Last Updated:  February 16, 2024

Pilot.com, Inc. Privacy Policy

Pilot.com, Inc. (“Pilot,” “we,” “us,” or “our”) provides back-office services, including bookkeeping services, controller services, tax services, CFO services, and stock administration services (our “Services”). This Privacy Policy (“Privacy Policy”) provides information about our personal information processing practices in the context of marketing and selling our Services to prospective customers, providing our Services to our customers, and operating our business.

We collect, use, and disclose information for the purpose of marketing, selling, and providing services to businesses and other organizations in the United States, and not individuals. To the extent we process personal information about an individual (“you”), it is for the purpose of marketing and selling to the organization which employs you (or with which you are affiliated), or it is in connection with (a) providing our Services to the organization which has collected your data and (b) operating or improving our Services.  As a provider of services to organizations we do not knowingly process data of individuals who are under sixteen years old.

If you are applying for employment with Pilot, please see our Job Candidate Privacy Policy.

If you visit one of our offices, please refer to the privacy notice that is provided to you when you check in.

If you are a representative of a third-party tax service provider that we use to fulfill the Pilot Tax Services, please see our Pilot Privacy Policy for Tax Services Providers for information about the categories of information we collect in the context of our tax services related to tax service provider personnel and their sources.

If you have questions regarding our Privacy Policy or practices, or if you are a California or Virginia resident and wish to exercise any of the rights described below, please contact us at privacy[at]pilot.com.

Our Privacy Policy contains the following sections:

Information for Prospective Customers.  This section describes the types of personal information we collect from and about representatives of the organizations that we desire to sell our Services to, our purposes for processing it, and how long we retain the various types of data.

Information for Customers. This section describes the types of data we process (which we call Customer Data, Business Record Data, and Administrative Data) in connection with providing our Services to our customers and the related operation and improvement of our Services and our business, as well as the purposes for processing, and how long we retain the various types of data.

General Information.  This section describes our processing of personal information related to call recording and categories of third parties to which personal information is or may be disclosed  (refer to this section for definitions when categories of third parties are discussed in earlier sections), as well as information about updates to this Privacy Policy, managing your personal information, your rights, and how to contact us with questions about this Privacy Policy or, as applicable, to exercise your rights.  

INFORMATION FOR PROSPECTIVE CUSTOMERS

This section applies to you if you are a visitor to our website, if you have attended a Pilot-organized or Pilot-sponsored event (whether online or in person), if we have obtained your contact information in the context of our other marketing and sales activities (for example, via a referral, lead purchase, or marketing survey), or if you are in the process of purchasing our Services on behalf of your employer.  

Information We Process

Categories of personal information we collected in the context of our sales and marketing efforts in the last twelve months and sources from which we obtain personal information are set forth in the table below. The section titled “General Information” describes disclosures of personal information outside of Pilot.


Personal Information Category


Example


Source(s)

 

Website visitor; Event attendee; Referral, lead purchase, or other marketing; Representative of prospective customer purchasing Services

Identifiers

  • Name
  • Business email address
  • Business phone number
  • Business address

  • You, if you choose to provide your name and contact information
  • Someone else in your organization if they provide us with your name and business contact information
  • An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
  • Our third-party data enrichment vendors
  • Publicly available information
  • Social media sites
  • Promotional partners
  • Integration partners
  • Lead sellers

  • Employment-related information

  • Your employer’s name
  • Your job title


  • You, if you choose to provide this information
  • Someone else in your organization if they provide us with your name, title and the company where you work
  • An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
  • Our third-party data enrichment vendors
  • Publicly available information
  • Social media sites
  • Promotional partners
  • Integration partners
  • Lead sellers
  •  

    Website visitor; Representative of prospective customer purchasing Services

    Identifiers

  • Internet protocol (IP) address
  • Cookie identifier

  • Our tools for measuring activity on and use of our website collect your IP address and set Cookies on your browser
  • Our tools for identifying the organization with which you are associated based on your IP address collect your IP address

  • Internet activity information

  • Information about your visit to our websites, including referring pages and your navigation through our websites
  • Information about your interactions with our marketing emails

  • Our tools for managing email campaigns
  • Our tools for measuring activity on and use of our website and engagement with email marketing efforts, which include the use of Cookies
  • Our tools for monitoring the effectiveness of our advertising and sales campaigns, which include the use of Cookies

  • Inferences from personal information

  • Analysis of effective ways to position our products by sales personnel based on communications with you and/or your engagement with our website or marketing materials

