Privacy Policy — RegPilot

RegPilot ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use regpilot.io (the "Platform"), how we use it, who we share it with, and your rights.

Questions? Email us at regpilot@polsia.app.

1 Information We Collect

We collect the minimum data necessary to provide our services:

Data Type	When Collected	Why
Email address	Waitlist signup, subscription checkout	Account creation, subscription management, alerts, transactional emails
Token / contract addresses	Each time you run a trust score check	Perform the safety analysis; used in aggregate to improve scoring models
Wallet addresses	When you set up Wallet Watchdog monitoring	Monitor your wallets for risk events and send alerts
Page views & click events	All site visits	Understand how people use the Platform; improve product
Subscription & payment metadata	Stripe checkout completion	Confirm and manage your subscription tier

We do not collect: passwords (we use magic-link authentication), payment card numbers (handled entirely by Stripe), or any government ID or financial documents.

2 How We Use Your Information

Service delivery — run trust score checks, send Watchdog alerts, manage your subscription.
Transactional emails — subscription confirmations, payment receipts, alert notifications. We do not send unsolicited marketing emails.
Product improvement — aggregate, anonymized analysis of token queries and usage patterns to improve our scoring algorithms.
Security & abuse prevention — detect and block automated abuse, protect our infrastructure, enforce rate limits.
Legal compliance — respond to lawful requests from authorities when required by law.

3 Third-Party Services

RegPilot integrates with the following third-party services to operate:

Service	Purpose	Data Shared
GoPlus Security	Token safety data (honeypot detection, freeze authority, holder analysis)	Token / contract addresses
DEXScreener	Liquidity, volume, and market data for tokens	Token / contract addresses
Stripe	Payment processing and subscription management	Email address, plan selection; card data handled exclusively by Stripe
Google Analytics (GA4)	Aggregate page view and event analytics	Anonymized page views, click events; no PII
Resend / Postmark	Transactional email delivery (alerts, confirmations)	Email address and email content for delivery
Render	Cloud hosting and infrastructure	All application data is stored on Render's infrastructure (US-based)
Neon / PostgreSQL	Database storage	All structured data (emails, subscriptions, Watchdog configurations)

Each third party operates under their own privacy policy and data processing agreements. We encourage you to review their policies if you have concerns about how they handle data.

4 Cookies and localStorage

RegPilot uses browser storage to improve your experience:

localStorage — we store your email address locally in your browser after checkout so the payment activation flow can complete without re-entry. We also store a pseudonymous visitor ID for analytics. This data never leaves your device except as described in this policy.
Session cookies — used for standard web functionality and security.
Google Analytics cookies — GA4 uses cookies to measure page views and events. Data is aggregated and anonymized. You can opt out via Google's opt-out browser add-on.

We do not use advertising cookies, cross-site tracking cookies, or sell data to ad networks.

5 Data Retention

Account data (email, subscription) — retained for the duration of your subscription plus 90 days after cancellation, then deleted or anonymized.
Wallet Watchdog configurations — deleted within 30 days of subscription cancellation.
Token query logs — retained for up to 12 months in aggregate for product improvement, then purged.
Analytics data — aggregated page view data retained for up to 24 months.
Billing records — retained for 7 years as required by financial regulations.

6 Data Security

We take reasonable technical and organizational measures to protect your data:

All data is transmitted over HTTPS/TLS.
Sensitive data (OAuth tokens, credentials) are encrypted at rest using AES-256-GCM.
Passwords are never stored — we use passwordless magic-link authentication.
Database access is restricted to application servers and authorized personnel.

No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact us immediately at regpilot@polsia.app.

7 Your Rights

You have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate or incomplete data.
Deletion — request deletion of your personal data ("right to be forgotten"). We will delete your data within 30 days except where retention is required by law.
Portability — request your data in a machine-readable format.
Objection — object to processing your data for analytics or product improvement purposes.
Withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email regpilot@polsia.app with "Privacy Request" in the subject line. We will respond within 30 days.

8 Children's Privacy

RegPilot is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

9 Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email (for subscribers) or a notice on the Platform at least 14 days before they take effect. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.

The "Last updated" date at the top of this page reflects the most recent version.

10 Contact

For privacy-related questions, requests, or concerns:

Email: regpilot@polsia.app
Website: regpilot.io