Last updated April 14, 2026
KBPilot Inc. ("we," "us," "our," or "Company") operates KBPilot, an AI-powered security questionnaire automation platform (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform and in our interactions with us.
This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our Service. Please read this policy carefully. If you do not agree with our practices, please do not use our Service.
When you create a KBPilot account, we collect your name, email address, company name, and job title. We use this information to create and maintain your account and to communicate with you about your use of the Service.
When you subscribe to a paid plan, payment information including your name, billing address, and card details are collected and processed by Stripe, our payment processor. We do not store, process, or have access to your full credit card numbers or sensitive payment data. We only retain the last four digits of your card and Stripe's transaction identifiers for billing records.
When you upload documents, knowledge articles, or other content to your Knowledge Base, we collect and store this content on your behalf. This information is unique to your account and is treated as sensitive proprietary information.
We automatically collect information about how you interact with the Service, including:
Like most online services, we automatically collect certain information when you access KBPilot:
We use the information we collect for the following purposes:
Your Knowledge Base documents are your proprietary information. We understand that these files may contain sensitive business information, competitive intelligence, or internal processes.
Your Knowledge Base content is never used to train or fine-tune our AI models. We do not analyze your documents for purposes other than providing the Service to you.
Knowledge Base documents are stored in encrypted form in our secure infrastructure. Access is restricted to you and your team members with whom you have explicitly shared access. We retain your KB content as long as your account is active. Upon account deletion, all Knowledge Base documents are securely deleted within 30 days.
We do not sell, rent, or trade your personal information to third parties. However, we share data with the following service providers who assist us in operating the Service:
Payment processing and subscription management. Stripe is PCI DSS compliant and processes payments according to their privacy policy.
Infrastructure and database hosting. Your data is stored on AWS servers in the US (US-East region). Supabase handles the underlying database management and is compliant with industry security standards.
When you use KBPilot's AI-powered questionnaire features, your questionnaire content (questions and knowledge base context) is sent to OpenAI's API for processing. OpenAI does not use this data to train their models. We have entered into a Data Processing Agreement with OpenAI that ensures your data is not used for model training or improvement.
Transactional email delivery. Resend sends confirmations, password resets, billing notifications, and other transactional messages on our behalf.
All third-party processors are contractually obligated to protect your information and only use it for the purposes we specify.
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:
We implement industry-leading security measures to protect your information against unauthorized access, alteration, disclosure, and destruction.
Our infrastructure is hosted on Amazon Web Services, which maintains SOC 2 Type II certification. We implement network segmentation, Web Application Firewalls (WAF), and continuous security monitoring.
Depending on your location, you may have certain rights regarding your personal information:
You have the right to request a copy of the personal information we hold about you.
You have the right to request correction of inaccurate or incomplete information.
You have the right to request deletion of your personal information (subject to legal retention requirements).
You have the right to request your data in a structured, commonly-used format.
You can opt out of promotional emails by clicking the unsubscribe link in any marketing email or by contacting us.
To exercise any of these rights, please contact us at privacy@kbpilot.ai. We will respond to your request within 30 days (or as required by applicable law).
KBPilot uses cookies to enhance your experience:
You can control cookie settings in your browser. Disabling cookies may affect your ability to use certain features of KBPilot.
KBPilot is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will promptly delete such information and terminate the child's account.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of KBPilot following any such changes constitutes your acceptance of the revised Privacy Policy.
If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us at:
Email: privacy@kbpilot.ai
We aim to respond to all privacy inquiries within 5 business days.