Last Updated: December 29, 2022
We collect, use, and disclose information for the purpose of marketing, selling, and providing services to businesses and other organizations in the United States, and not individuals. To the extent we process personal information about an individual (“you”), it is for the purpose of marketing and selling to the organization which employs you (or with which you are affiliated), or it is in connection with (a) providing our Services to the organization which has collected your data and (b) operating or improving our Services. As a provider of services to organizations we do not knowingly process data of individuals who are under sixteen years old.
If you visit one of our offices, please refer to the privacy notice that is provided to you when you check in.
Information for Prospective Customers. This section describes the types of personal information we collect from and about representatives of the organizations that we desire to sell our Services to, our purposes for processing it, and how long we retain the various types of data.
Information for Customers. This section describes the types of data we process (which we call Customer Data, Business Record Data, and Administrative Data) in connection with providing our Services to our customers and the related operation and improvement of our Services and our business, as well as the purposes for processing, and how long we retain the various types of data.
This section applies to you if you are a visitor to our website, if you have attended a Pilot-organized or Pilot-sponsored event (whether online or in person), if we have obtained your contact information in the context of our other marketing and sales activities (for example, via a referral, lead purchase, or marketing survey), or if you are in the process of purchasing our Services on behalf of your employer.
Categories of personal information we collected in the context of our sales and marketing efforts in the last twelve months and sources from which we obtain personal information are set forth in the table below:
We collect and process personal information for the business purposes of marketing and selling our Services. We process your personal information with the goal of entering into an agreement to provide our Services with your employer or organization with which you are affiliated. This includes, for example:
We also use Google Analytics to analyze how visitors interact with our corporate website. When you visit one of our websites that has Google Analytics enabled, the URL of the webpage and your internet protocol address are sent to Google so that Google can provide us its analytics services. Google also reads Google Analytics Cookies that are placed on your browser when you visit our corporate website. Please refer to the Google Privacy & Terms for more information.
Re-targeted advertising. Re-targeted advertising or behavioral advertising uses information about an individual's web browsing behavior such as the webpages they have visited or the searches they have made. This information is then used to display more relevant ads. The information collected is linked to a cookie ID (alphanumeric number). The information used for targeted advertising either comes from Pilot or through third party website publishers. If you would like to opt out of re-targeted advertising from Pilot that occurs when visiting our third party advertising publishers, please visit the opt-out pages of Network Advertising Initiative, here, and the Digital Advertising Alliance, here, or if located in the European Union, click here. If you are located in California or Virginia, you may also opt-out of our corporate website placing targeting Cookies on your browser, by clicking the “Do not sell or share my personal information” link at the bottom of our corporate website. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
We retain your business contact information and related sales and marketing activity in our systems for purposes of maintaining a record of our relationships with customers and prospective customers, analyzing and improving our sales and marketing efforts and Services (including developing new Services based on feedback you may share with us in the course of our interactions with you in the sales and marketing context), complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We generally retain this information until the earlier of your request that we delete your information and our determination that we no longer need your information for the purpose of marketing and selling our services to your employer. We may retain your business email address indefinitely to keep a record of email marketing opt-out or deletion requests.
If you have not identified yourself on our website, the primary marketing tool that we use to monitor website and email marketing activity delete records of your visit or email engagement starting 90 days after your last activity in accordance with its retention policies.
Retention of internet activity information collected by third party website services providers is determined by the applicable third party.
This section applies to you if you are affiliated with one of our customers and would like to understand how we process personal data in the context of providing our Services and operating our business.
In connection with providing our Services, we process Customer Data, Business Records Data, and Administrative Data. The sections below describe each of these data categories, purposes of processing, and retention period. The section titled “General Information” describes the categories of third parties to whom personal information is or may be disclosed.
Customer Data. Customer Data is data provided by our customers or at their direction for the provision of the Services, and excerpts and reports of such data prepared as part of the Services for customers.
Customer data includes financial and business information of our customers that they provide or make available to us that enables us to provide our Services. We receive this information directly from our customers or when they authorize us to access third party data repositories (including customer vendors and data aggregating services). For example, we may import transaction data from a customer’s payment processing service or payroll service provider via software integration or log-in information provided by the customer. This financial and business information may include personal information such as identifiers, names of individuals, relationships of individuals with our customers (like job title), and commercial information or employment-related information related to transactions between individuals and our customers (like invoice amounts or payroll amounts), as well as information related to entities (like names, transaction dates, and amounts). Customer Data provided in the context of our tax preparation services commonly includes the names of corporate officers and directors, ownership information, business contact information, and social security numbers of certain individuals for purposes of inclusion in the customer’s tax return or for completion of information returns. Customer Data provided in the context of our stock administration services may include employment status (active or terminated), personal contact information (personal email and address), and social security numbers (if provided by the individual equity holder).
