← Back to home

Privacy Policy

Last updated: March 16, 2026

1. Introduction

GoPilot ("we", "us", or "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data when you use the GoPilot service, API, and website.

2. Data We Collect

Account data

When you create an account, we collect your email address and authentication credentials. If you subscribe to a paid plan, payment processing is handled by our payment provider — we do not store credit card numbers.

Agent & workspace data

We store the configuration, files, and state of your agents and workspaces on our infrastructure. This includes code, configuration files, and any data your agents process while running. Agent data is isolated per-workspace in dedicated microVMs.

Usage data

We collect anonymized usage metrics including API call counts, agent uptime, resource consumption, and error rates. This data is used to operate, improve, and bill for the Service.

Log data

Our servers automatically log request metadata including IP addresses, browser type, and timestamps. These logs are retained for up to 90 days for security and debugging purposes.

3. How We Use Your Data

  • To provide and operate the Service
  • To authenticate you and secure your account
  • To process billing and payments
  • To send transactional emails (account verification, billing receipts)
  • To monitor and improve service reliability and performance
  • To respond to support requests
  • To comply with legal obligations

We do not sell your personal data. We do not use your agent data or workspace content to train AI models.

4. Data Isolation & Security

Each agent runs in an isolated Firecracker microVM with its own filesystem, network, and process space. Agent data is not accessible to other users or agents. All external traffic is encrypted via TLS. API keys are hashed at rest. We follow industry-standard security practices to protect your data.

5. Third-Party Services

We use the following third-party services to operate:

  • Hetzner — Infrastructure hosting (EU/Germany)
  • Cloudflare — DNS, DDoS protection, and CDN
  • AI model providers — Anthropic, OpenAI, and others as configured by you for agent inference

These providers process data as necessary to deliver the Service. We select providers with strong security and privacy practices.

6. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we remove your personal data and agent data within 30 days. Anonymized usage metrics may be retained indefinitely. Server logs are retained for up to 90 days.

7. Your Rights

You have the right to:

  • Access your personal data
  • Export your agent data and workspace content
  • Delete your account and all associated data
  • Correct inaccurate personal data
  • Object to processing of your personal data

To exercise these rights, contact us via Discord or email.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. Authentication cookies are HTTP-only, secure, and scoped to our domain.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions about this policy? Reach us on Discord or email us at [email protected].