  • Sales and marketing service providers that provide scoring and analytical tools

  • Geolocation data

  • IP address

  • Our tools for measuring activity on and use of our website collect your IP address
  •  

    Event attendee

    Other

  • Dietary restrictions (for example, if you attend a live event)

  • You
  •  

    Event attendee; Representative of prospective customer purchasing Services

    Audio and visual information

  • Recording of your voice and likeness in calls or videoconferences with our sales and service delivery personnel
  • Recording of your voice and likeness at events, if you attend an event, such as a virtual event, and ask a question that is recorded

  • You, with your consent as required by law
  • How We Use Your Information

    We collect and process personal information for the business purposes of marketing and selling our Services.  We process your personal information with the goal of entering into an agreement to provide our Services with your employer or organization with which you are affiliated.  This includes, for example:

    • Sending you marketing communications like emails or newsletters to (1) make you aware of, or provide you with information you have requested about, our Services or the services of our partners, (2) engage with you, and (3) analyze and improve our marketing efforts based on your engagement with our marketing communications, including analyzing whether you opened an email and how you interacted with it.  
    • Communicating with you during the sales process, including, for example, via email, SMS, call or videoconference.
    • Creating, managing, and maintaining lead lists.
    • Collecting information about your visits to our websites to (1) collect information about your organization’s needs and your position within your organization, (2) determine how to optimize our sales efforts with respect to your organization, (3) measure and improve the effectiveness of our website, and (4) measure the effectiveness of targeted marketing efforts.  Please see “Operation of our corporate website” below for additional information.
    • Analyzing our interactions with you to optimize our sales processes.
    • Improving our sales and marketing processes, including training our sales personnel and updating strategies and initiatives.
    • Conducting market research and product research and development.
    • Conducting surveys for marketing or product research and development purposes, for example, to assess the needs of the industries that we serve. 
    • Managing event registrations and attendance, including communicating with you about the event.

    IMPORTANT NOTE: During the sales process, you may provide samples of your business’s financial data or access to repositories containing your financial data that we use to determine the appropriate Services to quote you. This financial data may include personal information such as identifiers, names of individuals, relationships of individuals with our prospects (like job title), and commercial information or employment-related information related to transactions between individuals and our prospects (like invoice amounts or payroll amounts), as well as information related to entities (like names, transaction dates, and amounts). While your financial data may contain personal information, we do not control what personal information is included, and only use it as part of your financial transactions data to determine the appropriate Services to quote you. If you provide this sample financial data we store it in our email and file storage systems and analyze it using software tools, which our service providers provide.

    Operation of Our Corporate Website

    Cookies and tracking technologies.  In accordance with applicable law, Pilot, our service providers, and other third party website services providers whose services we use on our corporate website use commonly-used tools to recognize your visit and track your interactions with our corporate website (including subpages) such as cookies, web beacons, pixels, local shared objects, local storage, event trackers, and other tracking technologies (collectively, “Cookies”). 

    We use this tracking data to operate our corporate website. For example, we use Cookies to personalize and improve your experience on our corporate website and to record your preferences.  If you identify yourself on our corporate website, for example, by completing a web form, we match (using a service provider) your identifying information with a Cookie associated with you (but which does not identify you by name, email, or phone number) to analyze the effectiveness of our marketing efforts (such as measuring the results of marketing campaigns), communicate with you and provide you relevant information, and determine sales efforts to apply to your company.

    We also combine data about your visit to our corporate websites collected from Cookies with that of other website visitors to improve your and other website visitors’ experience. We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our website with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data Hotjar collects on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

    Third party website services providers may collect personal information from visitors to our websites for their own purposes.

    We also use Google Analytics to analyze how visitors interact with our corporate website.  When you visit one of our websites that has Google Analytics enabled, the URL of the webpage and your internet protocol address are sent to Google so that Google can provide us its analytics services.  Google also reads Google Analytics Cookies that are placed on your browser when you visit our corporate website.  Please refer to the Google Privacy & Terms for more information.  

    Social Media Features. Our corporate website uses social media features, like buttons that enable you to share content on our corporate website on social media platforms (“Social Media Features”). These Social Media Features may collect your internet protocol address and which page you are visiting within our corporate website, and may set a Cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our corporate website. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features.