Customer Data also includes financial information that we generate on behalf of our customers in the course of providing our Services, such as reports of financial information provided by our customers or at their direction, which may incorporate personal information. For example, we prepare financial statements on behalf of our bookkeeping customers, which contains data that we compute on our customers’ behalf. Depending on the customer’s form of business organization, the financial statements may include the names of individuals as line item names.
For customers who subscribe to more than one of our Services, one Service may obtain Customer Data from another Service to prevent duplicative requests for the same information. For longer term customers, we may use Customer Data from prior years’ Services for current Services.
IMPORTANT NOTE: Customers provide us access to third-party systems. Information practices of these third parties are governed by their privacy policies and data governance programs and are outside of Pilot’s control.
How we use Customer Data. We process Customer Data on behalf of our customers for purposes of providing Services to our customers, and maintaining and improving our Services. For example, we process Customer Data:
To provide, monitor, and improve our Services. We process Customer Data on behalf of our customers to provide, monitor, and improve our Services. For example:
To Provide Customer Service and Technical Support. We may also process Customer Data in connection with customer support requests.
For Research, Including Publishing or Sharing Combined Information from Multiple Customers or Users, But Only in a Way that Would Not Allow the Customer or Any Other Person to be Identified. Only in a way that would not allow a customer or any other identifiable person to be identified, we may prepare and share information, such as benchmarking studies, about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow a customer or any other identifiable person to be identified. For example, we might analyze which vendors our customers most commonly use and disclose the results on our website. We might sample aggregate expense data from our customers to publish insights on our website.
How long we retain Customer Data. Except as discussed below in Business Records Data, we retain Customer Data relating to tax preparation for at least seven years from the due date (including extensions) of the related tax filing and we retain other Customer Data for the purposes of assisting former customers (upon request at current hourly rates) with post-termination questions related to our Services as they transition, for example, to a different service provider, complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We retain Customer Data until we receive a request to delete it, in which case, subject to any applicable legal requirements, we will take reasonable steps to remove or de-identify Customer Data in our systems that is not contained in Business Record Data. We retain Customer Data incorporated into our reconciliation rules in a manner that does not identify the customer indefinitely and in accordance with applicable law.
Business Record Data. In the course of providing our Services, our personnel communicate with representatives of our customers through a number of channels, including email, our proprietary application app.pilot.com, messaging applications, and conference calls (including video conference calls), all of which generate Business Record Data. Business Record Data includes customer instructions and authorizations that we rely on to provide our Services to our customers, as well as work papers and other information incidental to Service delivery, such as meeting scheduling information and follow up questions to customers (and information relating to our methodology that guides our processes and timing of gathering information from customers in order to provide our Services). Categories of personal information we collected in Business Record Data in the last twelve months and sources from which we obtain personal information are set forth in the table below:
How we use Business Record Data. We collect and process Business Record Data for our business purposes, which include, for example:
To Provide Our Services and Operate Our Business. We process Business Record Data to provide our Services and customer support to our customers and for our business purposes, including service delivery management, analysis and improvement, new product and process development, and record keeping.
Customer Service and Technical Support. We may offer various Internet chat services, for example, to speak with a Pilot support representative. A transcript of the chat session may be retained to resolve questions or issues related to our Services.
Administrative Data. Administrative Data includes information related to Service management (for example, user account credentials to log into our proprietary application app.pilot.com, billing information, etc.) and information about the usage of our Services (for example, log data or metadata from service delivery communications, such as email senders and recipients, subject lines, and dates of communication) and Usage Data. Usage Data is usage information that we automatically collect when you access our proprietary application app.pilot.com, which is part of our Services, such as IP addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from Cookies.
Categories of personal information we collected in the last twelve months and sources from which we obtain personal information are set forth in the table below:
How we use Administrative Data. We collect and process Administrative Data for our business purposes, which include, for example:
Account Registration. We may use your name, business address, business phone number, and business email address to register an account for you for certain Services we provide (for example, to create an account in our application) and to communicate important information to you. If you set up an account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your personal information.
Customer Service and Technical Support. We may use your name, business address, business phone number, business email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience.
