Privacy Policy

Last updated: April 10, 2026

1. Information We Collect

When you use PilotStream, we collect:

• Account information: email address, name, organization name, and password (hashed with Argon2)
• Usage data: API calls, broadcast metadata, streaming duration, and timestamps
• Payment information: processed securely by Stripe; we do not store credit card numbers
• Technical data: IP addresses, browser type, and server logs for security and debugging

2. How We Use Your Information

• Provide and maintain the Service
• Process payments and manage subscriptions
• Send service-related notifications (downtime, billing, security alerts)
• Monitor and improve platform performance and security
• Enforce our Terms of Service and prevent abuse

3. Video Content

Video streams and recordings processed through PilotStream are your data. We do not view, analyze, or share your video content. Recordings are stored on your behalf and accessible only through your authenticated API keys.

4. Data Sharing

We do not sell your personal information. We share data only with:

• Stripe: for payment processing
• Cloudflare R2: for recording storage
• Law enforcement: when required by law or to protect our rights

5. Data Security

We implement industry-standard security measures:

• Argon2 password hashing
• Fernet encryption for webhook signing secrets
• HMAC-SHA256 signed webhook deliveries
• TLS encryption for all data in transit
• Scoped API keys with hashed secrets

6. Data Retention

We retain account data for the duration of your subscription. Upon account deletion, we remove your personal data within 30 days. Anonymized usage statistics may be retained for analytics. Recordings are deleted within 90 days of account closure unless you request earlier deletion.

7. Your Rights

You have the right to:

• Access your personal data via the API or dashboard
• Correct inaccurate data
• Request deletion of your account and data
• Export your data (broadcasts, recordings, webhooks)
• Object to processing for marketing purposes

8. Cookies

We use minimal cookies for authentication (JWT session tokens). We do not use tracking cookies or third-party analytics cookies.

9. International Data Transfers

Our servers are located in the United States. By using the Service, you consent to the transfer of your data to the US.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

12. Contact

For privacy-related questions, contact us at [email protected].