    Links to other sites.  Our corporate website includes links to other websites whose privacy practices may differ from those of Pilot. If you visit or submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

    Re-targeted advertising.  Re-targeted advertising or behavioral advertising uses information about an individual's web browsing behavior such as the webpages they have visited or the searches they have made. This information is then used to display more relevant ads. The information collected is linked to a cookie ID (alphanumeric number). The information used for targeted advertising either comes from Pilot or through third party website publishers. If you would like to opt out of re-targeted advertising from Pilot that occurs when visiting third party websites, please visit the opt-out pages of Network Advertising Initiative, here, and the Digital Advertising Alliance, here, or if located in the European Union, click here. If you are located in California or Virginia, you may also opt-out of our corporate website placing targeting Cookies on your browser, by clicking the “Do not sell or share my personal information” link at the bottom of our corporate website.  Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

    How long we retain information for prospective customers

    We retain your business contact information and related sales and marketing activity in our systems for purposes of maintaining a record of our relationships with customers and prospective customers, analyzing and improving our sales and marketing efforts and Services (including developing new Services based on feedback you may share with us in the course of our interactions with you in the sales and marketing context), complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud.  We generally retain this information until the earlier of your request that we delete your information and our determination that we no longer need your information for the purpose of marketing and selling our services to your employer.  We may retain your business email address indefinitely to keep a record of email marketing opt-out or deletion requests. 

    If you have not identified yourself on our website, the primary marketing tool that we use to monitor website and email marketing activity delete records of your visit or email engagement starting 90 days or 365 days after your last activity in accordance with their retention policies.

    Retention of internet activity information collected by third party website services providers is determined by the applicable third party.

    INFORMATION FOR CUSTOMERS

    This section applies to you if you are affiliated with one of our customers and would like to understand how we process personal data in the context of providing our Services and operating our business.

    Information We Process

    In connection with providing our Services, we process Customer Data, Business Records Data, and Administrative Data.  The sections below describe each of these data categories, purposes of processing, and retention period.  The section titled “General Information” describes disclosures of personal information outside of Pilot.

    Customer Data.  Customer Data is data provided by our customers or at their direction for the provision of the Services, and excerpts and reports of such data prepared as part of the Services for customers.  

    Customer Data includes financial and business information of our customers that they provide or make available to us that enables us to provide our Services.  We receive this information directly from our customers or when they authorize us to access third party data repositories (including customer vendors and data aggregating services).  For example, we may import transaction data from a customer’s payment processing service, payroll service provider, bookkeeping software, or other service provider of customer, or from a data aggregating service such as Plaid, via software integration (such as an application programming interface) or obtain transaction data via log-in information provided by the customer. We may develop ways to obtain transaction information from third party repositories that are more efficient than the initial method, and may update the ways of obtaining transaction data under a customer's initial authorization. Customer Data includes metadata from these third party data repositories that we may have access to.

    This financial and business information may include personal information such as identifiers, names of individuals, relationships of individuals with our customers (like job title), and commercial information or employment-related information related to transactions between individuals and our customers (like invoice amounts or payroll amounts), as well as information related to entities (like names, transaction dates, and amounts).  Customer Data provided in the context of our tax preparation services commonly includes the names of corporate officers and directors, ownership information, business contact information, and social security numbers of certain individuals for purposes of inclusion in the customer’s tax return or for completion of information returns. Customer Data provided in the context of our stock administration services may include employment status (active or terminated), personal contact information (personal email and address), and social security numbers (if provided by the individual equity holder).

    Customer Data also includes financial information that we generate on behalf of our customers in the course of providing our Services, such as reports of financial information provided by our customers or at their direction, which may incorporate personal information.  For example, we prepare financial statements on behalf of our bookkeeping customers, which contains data that we compute on our customers’ behalf.  Depending on the customer’s form of business organization, the financial statements may include the names of individuals as line item names.

    For customers who subscribe to more than one of our Services, one Service may obtain Customer Data from another Service to prevent duplicative requests for the same information.  For longer term customers, we may use Customer Data from prior years’ Services for current Services.

    IMPORTANT NOTE:  Customers provide us access to third-party systems.  Information practices of these third parties are governed by their privacy policies and data governance programs and are outside of Pilot’s control.

