Privacy Policy

Last updated: May 18, 2026

BizPilot takes your privacy seriously. This policy explains what data we collect, how we use it, and what choices you have. We built this product with privacy in mind: we log IDs and metrics, not message content, and we never sell your data.

1. Information We Collect

Account information

Email address (used for authentication and product communications)
Google account identifier (if you sign in with Google)
Subscription status and billing history (managed by Stripe)

Conversation content

Messages you send to and receive from the AI assistant
PDF documents you upload for analysis (processed then discarded — not stored)
Auto-generated topic tags extracted from conversation content (e.g., carrier names, line items discussed)

Outcomes (voluntary, varies by trade)

Counterparty (insurance carrier, opposing party, or similar) and state
Line items, arguments, or settlement positions submitted, approved, denied, or partially approved
Dollar amounts (initial offer or estimate, final settlement or supplement approved, recovery)
Resolution timing
Trade-specific fields (e.g., roof type for roofing; equipment model for HVAC; injury category for personal injury). These are stored only when you choose to log them.

Usage and session data

Message and PDF analysis counts per month (for plan limit enforcement)
API token usage (for cost monitoring)
IP address and session identifiers maintained by Supabase Auth

2. How We Use Your Information

To authenticate you and maintain your session
To provide AI-powered responses by sending your conversation messages to the Anthropic Claude API (see Data Sharing below)
To maintain your conversation history so you can pick up where you left off
To aggregate anonymized outcomes into the Collective Outcome Intelligence dataset for your trade
To generate proactive Advisor alerts based on your own conversation history (Pro Plus plan)
To enforce plan limits and process subscription billing
To send you product updates, new feature announcements, and alerts — you can opt out at any time
To monitor service health and debug issues (we log IDs and metrics, never message content)
To comply with legal obligations

3. Data Sharing

We share your data only as described below. We do not sell your personal data. We do not share your data with insurance carriers, adjusters, or any third party for marketing purposes.

Anthropic (Claude API)

When you send a message, your conversation content is transmitted to Anthropic's Claude API to generate a response. We send only the conversation messages — not your email address, profile information, or any other identifying data. Anthropic processes this data under their own Privacy Policy. By using BizPilot's chat features, you acknowledge that your messages are processed by Anthropic.

Collective Outcome Intelligence (anonymized outcomes)

When you log outcomes, that data is stripped of your user ID and aggregated per-trade with outcomes from other users to form the Collective Outcome Intelligence dataset visible to Pro and Pro Plus subscribers in that trade. Your individual outcomes are never attributed to you or your company in the shared dataset — only the trade, counterparty, state, line items, and resolution data are retained in the aggregate.

Stripe (payment processing)

Subscription billing is handled by Stripe. We share your email address and subscription details with Stripe to process payments. We do not store your payment card number — Stripe handles all payment card data under their own PCI-compliant infrastructure.

Supabase (database and authentication)

All user data is stored in Supabase's cloud database infrastructure. Supabase processes data as our service provider under applicable data processing agreements.

4. Data Retention

Conversation history: Retained for the life of your account. Deleted within 30 days of account deletion.
Supplement outcomes (individually attributed): Retained while your account is active. Deleted within 30 days of account deletion.
Anonymized outcome data: Once anonymized and incorporated into the Collective Outcome Intelligence aggregate, this data may be retained indefinitely — it is no longer linked to you or your account.
Usage logs: Retained for 12 months then deleted.
PDF uploads: Processed in memory and passed to the Claude API. Not stored to disk or database.

5. Your Rights

You have the following rights with respect to your data:

Access: View your conversation history and supplement outcomes within the app at any time.
Export: Request an export of your conversation history and outcome data by emailing privacy@bizpilot.app.
Deletion: Delete your account at any time. Account-linked data is removed within 30 days. To request deletion, email privacy@bizpilot.app.
Opt-out: Unsubscribe from non-essential email communications at any time via the unsubscribe link in any email we send.

We will respond to data requests within 30 days. Note that anonymized aggregate data incorporated into the Collective Outcome Intelligence dataset cannot be individually identified or removed.

6. Cookies and Browser Storage

BizPilot uses minimal cookies and browser storage — no advertising cookies, no analytics tracking pixels, no third-party trackers.

Supabase auth cookie: A session cookie required to keep you signed in. This is a functional cookie — the Service cannot work without it. It does not track you across other websites.
localStorage "bp-theme": Stores your dark/light theme preference. Contains no personal data and is never sent to our servers.

7. Security

We use industry-standard security measures including HTTPS encryption for all data in transit, Supabase Row-Level Security policies to enforce data access controls, and restricted access to production systems. No system is completely secure — if you believe you have found a security issue, please contact us immediately at security@bizpilot.app.

8. Contact

For privacy-related questions, data access requests, or deletion requests, contact us at privacy@bizpilot.app. We aim to respond within 5 business days.