Legal
Privacy Policy
Last updated: 11 July 2026
This Privacy Policy explains how AuditPilot ("we", "us") collects, uses and protects personal data when you use our Service. We act as the data controller for account data, and as a processor for the audit content you enter on behalf of your organisation.
1. Data we collect
- Account data: name, email, organisation, role, language preference, and authentication data.
- Customer Data: the audit checklists, notes, findings, nonconformities, documents and report content you enter.
- Usage data: log and device information used to operate and secure the Service.
- Billing data: handled by our Merchant of Record (see below); we do not store full payment card details.
2. How we use data
To provide, maintain, secure and improve the Service; to authenticate you; to generate AI-assisted finding drafts from the notes you submit; to provide support; and to comply with legal obligations.
3. Sub-processors & third parties
- Merchant of Record — a third-party authorised reseller (identified at checkout) that acts as our payment processor and handles checkout, billing and taxes.
- AI providers (e.g., Anthropic): when you request an AI-assisted draft, the relevant clause text, your note and document-register codes are sent to our AI provider to generate the draft. We do not use your Customer Data to train third-party models.
- Hosting & infrastructure providers used to operate the Service.
4. Legal bases
We process personal data on the bases of contract performance (to provide the Service), legitimate interests (security and improvement), consent where required, and legal obligation. This policy is aligned with the GDPR and Türkiye's KVKK.
5. International transfers
Data may be processed in countries other than yours, including where our sub-processors operate. Where required, appropriate safeguards (such as standard contractual clauses) are applied.
6. Data retention
We retain account and Customer Data for as long as your account is active and as needed to provide the Service, then delete or anonymise it within a reasonable period, unless a longer period is required by law.
7. Security
We apply account-level data isolation, access controls and encryption in transit. No system is completely secure; you are responsible for keeping your credentials safe.
8. Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing. Contact us to exercise these rights.
9. Cookies
We use strictly necessary cookies to authenticate sessions and operate the Service. Checkout pages hosted by our Merchant of Record may use their own cookies.
10. Changes & contact
We may update this policy; material changes will be notified through the Service or by email. Privacy questions or requests: [email protected].