    How we use Customer Data.  We process Customer Data on behalf of our customers for purposes of providing Services to our customers, and maintaining and improving our Services.  For example, we process Customer Data:

    To Provide, Monitor, and Improve our Services.  We process Customer Data on behalf of our customers to provide, monitor, and improve our Services.  For example: 

    • Our service delivery personnel review reconciliations of transaction data to prepare financial statements on behalf of our customers.  
    • We may create automated rules that increase efficiency in tasks such as categorizations based on learnings from Customer Data.
    • We test and analyze new features of our Services intended to improve their efficiency or to enable customer insights into their financial information. These activities may include processing of Customer Data.
    • We make product development investments based on trends in customer behavior.  

    To Manage Our Relationship With Our Customers. We monitor a customer’s expenses, bank balances, and other indicators (none of which include personal information) to ensure appropriate pricing, monitor account health, and to contact our customers to discuss their subscription needs.

    To Provide Customer Service and Technical Support.  We may also process Customer Data in connection with customer support requests.

    For Research, Including Publishing or Sharing Combined Information from Multiple Customers or Users, But Only in a Way that Would Not Allow the Customer or Any Other Person to be Identified. Only in a way that would not allow a customer or any other identifiable person to be identified, we may share information, such as benchmarking studies, about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow a customer or any other identifiable person to be identified.  For example, we might analyze which vendors our customers most commonly use and disclose the results on our website.  We might sample aggregate expense data from our customers to publish insights on our website or on social media.

    How long we retain Customer Data.  Except as discussed below in Business Records Data, we retain Customer Data relating to tax preparation for at least seven years from the due date (including extensions) of the related tax filing and we retain other Customer Data for the purposes of assisting former customers (upon request at current hourly rates) with post-termination questions related to our Services as they transition, for example, to a different service provider, complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We generally retain Customer Data until we receive a request to delete it, in which case, subject to any applicable legal requirements, we will take reasonable steps to remove or de-identify Customer Data in our systems that is not contained in Business Record Data. Former customer credentials stored in our
    database are queued for deletion 120 days after the customer relationship ends, unless otherwise required by law. We retain Customer Data incorporated into our reconciliation rules in a manner that does not identify the customer indefinitely and in accordance with applicable law.

    Business Record Data.  In the course of providing our Services, our personnel communicate with representatives of our customers through a number of channels, including email, our proprietary application app.pilot.com, messaging applications, and conference calls (including video conference calls), all of which generate Business Record Data. Business Record Data includes customer instructions and authorizations that we rely on to provide our Services to our customers, as well as work papers and other information incidental to Service delivery, such as meeting scheduling information and follow up questions to customers, and information relating to our methodology that guides our processes and timing of gathering information from customers in order to provide our Services. Categories of personal information we collected in Business Record Data in the last twelve months and sources from which we obtain personal information are set forth in the table below:


    Personal Information Category

    Example

    Source(s)

    Identifiers

  • Name
  • Business email address
  • Business phone number
  • Business address

  • Individual points of contact of our customers who correspond with us as we provide our services.
  • Customer points of contact provide personal information about additional points of contact.

  • Employment-related information

  • Your employer’s name and your job title


  • Individual points of contact of our customers who correspond with us as we provide our services, for example, a job title commonly appears in an email signature.
  • Customer points of contact provide personal information about additional points of contact.

  • Audio and visual information

  • Recording of your voice and likeness in calls or video conferences with our sales and service delivery personnel

  • Individual points of contact of our customers who participate in calls or video conferences, with their consent

  • Inferences from personal information

  • Customer satisfaction survey results

  • Individual points of contact of our customers who respond to customer satisfaction surveys
  • How we use Business Record Data.  We collect and process Business Record Data for our business purposes, which include, for example:

    To Provide Our Services and Operate Our Business.  We process Business Record Data to provide our Services and customer support to our customers and for our business purposes, including service delivery management, analysis and improvement, new product and process development, and recordkeeping.

    Customer Service and Technical Support. We may offer various Internet chat services, for example, to speak with a Pilot support representative. A transcript of the chat session may be retained to resolve questions or issues related to our Services.

    How long we retain Business Record Data.  We retain Business Record Data for the purposes of maintaining documented customer instructions and approvals and a record of our relationships with customers, complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud.  We retain this data for as long as we may have a legal or business reason to keep it, which is at least up to the end of the longest applicable statute of limitations period.  We may delete this data earlier if we determine that it is not necessary to retain for the purposes mentioned above. Customer Data may also be included in emails, messages, or call recordings.  To the extent Customer Data exists in our Business Record Data, it is incidental to our business purpose for retaining Business Record Data, and we process this Customer Data only for recordkeeping and legal purposes, and only in the context of our business relationships with our customers.  The retention period for service fulfillment partners providing Pilot Tax Services is governed by the service fulfillment partners’ privacy policy and data governance practices.

