A AuditPilot

Legal

Privacy Policy

Last updated: 11 July 2026

This Privacy Policy explains how AuditPilot ("we", "us") collects, uses and protects personal data when you use our Service. We act as the data controller for account data, and as a processor for the audit content you enter on behalf of your organisation.

1. Data we collect

2. How we use data

To provide, maintain, secure and improve the Service; to authenticate you; to generate AI-assisted finding drafts from the notes you submit; to provide support; and to comply with legal obligations.

3. Sub-processors & third parties

4. Legal bases

We process personal data on the bases of contract performance (to provide the Service), legitimate interests (security and improvement), consent where required, and legal obligation. This policy is aligned with the GDPR and Türkiye's KVKK.

5. International transfers

Data may be processed in countries other than yours, including where our sub-processors operate. Where required, appropriate safeguards (such as standard contractual clauses) are applied.

6. Data retention

We retain account and Customer Data for as long as your account is active and as needed to provide the Service, then delete or anonymise it within a reasonable period, unless a longer period is required by law.

7. Security

We apply account-level data isolation, access controls and encryption in transit. No system is completely secure; you are responsible for keeping your credentials safe.

8. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing. Contact us to exercise these rights.

9. Cookies

We use strictly necessary cookies to authenticate sessions and operate the Service. Checkout pages hosted by our Merchant of Record may use their own cookies.

10. Changes & contact

We may update this policy; material changes will be notified through the Service or by email. Privacy questions or requests: [email protected].