Login

Privacy Policy

PilotSelectionPrep.com, operated as Pilot Selection Prep, respects your privacy. This Privacy Policy explains what personal data we collect, why we use it, which providers may process it, and how you can contact us.

This policy is effective from 3 May 2026. If you do not agree with this policy, do not use the Services.

1. Data we collect

We collect the data needed to operate, protect, support, and improve the Services.

  • Account data: email address, login identifiers, profile details, authentication events, account status, and related Supabase Auth records.
  • Training data: activity attempts, scores, answers, progress, targets, focus activities, recommendations, history, and other preparation state you create while using the Services.
  • Support data: support conversations, messages, escalation status, provider identifiers, timestamps, and support transcript metadata.
  • Billing data: if paid monthly subscriptions are enabled, checkout status, order records, subscription state, payment identifiers, invoice metadata, coupon or promotion data, and Stripe customer references.
  • Newsletter data: email address, subscription status, consent records, unsubscribe state, and campaign engagement data handled through Listmonk when you sign up for updates.
  • Analytics and security data: device and browser data, IP address, route usage, event names, referrer data, errors, rate-limit events, audit logs, and other data needed to detect abuse, secure accounts, and understand product usage.

2. How we use data

  • To create and manage accounts, sessions, access state, and authentication.
  • To provide activities, scores, targets, preparation tools, dashboards, history, support, and account-management features.
  • To operate current free access and future paid monthly subscription checkout, renewal, cancellation, account, and billing-support flows.
  • To answer support requests through AI support and human escalation where enabled.
  • To send service, security, account, support, and future billing messages.
  • To send newsletter or marketing messages only where you have signed up or where law allows us to contact you, with an unsubscribe option.
  • To detect security incidents, fraud, abuse, scraping, automated misuse, and breaches of our Terms.
  • To debug, maintain, measure, and improve the Services.

3. Legal bases

Depending on the feature and your location, we process personal data because it is needed to provide the Services, because we have a legitimate interest in operating and protecting the Services, because you gave consent, or because we must comply with legal obligations.

Newsletter consent can be withdrawn through unsubscribe links or by contacting us. Some service, security, account, and billing records may still need to be kept where required for operation, legal compliance, fraud prevention, or dispute handling.

4. Providers and processors

We use trusted providers to run the Services. The current repo-backed providers and planned email tooling are:

  • Supabase and Postgres for authentication, account records, application data, and database storage.
  • Stripe for future monthly subscription checkout, payment processing, customer records, invoices, disputes, and webhook confirmation.
  • PostHog for product analytics where analytics is enabled.
  • Flowise for AI support responses where AI support is enabled.
  • Chatwoot for human support escalation where human support is enabled.
  • Listmonk for newsletters, email-list consent, unsubscribe handling, and campaign delivery workflows.
  • Hosting, storage, email delivery, monitoring, and infrastructure providers needed to serve, secure, and maintain the Services.

These providers may process data in countries other than your own. Where required, we rely on appropriate safeguards, provider terms, and data-processing commitments.

5. Sharing data

We do not sell your personal data. We share personal data only where needed to provide the Services, use the providers listed above, comply with law, enforce our Terms, protect rights and security, handle payments or disputes, or complete a business transfer such as a merger, sale, or reorganisation.

6. Security

We use technical and organisational measures intended to protect personal data, including account authentication, role-separated database access, webhook verification, rate limits, audit records, and provider security controls.

No internet service is perfectly secure. You should use a strong password, protect your email account, and contact us if you suspect account misuse.

7. Retention

We keep personal data only as long as needed for the purposes described in this policy, including account operation, training history, support, security, legal compliance, future billing records, analytics, and dispute handling.

If you delete your account or request deletion, we will delete or anonymise data where required and where no stronger legal, security, fraud-prevention, billing, or operational reason requires retention.

8. Your rights

Depending on your location, you may have rights to access, correct, export, delete, restrict, object to processing, withdraw consent, or complain to a regulator about your personal data.

You can use account-management features where available or contact [email protected] to make a privacy request. We may need to verify your identity before acting on a request.

9. Children

The Services are not designed for children. Do not use the Services if you are not old enough to form a binding agreement or provide valid consent under the laws that apply to you.

10. Changes and contact

We may update this Privacy Policy by changing this page. The current version applies from your next use of the Services after it is posted.

Questions or privacy requests can be sent to [email protected].