    Administrative Data.  Administrative Data includes information related to Service management (for example, user account credentials to log into our proprietary application app.pilot.com, billing information, etc.), information about the usage of our Services (for example, log data or metadata from service delivery communications and customer interactions, such as email senders and recipients, subject lines, dates of communication, and response times), information derived from Customer Data that we use for service delivery, sales and marketing, and operational purposes (for example, account status indicators like whether a customer has account balances or expenses over certain thresholds), and Usage Data. Usage Data is usage information that we automatically collect when you access our proprietary application app.pilot.com, which is part of our Services, such as IP addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from Cookies.

    Categories of personal information we collected in the last twelve months and sources from which we obtain personal information are set forth in the table below:


    Personal Information Category

    Example

    Source(s)

    Identifiers

  • Name
  • Business email address
  • Business phone number
  • Business address
  • Internet protocol address
  • Cookie identifiers

  • You, if you choose to provide this information
  • Individual points of contact of our customers who correspond with us as we provide our services.
  • Customer points of contact provide personal information about additional points of contact
  • Pilot’s systems collect identifiers like internet protocol addresses and Cookies automatically

  • Employment-related information

  • Your employer’s name and your job title


  • You, if you choose to provide this information
  • Our third-party data enrichment services

  • Internet activity information

  • Information about a user’s navigation through our application
  • Your responses to a customer satisfaction survey included in the email signatures of correspondence related to Pilot Services

  • Our tools for measuring activity on and use of our application, which include the use of Cookies

  • Inferences from personal information

  • Analysis of effective ways to improve our services for all customers

  • Our analysis of metadata that we collect about the use of our products and services
  • How we use Administrative Data.  We collect and process Administrative Data for our business purposes, which include, for example:

    Account Registration. We may use your name, business address, business phone number, and business email address to register an account for you for certain Services we provide (for example, to create an account in our application) and to communicate important information to you. If you set up an account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your personal information.

    To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing our Services to your employer, providing support related to our Services, and protecting our Services, including to combat fraud and to protect your information.  For example:

    • We collect Usage Information for the purpose of facilitating the proper, efficient, and secure operation of our Services, including our proprietary application app.pilot.com.
    • We may collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services to comply with US trade restrictions.
    • We may also collect IP addresses from users when they log into the Services as part of our log-in and security features.
    • We use Cookies to remember your preferences and navigation through our application, as well as to store work-in-progress data when you interact with the application, to provide you an efficient experience with our application. 

    Customer Service and Technical Support. We may use your name, business address, business phone number, business email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience. 

    Communicate with You and Tell You About Other Services. We may use your business contact information to communicate with you about our Services and to give you offers for third party (for example, our Integration Partners) products and services that we think may be of use to you. Please see below under “General Information—Your Rights and Managing Your Privacy” for the choices you have regarding these communications. We track changes in a customer’s business to monitor account health and identify opportunities for customer outreach and sales opportunities; for example, if a customer has a financing event we may contact the customer regarding additional offerings.

    To Improve Services and Develop New Services. We use Administrative Data to personalize or customize your experience and the Services, develop new features or services, and to improve the overall quality of Pilot’s Services.  For example, we collect Usage Data to improve our application.  For example, we use Cookies to observe how users use our proprietary application app.pilot.com for the purpose of studying how users experience app.pilot.com and where there are opportunities to improve user experience.

    Feedback. We may use (a) any suggestions that you make to us and (b) information you volunteer in surveys you answer for us, and combine them with feedback and/or answers from other customers, in order to better understand our Services and how we may improve them. Answering any survey is optional.

    Research, Including Publishing or Sharing Combined Information from Multiple Customers or Users, But Only in a Way that Would Not Allow the Customer or Any Other Person to be Identified. Only in a way that would not allow a customer or any other identifiable person to be identified, we may share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow a customer or any other identifiable person to be identified.