Communicate with You and Tell You About Other Services. We may use your business contact information to communicate with you about our Services and to give you offers for third party (for example, our Integration Partners) products and services that we think may be of use to you. Please see below under “General Information—Your Rights and Managing Your Privacy” for the choices you have regarding these communications.
Feedback. We may use (a) any suggestions that you make to us and (b) information you volunteer in surveys you answer for us, and combine them with feedback and/or answers from other customers, in order to better understand our Services and how we may improve them. Answering any survey is optional.
Research, Including Publishing or Sharing Combined Information from Multiple Customers or Users, But Only in a Way that Would Not Allow the Customer or Any Other Person to be Identified. Only in a way that would not allow a customer or any other identifiable person to be identified, we may prepare and share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow a customer or any other identifiable person to be identified.
How long we retain Administrative Data. We will retain Administrative Data as long as necessary to serve you, to maintain a customer’s account for the entire period during which a customer subscribes to our Services, or as otherwise needed to operate our business. We retain and use Administrative Data as required by applicable law and Pilot’s records and information management policies to comply with our legal obligations, resolve disputes, enforce our agreements, complete any outstanding transactions, and for the detection and prevention of fraud, as well as to improve our Services, develop new services, and for any other business use, including disclosure to third parties or publicly, provided that we will not publicly disclose information that identifies a customer by name or its employees without the customer’s consent, unless otherwise required by law. We retain Administrative Data until we determine that we no longer need it for the purposes described above. We may retain different types of Administrative Data for different periods. Currently, we retain a record that a customer’s account existed (and related billing and customer relationship management information) and the individuals who are associated with the customer and who have access credentials and other Administrative Data indefinitely.
When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and, unless you have opted out of receiving marketing communications, let you know about products and services that may interest you.
As noted above, we record calls and video conferences both in the sales and service delivery context. Recordings contain identifiers of individual participants in the call, such as name, as well as audio and, if a participant has their camera on in a video conference, visual information. We use these recordings for training, note-taking, service delivery, process analysis and optimization, recordkeeping (for example, as Business Record information), and research and development. Recordings may be shared with Pilot personnel who need to access it for these business purposes. We store the recordings in our systems, including those of our vendors that we use to store and analyze the recordings. We retain recordings until the earlier of your request that we delete your information (subject to any limitations provided by applicable law) and our determination that we no longer need your information for the purpose for which we collected it.
In the course of providing our Services and operating our business we disclose personal information outside of Pilot.
Service Providers. We provide or make available information (or service providers collect information on our behalf), including personal information and Usage Data, to service providers who perform various functions to enable us to provide our Services and help us operate our business, including, for example, functions like website design, telephony and system administration, marketing (including website marketing tools), sales (including sales tools), customer support, data enrichment, email communications, communication management, fraud detection and prevention, customer care, data storage, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the personal information we provide to them, only act on our behalf and under our instructions, and/or not use personal information we provide to them for purposes other than the product or service they’re providing to us or on our behalf or as otherwise permitted by applicable law. Use of our service providers’ services may generate data (for example, log data or aggregated usage data) that we do not input into these services and over which we have no control. These types of usage data are subject to the privacy policies of the applicable service provider.
Service Fulfillment Partners. We work with non-affiliated tax service providers which fulfill certain of our Services. These tax service providers generally contract directly with our customers. With customer consent (1) we disclose customer business contact information to these service fulfillment partners for customer relationship management purposes and (2) we also disclose, or make available with our access, Customer Data to these service fulfillment partners so that they can perform the Pilot tax preparation services. Service fulfillment partners may use service providers to process Customer Data in connection with their provision of the Pilot tax preparation services. These partners’ activities are subject to their privacy policies and data governance programs.
Integration Partners. As noted above, we may access Customer Data that we need to perform our Services through integrations with other vendors who provide back office or financial services (for example, payroll services providers). Accessing data via integrations increases the efficiency of our Services. We develop, or work with these integration partners to develop, these integrations. Pilot may let customers know about the service or product (by contacting an individual point of contact at a customer or providing reference materials to customers) of an integration partner, or an integration partner may let its customers know about a Pilot service or product. In some cases, we participate in partner programs with these integration partners and may receive incentives from the partner for providing referrals. It will be clear who is referring the service or product, and who is providing the service or product. If a customer (whether a Pilot or integration partner customer) chooses to accept an integration partner’s services, after providing consent to either the integration partner or to us, we may exchange information regarding a customer, including personal information about individuals representing the customer (for example, business contact information), as well as information about how the customer or its users interact with each company’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service. By requesting or accepting these products or services, customers and their representatives are permitting us to provide information, including personal information, to the other party. These partners’ activities are subject to their privacy policies and data governance programs.
