Back to Sci-Pilot

Privacy Policy

Last updated: May 3, 2026

1. Introduction

Sci-Pilot ("we", "us", or "our") is committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the French Data Protection Act (Loi Informatique et Libertés), and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and share information when you use our web application at https://scipilot.app ("Service"). It also describes your rights regarding your personal data and how you can exercise them.

The data controller for the purposes of this Privacy Policy is Sci-Pilot. For any privacy-related inquiries, you may contact us at contact@scipilot.app.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register, we collect your email address and display name. If you register via Google OAuth, we collect your Google account email address and basic profile information (name, profile picture) as made available by Google.
  • Project and Task Data: When you create projects, tasks, calendar events, and other content within the Service, we store that data to provide the Service to you.
  • Financial Records: Data you enter into the financial module (quotes, invoices, financial reports) is stored on your device via localStorage. We do not transmit this data to our servers.
  • AI Conversation Data: Messages you send to and receive from the Vision AI assistant are processed to provide the AI service. Conversation data may be temporarily stored in localStorage.
  • Settings and Preferences: Your application preferences, theme settings, language preferences, and configuration data are stored locally on your device.

2.2 Information Collected Automatically

  • Usage Data: We may collect anonymized or pseudonymized data about how you interact with the Service, including pages visited, features used, session duration, and interaction patterns.
  • Device and Browser Information: We may collect your browser type, operating system, screen resolution, and similar technical information necessary to deliver the Service properly.
  • Cookies and Local Storage: We use cookies and localStorage for authentication, preferences, and analytics. See our Cookie Policy for details.

2.3 Information We Do Not Collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation. We do not knowingly collect personal data from children under the age of 16.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and operate the Service, including authenticating your account, displaying your data, and enabling core features.
  • AI Service: To process your requests through Vision AI and provide you with AI-assisted responses and suggestions.
  • Service Improvement: To understand how users interact with the Service, identify bugs, and improve features and user experience.
  • Security: To detect, prevent, and address technical issues, security threats, and fraudulent activity.
  • Communication: To respond to your inquiries, provide support, and send Service-related notifications.
  • Legal Compliance: To comply with applicable legal obligations and regulatory requirements.

We process your personal data only where we have a lawful basis to do so, including: your consent; the necessity to perform a contract with you; compliance with a legal obligation; the protection of your vital interests; the performance of a task carried out in the public interest; and our legitimate interests, where such interests are not overridden by your own rights and freedoms.

4. localStorage Usage

Sci-Pilot uses the browser's localStorage API to store data locally on your device. This is a fundamental aspect of how the Service works. The following categories of data are stored in localStorage:

  • Authentication Tokens: Session tokens necessary to maintain your logged-in state.
  • Application State: Projects, tasks, calendar events, team members, and other organizational data you create.
  • Financial Module Data: Quotes, invoices, financial reports, and related tracking data.
  • AI Assistant Data: Conversation history, agent configuration, soul state, and memory data for Vision AI.
  • User Preferences: Theme settings, language preferences, sidebar state, notification preferences, and other customization options.
  • Onboarding State: Whether you have completed the onboarding process.

Data stored in localStorage remains on your device and is not transmitted to our servers unless explicitly required for service functionality (such as AI processing). You can clear localStorage at any time through your browser settings, which will reset the application state but also log you out of the Service.

5. AI Interactions and Third-Party Processing

5.1 Fireworks AI

When you interact with Vision AI, your messages and conversation context are transmitted to Fireworks AI (fireworks.ai) for processing by large language models. Fireworks AI processes this data as a data processor on our behalf. By using the AI features, you acknowledge that your input data will be sent to Fireworks AI servers for inference processing.

We configure our AI provider to minimize data retention. However, we recommend that you do not include highly sensitive personal information, passwords, API keys, financial account numbers, or other confidential data in your AI conversations. We are not responsible for the data processing practices of Fireworks AI beyond our contractual data processing agreement.

5.2 Google OAuth

When you sign in using Google OAuth, your authentication request is processed by Google. We request only the minimum scope necessary for authentication (basic profile information and email address). We do not request access to your Google Drive, Google Docs, or other Google services beyond what is required for Gmail integration, which is only activated when you explicitly enable it.

Gmail integration, when enabled by you, allows Vision AI to read and summarize emails from your Gmail account. This feature requires your explicit authorization through Google OAuth and can be revoked at any time through your Google account settings or within the Sci-Pilot application.

6. Third-Party Services

In addition to Fireworks AI and Google, we may use the following third-party services:

  • Google Analytics: We use Google Analytics to collect anonymized usage data and understand how users interact with the Service. Google Analytics may set cookies and use similar technologies to collect data. You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on or managing your cookie preferences.
  • Cloudflare: We use Cloudflare for content delivery, DDoS protection, and performance optimization. Cloudflare may process certain data as a data processor.

We do not sell, rent, or trade your personal data to any third party. We share data only with service providers who process data on our behalf and only for the purposes described in this Privacy Policy.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

  • Account Data: Retained for the duration of your account and deleted within 30 days of account closure, unless legal retention obligations require longer storage.
  • localStorage Data: Persists on your device until you clear your browser data or delete your account. We recommend regularly backing up important project data stored locally.
  • AI Conversation Data: AI conversation history stored in localStorage can be cleared by you at any time. Data sent to Fireworks AI is subject to their retention policies.
  • Analytics Data: Anonymized analytics data may be retained indefinitely for service improvement purposes, as it can no longer be attributed to an identifiable individual.

8. International Data Transfers

As the Service operates from France and uses third-party processors that may be located outside the European Economic Area (EEA), your data may be transferred to countries outside the EEA. We ensure that appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions by the European Commission for specific countries;
  • Additional technical and organizational measures to ensure the security of your data.

9. Your Rights Under GDPR

Under the GDPR and applicable French data protection law, you have the following rights regarding your personal data:

  • Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether your personal data is being processed and, if so, access to that data along with additional information about the processing.
  • Right to Rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
  • Right to Erasure (Article 17 GDPR):You have the right to request the deletion of your personal data ("right to be forgotten"), subject to certain exceptions such as legal retention obligations.
  • Right to Restriction of Processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller.
  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests, including profiling. We will cease processing unless we have compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent (Article 7 GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint (Article 77 GDPR):You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. In France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL), accessible at https://www.cnil.fr.

To exercise any of these rights, please contact us at contact@scipilot.app. We will respond to your request within thirty (30) days as required by applicable law. We may request additional information to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols;
  • Secure authentication mechanisms through OAuth providers;
  • Regular security assessments and updates;
  • Access controls limiting data access to authorized personnel;
  • Secure development practices and code reviews.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. We encourage you to protect your account credentials and to contact us immediately if you suspect any unauthorized access.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@scipilot.app.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after the changes become effective constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. In case of material changes, we will make reasonable efforts to provide additional notice through the Service or by email.

13. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a privacy concern, please contact us at:

Sci-Pilot

Email: contact@scipilot.app

Website: https://scipilot.app

For GDPR-related complaints, you may also contact the CNIL (Commission Nationale de l'Informatique et des Libertés) at https://www.cnil.fr.

See also: Terms of Service · End User License Agreement · Cookie Policy