    How long we retain Administrative Data.  We retain Administrative Data as long as necessary to serve you, to maintain a customer’s account for the entire period during which a customer subscribes to our Services, or as otherwise needed to operate our business.  We retain and use Administrative Data as required by applicable law and Pilot’s records and information management policies to comply with our legal obligations, resolve disputes, enforce our agreements, complete any outstanding transactions, and for the detection and prevention of fraud, as well as to improve our Services, develop new services, and for any other business use, including disclosure to third parties or publicly, provided that we will not publicly disclose information that identifies a customer by name or its employees without the customer’s consent, unless otherwise required by law.  We retain Administrative Data until we determine that we no longer need it for the purposes described above.  We may retain different types of Administrative Data for different periods. Currently, we retain a record that a customer’s account existed (and related billing and customer relationship management information) and the individuals who are associated with the customer and who have access credentials and other Administrative Data indefinitely.  

    When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and, unless you have opted out of receiving marketing communications, let you know about products and services that may interest you.

    GENERAL INFORMATION

    Call Recordings

    As noted above, we record calls and video conferences in both the sales and service delivery context. Recordings contain identifiers of individual participants in the call, such as name, as well as audio and, if a participant has their camera on in a video conference, visual information.  We use these recordings for training, note-taking, service delivery, process analysis and optimization, recordkeeping (for example, as Business Record information), and research and development.  Recordings may be shared with Pilot personnel who need to access it for these business purposes.  We store the recordings in our systems, including those of our vendors that we use to store and analyze the recordings.  We retain recordings until the earlier of your request that we delete your information (subject to any limitations provided by applicable law) and our determination that we no longer need your information for the purpose for which we collected it, which is generally three years.

    How We Disclose Your Personal Information

    In the course of providing our Services and operating our business we disclose personal information outside of Pilot as described below.

    Service Providers. We provide or make available information (or service providers collect information on our behalf), including personal information and Usage Data, to service providers who perform various functions to enable us to provide our Services and help us operate our business, including, for example, functions like website design, telephony and system administration, marketing (including website marketing tools), sales (including sales tools), customer support, data enrichment, email communications, communication management, fraud detection and prevention, customer care, data storage, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the personal information we provide to them, only act on our behalf and under our instructions, and/or not use personal information we provide to them for purposes other than the product or service they’re providing to us or on our behalf or as otherwise permitted by applicable law. Use of our service providers’ services may generate data (for example, log data or aggregated or anonymized data) that we do not input into these services and over which we have no control. These types of usage data are subject to the privacy policies of the applicable service provider. For example, Zuora anonymizes certain data that it processes on our behalf so that it may use the anonymized data for its own purposes. See Zuora’s privacy policy for more information.

    Service Fulfillment Partners.  We work with non-affiliated tax service providers which fulfill certain of our Services. These tax service providers generally contract directly with our customers. With customer consent (1) we disclose customer business contact information to these service fulfillment partners for customer relationship management purposes and (2) we also disclose, or make available with our access, Customer Data to these service fulfillment partners so that they can perform the Pilot tax preparation services. Service fulfillment partners may use service providers to process Customer Data in connection with their provision of the Pilot tax preparation services.  These partners’ activities are subject to their privacy policies and data governance programs.

    Integration PartnersAs noted above, we may access Customer Data that we need to perform our Services through integrations with other vendors who provide back office or financial services (for example, payroll services providers).  Accessing data via integrations increases the efficiency of our Services. We develop, or work with these integration partners to develop, these integrations. Pilot may let customers know about an integration partner's service or product (by contacting an individual point of contact at a customer or providing reference materials to customers), or an integration partner may let its customers know about a Pilot service or product. In some cases, we participate in partner programs with these integration partners and may receive incentives from the partner for providing referrals. It will be clear who is referring the service or product, and who is providing the service or product. If a customer (whether a Pilot or integration partner customer) chooses to accept an integration partner’s services, after providing consent to either the integration partner or to us, we may exchange information regarding a customer, including personal information about individuals representing the customer (for example, business contact information), as well as information about how the customer or its users interact with each company’s service or product. These partners’ activities are subject to their privacy policies and data governance programs.

    Promotional Partners.  From time to time we present events or content with partners who provide other services of interest to our customers.  We may share attendee information with these partners at an attendee’s direction.  These partners may contact attendees based on these lists.  These partners’ activities are subject to their privacy policies and data governance programs.

    Third Party Website Services Providers.  We use services of third parties that are not “service providers” (as defined in the California Consumer Privacy Act (CCPA)) on our website.  These include ad networks and analytics and marketing services that we use for internet marketing and website analytics purposes.

    Response to Subpoenas and Other Legal Requests. We may share information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.  We may also share information with litigants in civil litigation in accordance with our customer agreements and as required by law.

