Depending on Customer configuration, personal data processed may include:
Names, business email addresses, and professional identifiers
Communication content or transcripts where enabled by the Customer
Behavioral and interaction signals derived from platform use
Platform usage metadata and activity logs
Data subjects may include:
Customer employees and contractors
Sales professionals and leadership users
Participants in meetings or communications processed by the platform
Piloteer does not intentionally process special category data unless expressly configured and permitted by the Customer.
5. AI Processing and Behavioral Signal Safeguards
Piloteer’s platform applies machine learning and signal analysis to identify performance patterns. To protect Customers and data subjects:
Customer data is not used to train public or unrelated AI systems
Model development environments are access-controlled
Processing focuses on organizational performance insights, not individual profiling beyond Customer-defined use
Data minimization and privacy-by-design principles are applied to AI workflows
Customers maintain control over how AI features are enabled within their environment.
6. Security Measures
Piloteer maintains a security program designed to protect confidentiality, integrity, and availability of Customer data, including:
Encryption in transit and at rest
Role-based access controls and least-privilege permissions
Multi-factor authentication for privileged accounts
Continuous infrastructure monitoring and audit logging
Secure software development lifecycle practices
Vendor risk assessment and subprocessor oversight
Security controls are reviewed and updated as part of Piloteer’s ongoing compliance and risk management processes.
7. Subprocessors
Piloteer may engage trusted subprocessors to provide infrastructure or operational services.
Piloteer ensures:
Subprocessors are bound by written data protection obligations
A current subprocessor list is available upon request
Customers are notified of material changes where required
8. International Data Transfers
Where personal data is transferred outside of the EEA or other regulated regions, Piloteer implements appropriate safeguards, which may include:
Standard Contractual Clauses (SCCs)
Contractual security obligations with subprocessors
Equivalent lawful transfer mechanisms
9. Assistance with Data Subject Rights
Piloteer provides reasonable assistance to Customers in responding to data subject requests, including:
Access, correction, or deletion requests
Restrictions on processing
Data portability where applicable
Customers remain responsible for validating and responding to requests from their own users.
10. Incident Response and Breach Notification
Piloteer maintains documented incident response procedures.
In the event of a confirmed personal data breach affecting Customer data, Piloteer will:
Notify the Customer without undue delay
Provide relevant details required for regulatory assessment
Take reasonable measures to contain and remediate the incident
11. Data Retention and Deletion
Piloteer retains Customer data only as long as necessary to provide services and meet contractual or legal obligations.
Upon termination or written request, Piloteer will:
Delete or return Customer data
Apply secure deletion practices consistent with cloud provider standards
12. Audits and Compliance Transparency
Piloteer maintains governance processes aligned with modern enterprise expectations.
Upon reasonable request and subject to confidentiality obligations, Piloteer may provide:
Security documentation
Compliance summaries
Evidence of technical and organizational measures
13. Term and Updates
This DPA remains effective for the duration of the Customer’s use of Piloteer services.
Piloteer may update this DPA to reflect changes in law, platform functionality, or security practices. Material updates will be communicated through appropriate channels.
14. Contact Information
Piloteer Labs Inc.
Denver, Colorado, USA
Email: Hello@Piloteer.ai