Promotional Partners. From time to time we present events or content with partners who provide other services of interest to our customers. We may share attendee information with these partners at an attendee’s direction. These partners may contact attendees based on these lists. These partners’ activities are subject to their privacy policies and data governance programs.
Third Party Website Services Providers. We use services of third parties that are not “service providers” (as defined in the California Consumer Privacy Act (CCPA)) on our website. These include ad networks and analytics and marketing services that we use for internet marketing and website analytics purposes.
Response to Subpoenas and Other Legal Requests. We may share information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request. We may also share information with litigants in civil litigation in accordance with our customer agreements and as required by law.
Affiliates. We may disclose the information you provide or that we collect to our affiliates for service delivery purposes.
Sale of Our Business. If we sell, merge, or transfer any part of our business, we may transfer to the acquirer information in our possession or control, including personal information.
Business Advisors. We may disclose information customers provide to us or that we collect or prepare to professional advisors who are subject to professional or contractual confidentiality requirements such as lawyers, bankers, auditors, brokers, and insurers.
With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your personal information may be shared with other third parties.
Per Customer Instructions. An authorized representative of a Pilot customer may from time to time instruct us to disclose information to a third party that includes personal information.
Once de-identified or aggregated in a way that does not permit reidentification, data is not personal information and we may use it for any purpose and retain it for any period.
In accordance with and as permitted by applicable laws and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to locations where we or our third party service providers operate. Our service fulfillment partners use personnel who are located outside of the United States. Information that we provide or make available, or that you provide directly, to our service fulfillment partners may, as permitted by law, be transferred outside the United States for purposes of Service fulfillment.
Via Direct Mail. Pilot.com, Inc., PO Box 7775 #86889, San Francisco, California 94120-7775.
From time to time we may change or update our Privacy Policies. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.
Updates and Access. You can update information that you have provided to us (for example, in the context of account creation). Contact your account manager to make a request or email privacy[at]pilot.com. In addition, as required by applicable law (see for example, “California and Virginia Privacy Rights” below), you may contact us to confirm whether we maintain any of your personal information and to review it in order to verify its accuracy. Where you have determined that the personal information we collected about you is inaccurate, you may also request that your personal information be updated or corrected. Subject to applicable law, you may also request that we delete your personal information. Requests for access to your personal information and to have it corrected, amended, or deleted should be sent to privacy[at]pilot.com. If you believe that one of our customers collects data about you that we are processing, please contact the customer directly.
Managing Marketing Communications From Us. We will honor your choices about receiving marketing communications from us. Please note that even if you choose not to receive marketing communications from us, we will continue to send you required Service or transactional communications.
Cookies and Other Tracking Technologies. You have control over some of the Cookies that we use on our corporate websites. Information on changing your browser settings to opt out of Cookies can be found in your browser settings. For the third party services and re-targeted advertising described in “Information for Prospective Customers—Types of information we collect—Operation of our corporate website” you can opt-out by following the instructions at the links provided. If you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.
Do Not Track. Like most other companies, our Services and corporate website are not currently configured to respond to browsers’ “Do Not Track” signals.
If the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (VCDPA), applies to you (for example, if you are a “consumer” under the CCPA), you have the following rights with respect to personal information that we process in our capacity as a “business” under the CCPA (“controller” under the VCDPA), which includes personal information described in the following sections and subsections:
If you submit a verifiable consumer request, you have the right, subject to either the CCPA or VCDPA, if and as applicable:
In the last twelve months, we have “sold” or “shared” within the meaning of the CCPA the following categories of personal information to the following categories of third party:
You have the right to opt out of “sales” or “sharing” within the meaning of the CCPA of your personal information if you are a California resident. You can opt out of our “selling” or “sharing” of your personal information if you are a California resident, or targeted advertising if you are a Virginia resident, by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our webpages. To our knowledge, we have not sold personal information of consumers (as defined in the CCPA) under 16 years of age.
If you have any questions about how we handle your information, the contents of this Policy, how to update your records or how to obtain a copy of the information that we hold about you or exercise your rights under the CCPA or VCDPA, please write to privacy[at]pilot.com. We will generally verify your identity using information in your inquiry and data in our possession. We may ask you for additional information to verify your request.