    Protection of Pilot and Others. We may share account information, personal information and Usage Data when we believe it is appropriate to enforce or apply our agreements; or protect the rights, property, or safety of Pilot, our Services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personal information of our customers for commercial purposes in violation of the practices described in this Privacy Policy.

    AffiliatesWe may disclose the information you provide or that we collect to our affiliates for service delivery purposes.

    Sale of Our Business. If we sell, merge, or transfer any part of our business, we may transfer to the acquirer information in our possession or control, including personal information. 

    Business Advisors.  We may disclose information customers provide to us or that we collect or prepare to professional advisors who are subject to professional or contractual confidentiality requirements such as lawyers, bankers, auditors, brokers, and insurers.

    Per Customer Instructions. An authorized representative of a Pilot customer may from time to time instruct us to disclose information to a third party that includes personal information.

    With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your personal information may be shared with other third parties.

    De-identified and Aggregated Data

    Once de-identified or aggregated in a way that does not permit reidentification, data is not personal information and we may use it for any purpose and retain it for any period.

    International Data Transfers

    In accordance with and as permitted by applicable laws and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to locations where we or our third party service providers operate. Our service fulfillment partners use personnel who are located outside of the United States.  Information that we provide or make available, or that you provide directly, to our service fulfillment partners may, as permitted by law, be transferred outside the United States for purposes of Service fulfillment.

    How to Contact Us 

    If you have questions or comments about this Privacy Policy, please contact us. We welcome your feedback and comments.

    Via Email. If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at privacy[at] pilot.com.

    Via Direct Mail. Pilot.com, Inc., PO Box 7775 #86889, San Francisco, California 94120-7775.

    Changes to our Privacy Policy

    From time to time we may change or update our Privacy Policies. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.

    If we make material changes to the way we process your personal information, we will provide you notice via our Services or by other communication channels, such as by email or posting on this website. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may provide a notice of non-renewal in accordance with your agreement with us. All changes are effective immediately upon posting and your use of our Services after a notice of material change or posting of an updated Privacy Policy shall constitute your consent to all changes. 

    Your Rights and Managing Your Privacy

    Updates and Access. You can update information that you have provided to us (for example, in the context of account creation).  Contact your account manager to make a request or email privacy[at]pilot.com.  In addition, as required by applicable law (see for example, “California and Virginia Privacy Rights” below), you may contact us to confirm whether we maintain any of your personal information and to review it in order to verify its accuracy. Where you have determined that the personal information we collected about you is inaccurate, you may also request that your personal information be updated or corrected.  Subject to applicable law, you may also request that we delete your personal information. Requests for access to your personal information and to have it corrected, amended, or deleted should be sent to privacy[at]pilot.com.

    IMPORTANT NOTE: If you believe that one of our customers collects data about you that we are processing, please contact the customer directly.

    Managing Marketing Communications From Us. We will honor your choices about receiving marketing communications from us. Please note that even if you choose not to receive marketing communications from us, we will continue to send you required Service or transactional communications.

    Managing SMS Communications From Us. If you would like to stop receiving SMS communications from us in the sales context, please contact us per above or follow opt-out instructions in the SMS text message (such as replying or texting "STOP" if you receive an SMS from us). Please note that even if you choose not to receive SMS messages from us in the sales context, we may continue to use your phone number in the context of providing our Services to you or for security purposes.

    Cookies and Other Tracking Technologies. You have control over some of the Cookies that we use on our corporate websites. Information on changing your browser settings to opt out of Cookies can be found in your browser settings. For the third party services and re-targeted advertising described in “Information for Prospective Customers—Types of information we collect—Operation of our corporate website” you can opt-out by following the instructions at the links provided.  If you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.  

    Do Not Track. Like most other companies, our Services and corporate website are not currently configured to respond to browsers’ “Do Not Track” signals.

