Privacy

Privacy policy for the live SimPilot route tree.

The public shell stays read-only until sign-in, but the legal surface now documents how identity, workspace, billing, and provider-policy data move through the live product.

Last updated

April 19, 2026

Questions about privacy, deletion, or data-processing controls can be sent to privacy@simpilot.dev.

scope

Scope

This policy applies to SimPilot public surfaces, authenticated workspaces, shared evidence links, and the supporting identity, billing, and integration flows that keep those surfaces running.

Customer simulation inputs, specs, artifacts, workflow history, and review records are treated as customer content. Account, workspace, and usage records are processed only to operate, secure, support, and bill for the service.

collect

Information We Collect

We collect account identity and organization data, product usage and audit records, billing and subscription records, and the simulation content that authorized users upload or generate inside a workspace.

  • Identity and access records: name, email, org membership, role bindings, SSO and SCIM events, session issuance, and approval-token activity.
  • Workspace records: typed case specs, reports, evidence bundles, workflow runs, comments, notifications, and share-link state.
  • Operational records: request metadata, rate-limit and abuse-prevention events, security logs, webhook receipts, and connector-install state.
  • Billing records: plan, grants, usage events, checkout and portal activity, and invoicing references handled with our billing providers.

use

How We Use Information

We use this information to provide the product, route requests to the correct tenant and project boundary, enforce budgets and approvals, secure the platform, investigate incidents, and meet legal obligations.

We do not create a second anonymous runtime for public users. Tutorial and first-run spend begin only after a signed-in session exists and the request is tied to typed user, org, and project state.

providers

Providers and Subprocessors

SimPilot uses specialized providers for model routing, authentication, billing, notifications, and customer-requested integrations. Those providers process only the minimum data required for the feature they power.

Enterprise privacy controls may require compliant or zero-retention-capable providers. When no compliant provider is available for a gated feature, the feature fails closed instead of silently falling back to a less restrictive path.

  • AI and speech providers operate behind the platform gateway and policy layer.
  • Billing processors handle checkout, portal, and subscription events.
  • Identity providers handle SSO, SCIM, and session-issuance flows.
  • Connector and notification providers operate only when an org installs or enables them.

retention

Retention and Deletion

Retention follows typed product policy rather than ad-hoc logs. Workspace content, speech digests, and audit records are retained according to plan, org, and user settings where the product exposes those controls.

Deletion and privacy requests are handled through the platform’s durable deletion workflow so the same records are removed from the owning substrate instead of from a page-local cache.

contact

Contact

Privacy, security, and data-processing questions can be sent to privacy@simpilot.dev.