Contents Pilot Privacy Policy

This Privacy Policy aims to provide Contents Pilot users with a clear understanding of how their information is collected, used, protected, and their rights regarding this information. We value your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

Contents Pilot establishes this Privacy Policy in strict compliance with the European Union's General Data Protection Regulation (GDPR). For users located in Brazil, we also comply with the Brazilian General Data Protection Law (LGPD) – Law No. 13.709/2018. We encourage all users to familiarize themselves with our privacy practices and contact us with any questions.

It is of utmost importance to us to maintain a transparent approach in the processing of users' personal data, as stipulated in Articles 13 and 14 of the GDPR. This Policy applies to all users when interacting with our Services.

It is imperative that the information provided by users, especially personal data, is accurate and up to date, in accordance with Article 5(1)(d) of the GDPR. False or inaccurate information may result in the deletion of personal data and account termination.

'Personal Data' refers to any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR. 'Special Categories of Personal Data', as defined in Article 9 of the GDPR, include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation. Contents Pilot does not intentionally collect or process special category data.

In addition to identification and experience optimization, collected data is used for the following purposes, each with its corresponding lawful basis under Article 6(1) of the GDPR:

a. Operate and improve the Contents Pilot service — Lawful basis: performance of a contract (Art. 6(1)(b));

b. Provide customer support and respond to inquiries — Lawful basis: performance of a contract (Art. 6(1)(b));

c. Enhance service security, prevent fraud and abuse — Lawful basis: legitimate interest (Art. 6(1)(f));

d. Communicate with users about service updates — Lawful basis: performance of a contract (Art. 6(1)(b));

e. Send promotional offers and marketing communications — Lawful basis: consent (Art. 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Collected data may be shared or disclosed in the following situations:

a. With third-party service providers (data processors) acting on our behalf, including: Supabase (infrastructure and database), OpenAI (artificial intelligence processing), Stripe (payment processing), Google Analytics (usage analytics), Meta/Facebook Pixel (engagement analytics), and Microsoft Clarity (user behavior analytics);

b. To comply with legal obligations, such as court orders or regulatory requirements (Art. 6(1)(c) GDPR).

All data processors are bound by Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR.

As the Data Controller within the meaning of Article 4(7) of the GDPR, Contents Pilot assumes responsibility for decisions regarding the processing of users' Personal Data. Our Data Protection Officer (DPO) can be contacted at: dpo@contentspilot.com

We employ advanced information security technologies, including SSL/TLS encryption, to protect user interactions with our services, in accordance with Article 32 of the GDPR (security of processing). We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. We recommend using updated browsers like Google Chrome, Mozilla Firefox, and Microsoft Edge for better compatibility and security.

To continuously improve the user experience on our website and application, we use the following analytics tools: Google Analytics (traffic and behavior analysis), Facebook Pixel (engagement analytics and advertising), Microsoft Clarity (user experience analytics), and Stripe (payment processing). These tools help us understand how users interact with our services, allowing us to optimize and personalize the experience. Analytical data is collected in a pseudonymized manner and used for analysis and service improvement. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR) for essential analytics and consent (Art. 6(1)(a) GDPR) for marketing cookies.

To provide our services, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through the following providers: Supabase (database and authentication — US), OpenAI (AI processing — US), and Stripe (payments — US/EU). These transfers are carried out in compliance with Chapter V of the GDPR (Articles 44-49), based on: (i) Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of data protection; and (ii) supplementary measures where necessary, such as encryption and access controls. You may request a copy of the relevant SCCs by contacting our Data Protection Officer.

Personal Data will be processed for as long as the user maintains an active account on the platform and during the contractual relationship, in accordance with Article 5(1)(e) of the GDPR (storage limitation). After account closure, data will be retained as follows:

a. Financial and tax data: up to 6 years, as required by applicable tax legislation;

b. Access and registration logs: up to 6 months after account closure;

c. Other personal data: up to 30 days after a deletion request, unless legal retention obligations apply.

After the applicable periods, data will be securely deleted or anonymized.

Contents Pilot is committed to informing users about any significant changes to this Privacy Policy via email notification or a prominent notice on the platform, at least 15 days in advance, ensuring transparency and respect for user rights.

Under the GDPR (Articles 15-22), you have the following rights regarding your personal data:

a. Right of access (Art. 15): Obtain confirmation of whether your data is being processed and access to that data;

b. Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data;

c. Right to erasure / 'right to be forgotten' (Art. 17): Request deletion of your personal data under certain conditions;

d. Right to restriction of processing (Art. 18): Request restriction of processing under certain conditions;

e. Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format;

f. Right to object (Art. 21): Object to processing based on legitimate interest or for direct marketing purposes;

g. Right not to be subject to automated decision-making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects;

h. Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). If you are in the EU, you may contact the supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

To exercise your rights or if you have any questions about this Privacy Policy, please contact us:

Data Protection Officer (DPO): dpo@contentspilot.com

General support: support@contentspilot.com

We will respond to your request without undue delay and in any event within one month of receipt, as required by Article 12(3) of the GDPR.