    California and Virginia Privacy Rights

    If the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (VCDPA), applies to you (for example, if you are a “consumer” under the CCPA), you have the following rights with respect to personal information that we process in our capacity as a “business” under the CCPA (“controller” under the VCDPA), which includes personal information described in the following sections and subsections:  

    1. “Information for Prospective Customers,”
    2. “Information for Customers”
      1. “Business Record Data” (other than any “Customer Data” contained in “Business Record Data”) and
      2. “Administrative Data” sections of “Information for Customers,”
    3. “General Information”
      1. “Call Recordings”

    If you submit a verifiable consumer request, you have the right, subject to either the CCPA or VCDPA, if and as applicable:

    • To receive disclosure of:
      • The categories of personal information that we have collected about you;
      • the categories of sources of the personal information we have collected about you;
      • the business or commercial purpose for our collecting, selling or sharing of personal information about you;
      • the categories of third parties to whom we disclose your personal information (please note that this Privacy Policy provides the information that we would provide upon verifiable request for this data category and the above three data categories);
      • the categories of personal information that we have sold or shared;
      • the categories of third parties to whom personal information was sold or shared;
      • the categories of third parties to whom personal information was disclosed for a business purpose; and
      • the specific pieces of personal information that we have collected about you (subject to applicable legal limitations);
    • To request deletion of your personal information by us, subject to applicable legal limitations;
    • To request correction of inaccurate personal information;
    • To be free of discrimination on the basis of having exercised your rights under the CCPA or VCDPA.

    In the last twelve months, we have “sold” or “shared” within the meaning of the CCPA the following categories of personal information to the following categories of third party:


    Category of Personal Information

    Category of Third Party to Whom Disclosed

    Identifier (cookie or internet protocol address)

    Third party web services providers

    Internet activity information

    Third party web services providers

    Geolocation data (to the extent that is determinable from your internet protocol address)

    Third party web services providers

    The purpose for selling or sharing the information above is targeted advertising and marketing.

    In the last twelve months, we have disclosed the following categories of personal information to the following categories of third party:

    Information for Prospective Customers:


    Personal Information Category

    Categories of Third Parties (not Service Providers) to whom Disclosed for Business Purpose (see “General Information - How We Disclose Your Personal Information” section)

     

    Website visitor; Event attendee; Referral, lead purchase, or other marketing; Representative of prospective customer purchasing Services

    Identifiers

  • Integration partners
  • Promotional partners

  • Employment-related information

  • Integration partners
  • Promotional partners

  •  

    Website visitor; Representative of prospective customer purchasing Services

    Identifiers

    - Third party website services providers

    Internet activity information

    - Third party website services providers

    Geolocation data

    - Third party website services providers

     

    Event attendee; Representative of prospective customer purchasing Services

    Audio and visual information

  • Promotional partners
  • Publicly on our website

  • Information for Customers - Business Record Data:


    Personal Information Category

    Categories of Third Parties (not Service Providers) to whom Disclosed for Business Purpose (see “General Information - How We Disclose Your Personal Information” section)


    Identifiers

  • Service fulfillment partners
  • Integration partners

  • Employment-related information

  • Service fulfillment partners
  • Integration partners
  • For additional disclosures required by CCPA Section 1798.110(c) and Section 1798.115(c)(2), as well as additional information related to our data processing in our capacity as a “business” under the CCPA, please see the tables and sections set forth above in this Privacy Policy. 

    You have the right to opt out of “sales” or “sharing” within the meaning of the CCPA of your personal information if you are a California resident.  You can opt out of our “selling” or “sharing” of your personal information if you are a California resident, or targeted advertising if you are a Virginia resident, by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our webpages.

    To our knowledge, we have not sold or shared personal information of consumers (as defined in the CCPA) under 16 years of age. For California residents: Pilot does not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m) of the California Consumer Privacy Act Regulations (“Section 7027(m)”). The purposes described in Section 7027(m) include performing services reasonably expected by an average California resident who requests the services; preventing, detecting, and investigating security incidents; resisting malicious, deceptive, fraudulent, or illegal actions directed at us; ensuring the physical safety of natural persons; short-term, transient use; performing services on our behalf; verifying or maintaining the quality of our Services; and/or other collecting or processing of sensitive personal information where the collection or processing is not for the purpose of inferring characteristics about a California resident.

    If you have any questions about how we handle your information, the contents of this Policy, how to update your records or how to obtain a copy of the information that we hold about you or exercise your rights under the CCPA or VCDPA, please write to privacy[at]pilot.com. We will generally verify your identity using information in your inquiry and data in our possession. We may ask you for additional information to verify your request. A consumer’s authorized agent may also submit a request on behalf of the consumer. The authorized agent should follow the process outlined above. Pilot will request proof that the consumer gave the authorization written permission to submit the request and, depending on the nature of the information, will require the consumer to either verify their own identity directly with Pilot or directly confirm with Pilot that they provided the authorized agent permission to submit the request.

    The prior version of our Privacy Policy is available here.

    A copy of this Privacy Policy marked over the prior version is available here.