EcomCopilot Logo

SupportPilot

PRIVACY_POLICY
STATUS: ENFORCED

Data Governance
& Security Standards

We believe privacy should be engineered into the core, not added as an afterthought. Below is the technical specification of how we handle your digital assets.

Encryption
AES-256
Data Sale
Strictly Prohibited
Retention
User Defined

Privacy Overview

At SupportPilot, transparency is our core operating principle. This document outlines our data handling protocols, encryption standards, and your rights as a user.

Data Collection Protocol

We practice strict data minimization. We only collect essential telemetry and account data required for system operation:

  • Identity Data: Name, email, and authentication tokens.
  • Telemetry: Anonymized usage patterns to optimize system latency.
  • Conversation Logs: Encrypted message payloads processed by our AI (ephemeral storage).
  • Device Fingerprints: IP address and browser agents for security auditing.

Usage Logic

Data is processed strictly for the following execution paths:

  • Core Functionality: Routing messages through LLM endpoints.
  • System Integrity: Fraud detection and rate limiting.
  • Optimization: Training local models (only with explicit opt-in).
  • Communication: Critical system alerts and security notifications.

Security Architecture

Our infrastructure is built on a Zero-Trust architecture:

  • Encryption: AES-256 for data at rest; TLS 1.3 for data in transit.
  • Access Control: Role-Based Access Control (RBAC) with mandatory MFA for all staff.
  • Auditing: Continuous automated security scanning and penetration testing.
  • Isolation: Customer data is logically isolated in multi-tenant databases.

Third-Party Interconnects

WE DO NOT SELL DATA. Data is only transmitted to verified upstream providers required for service delivery:

  • LLM Providers: OpenAI / Anthropic / Google (via enterprise agreements with zero-retention).
  • Infrastructure: AWS.
  • Legal Compliance: Only when compelled by a valid court order.

Cookie Policy

We utilize local storage and secure cookies for session management:

  • Essential: Session tokens and CSRF protection.
  • Analytics: Anonymized performance metrics (can be disabled).
  • Preferences: UI state and theme settings.

User Sovereignty

You maintain full sovereignty over your data stack:

  • Right to Audit: Request a dump of all data associated with your ID.
  • Right to Erasure: Request total deletion of account and logs ("Right to be forgotten").
  • Right to Rectification: Correct system records.
  • Export: Download data in standard JSON/CSV formats.

Security Contact

For security disclosures or privacy concerns:

Channel: support@supportpilot.cc
SLA: Critical security tickets are addressed within 24 hours.

Compliance Question?

Our Data Protection Officer (DPO) is available for specific inquiries regarding your organization's compliance needs.

Contact Privacy TeamReturn to Console