The legal surface now includes a real DPA download.

roles

For customer content processed inside SimPilot workspaces, the customer acts as the controller and SimPilot acts as the processor for the limited purpose of providing the service.

Each provider or integration enabled at the customer’s request operates under the same minimum-necessary principle and is bound to the feature it powers.

processing

Processing covers account administration, workspace storage, typed workflow execution, evidence and report generation, billing support, security logging, and customer-enabled integrations.

• Data subjects: authorized customer users, reviewers, and customer-controlled data included in uploaded engineering materials.
• Data categories: identity data, workspace content, audit and usage records, integration metadata, and billing records.
• Purpose: provide, secure, support, and bill for SimPilot.

security

SimPilot applies access control, audit logging, rate limiting, approval gates, and provider-policy enforcement at the owning substrate rather than through page-local fallbacks. Customer data is processed only by personnel and subprocessors who need that access to deliver the service.

transfers

If customer data is processed outside the customer’s home jurisdiction, the transfer mechanism follows the controls and contractual terms attached to the active SimPilot plan and provider set. Enterprise privacy preferences may narrow the eligible provider set or disable a feature entirely when compliant routing is unavailable.

requests

For signed DPA requests, deletion workflows, or subprocessor questions, contact privacy@simpilot.dev.