Privacy Policy

Effective Date: January 1, 2025
Last Updated: December 19, 2024

Pilotcore ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your information when you interact with our website and services.

1. Data Collection

We collect the following personal information when you use our services:

Information You Provide Directly

Email address: Required for guide downloads, consultation requests, and email communications
Name: First and last name for personalised communications
Company information: Company name and role for business context
Survey responses: Readiness assessment answers to understand your needs
Consultation details: Service interests and context you provide in consultation forms

Information We Collect Automatically

Email engagement data: Whether you open our emails, click links, or unsubscribe
Timestamps: When you submit forms, download guides, or engage with our emails
IP address: Automatically collected by our infrastructure provider (AWS)

Information We Do Not Collect

We do not collect browsing history, device identifiers, location data, or demographic information beyond what you explicitly provide.

2. Purpose and Use of Your Information

We use your personal information for the following legitimate business purposes:

Marketing Communications

Sending educational email sequences about cloud architecture, DevSecOps, and security compliance
Delivering compliance guides (CMMC, CPCSC) you've requested
Sharing relevant blog posts and expertise demonstrations

Lead Qualification

Assessing your readiness for consulting services through survey responses
Personalizing follow-up communications based on your interests
Scheduling consultation calls when you express interest

Service Delivery

Processing consultation requests and booking calendar appointments
Responding to inquiries submitted through contact forms
Providing customer support

Business Operations

Improving our email content and website based on engagement metrics
Maintaining records for tax and accounting purposes (consultation records only)
Complying with legal obligations

3. Legal Basis for Processing

Canadian Law (PIPEDA)

We process your personal information based on your express consent:

Downloading a guide constitutes consent to receive related email communications
Submitting a consultation request constitutes consent to contact you about services
You may withdraw consent at any time by unsubscribing or contacting us

United States Law (CAN-SPAM)

We comply with CAN-SPAM requirements:

You have an established business relationship when you request our guides or consultations
All emails include a clear unsubscribe mechanism
All emails identify Pilotcore as the sender
Our physical business address is included in email footers

Anti-Spam Legislation (CASL)

We comply with Canada's Anti-Spam Legislation:

Express consent is obtained before sending commercial electronic messages
All emails clearly identify Pilotcore as the sender
Unsubscribe mechanisms are provided in every email
Unsubscribe requests are processed within 10 business days

4. Data Sharing and Disclosure

We share your personal information only in the following limited circumstances:

Service Providers (Data Processors)

Cal.com: Calendar booking platform for consultation scheduling (only when you book a call)
Amazon Web Services (AWS): Infrastructure provider hosting our databases and email systems
Google reCAPTCHA: Bot protection on forms (only verification tokens, no personal data stored)

Third Parties We Do NOT Share With

We do not sell, rent, or share your personal information with:

Third-party marketing platforms or data brokers
Advertisers or analytics companies
Social media platforms
Any other commercial entities

Legal Disclosures

We may disclose your information if required by law, court order, or government regulation, or to protect our legal rights.

5. Your Privacy Rights

You have the following rights regarding your personal information:

Right to Access

Request a copy of the personal information we hold about you. We will provide this within 30 days of your request.

Right to Correction

Request correction of inaccurate or incomplete personal information.

Right to Deletion

Request deletion of your personal information, subject to retention requirements (see Section 6).

Right to Withdraw Consent

Withdraw your consent to marketing communications at any time by:

Clicking the "Unsubscribe" link in any email
Emailing privacy@pilotcore.io with "UNSUBSCRIBE" in the subject line
Contacting us through the website contact form

Right to Opt-Out

Opt out of specific email sequences while remaining subscribed to others (contact us to customise preferences).

Response Time

We respond to all privacy requests within 30 days. If we need additional time, we will notify you and explain why.

6. Data Retention

We retain your personal information according to the following schedule:

Active Email Sequences

Retention Period: Indefinitely while you remain subscribed
Purpose: Ongoing marketing communications and relationship building
Your Control: Unsubscribe at any time to stop future emails

Completed Sequences (No Consultation Booked)

Archive After: 12 months of inactivity
Permanent Deletion After: 24 months from sequence completion
Purpose: Compliance with data minimization principles

Consultation Records

Retention Period: 7 years from last consultation
Purpose: Tax and accounting requirements under Canadian and US law
Scope: Only applies if you book and complete a consultation

Email Suppression List (Unsubscribes, Bounces, Complaints)

Retention Period: Indefinite
Purpose: Legal compliance (honoring unsubscribe requests, preventing re-subscription)
Cannot Be Deleted: Required by CAN-SPAM and CASL regulations

Email Engagement Details (Opens, Clicks)

Aggregate After: 90 days (summary statistics only)
Delete Raw Data After: 12 months
Purpose: Campaign performance analysis

Exceptions

Records flagged for legal hold (e.g., ongoing dispute, regulatory inquiry) are exempt from automatic deletion.

This retention policy ensures we balance our legitimate business needs with your privacy rights and data minimization principles.

7. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@pilotcore.io
Response Time: Within 30 days
Subject Line: For faster processing, use "Privacy Request" in your subject line

For general inquiries, you may also use our website contact form.

Additional Information

Data Security

We implement industry-standard security measures to protect your personal information:

Encrypted data transmission (HTTPS/TLS)
Access controls limiting who can view your data
Regular security assessments of our infrastructure
Automated backups and disaster recovery procedures

However, no internet transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

International Data Transfers

Your personal information is stored on servers located in Canada (AWS Canada Central region). If you are located outside Canada, your information may be transferred to and processed in Canada, which has substantially similar privacy protections to GDPR.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new "Last Updated" date. If we make material changes, we will notify active subscribers by email.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

Your Consent

By providing your email address to download guides or request consultations, you consent to this Privacy Policy and our use of your information as described herein.

This Privacy Policy is written in plain language to ensure accessibility and understanding. If any provision is unclear, please contact us for clarification.