Privacy Notice
Last updated: 7/10/2026
1. Who we are
ProfitPilot is operated by Zak ("we", "us"). We are the data controller for the personal data we process about you in connection with the Service.
2. Data we collect
- Account data: name, email address, hashed login credentials.
- Usage data: calculator inputs and saved sessions you create.
- Support data: messages you send us.
- Technical data: IP address, device identifiers, browser type, log and telemetry data.
3. How we use your data
- To create and operate your account (contract performance).
- To provide, maintain, and improve the Service (legitimate interests).
- To ensure security and prevent fraud (legitimate interests / legal obligation).
- To respond to support requests (contract performance).
- To send service-related communications, and marketing where you have consented.
4. Who we share data with
- Merchant of Record: Paddle.com Market Ltd acts as our reseller and Merchant of Record. Paddle handles payments, subscription management, tax compliance, invoicing, and related buyer support. See Paddle's privacy notice.
- Service providers / subprocessors: hosting, database, authentication, analytics, and support tooling providers acting on our instructions.
- Professional advisers: legal and accounting advisers where reasonably required.
- Authorities: where required by law.
5. Data retention
We keep personal data only for as long as necessary for the purposes described in this notice, to comply with legal obligations, or to resolve disputes. Account data is deleted or anonymised on request or a reasonable period after account closure.
6. International transfers
Where personal data is transferred outside your country, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
7. Your rights
Subject to applicable law, you may have the right to access, rectify, erase, restrict, or port your personal data; to object to processing; and to withdraw consent at any time. Where relevant, you can complain to your local data protection authority. We respond to verified requests within the timeframe required by law (typically within one month under GDPR).
8. Security
We apply appropriate technical and organisational measures — including encryption in transit, access controls, and least-privilege database policies — to protect your personal data.
9. Cookies
We use essential cookies and similar technologies required to run the Service (for example, to keep you signed in). We do not use marketing cookies without your consent. You can control cookies through your browser settings.
10. Contact
For privacy questions or to exercise your rights, contact us through the in-app support channel.