InvestorPilot
Sign inGet Started

Privacy Policy

Last updated: 13 May 2026 — DRAFT, pending counsel review

Who we are

InvestorPilot is operated by Corporate AI Solutions Pty Ltd (“we”, “us”). This policy describes how we collect, use, and protect personal information when you use the InvestorPilot platform.

Information we collect

From operators (users of the platform):

  • Authentication data: email address, password (hashed by Supabase Auth)
  • Profile data: full name, role, organisation
  • OAuth account references for LinkedIn, Gmail, and Outlook (we store identifiers, never passwords or tokens — tokens are held by Unipile under their security model)
  • Usage data: pages visited, actions taken, audit log entries

From prospects (people the operator chooses to contact):

  • Publicly available business information (company name, role, LinkedIn URL, public email when discovered via Hunter.io)
  • Inbound messages received in response to operator outreach

How we use information

  • To provide the InvestorPilot service to the operator
  • To enforce daily-cap and warmup safety limits on connected channels
  • To run the pre-send compliance filter against drafted messages
  • To maintain an audit log for compliance and debug purposes
  • To respond to support and compliance enquiries

Sub-processors

We use the following sub-processors. Each operates under its own privacy and security policies, linked below.

  • Supabase — database, authentication, file storage
  • Vercel — application hosting
  • Anthropic / OpenRouter — language model inference for scoring and drafting
  • Hunter.io — public email discovery
  • Brave Search — web search for prospect discovery
  • Resend — transactional email send
  • Unipile — LinkedIn / Gmail / Outlook channel orchestration

Data retention

Operator-account data is retained for the lifetime of the account. Audit log entries are retained indefinitely for compliance traceability. Prospect data is retained while it remains relevant to the operator's outreach workflow; operators may delete prospect records at any time.

Your rights

Under the Australian Privacy Act 1988 (and applicable equivalent regulations in other jurisdictions), you have rights to access, correct, and request deletion of your personal information. Contact us at dennis@corporateaisolutions.com to exercise these rights.

Security

We use industry-standard security measures including encrypted transport (HTTPS), encrypted storage (Supabase), row-level security for tenant isolation, and OAuth-based channel authentication (we never hold raw social or email credentials).

Contact

Privacy questions: dennis@corporateaisolutions.com

DRAFT NOTICE — This privacy policy is a working draft pending counsel review. The final version may differ; operators relying on the platform during the pre-launch review period should contact us for the current operative version.