Privacy Policy

1. Introduction

Welcome to AbiPilot. We are operated by Abi Pilot, LLC, a limited liability company formally organized and registered under the laws of the State of Delaware, United States of America (referred to herein as "AbiPilot", "we", "us", or "our").

We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, handle, use, secure, and process personal data when you visit our website (abipilot.com), register an account, utilize our autonomous SaaS platform services, or integrate your third-party productivity calendars (including Google Calendar). It also outlines your privacy rights under applicable jurisdictions, including Delaware corporate statutes, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Google API Compliance & Limited Use Disclosure

AbiPilot supports seamless integrations with third-party tools, including Google Calendar, to help you schedule and synchronize appointments automatically. Our integration with Google APIs is subject to rigorous security and compliance controls.

Our compliance pledge is as follows:

• Limited Use Adherence: AbiPilot’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• No Advertising or Profiling: We do not use, transfer, or share Google Calendar data or Google user data for the purpose of serving advertisements, including personalized, targeted, or retargeted advertising.
• No AI Model Training: We do not use Google Calendar data, event descriptions, or any information retrieved from Google APIs to train, retrain, or fine-tune artificial intelligence, machine learning, or large language models.
• Restricted Transfers: We do not transfer Google user data to third parties unless it is strictly necessary to provide and improve the specific scheduling features of the application, comply with applicable law, or as part of a corporate merger or acquisition, and in all cases, subject to strict confidentiality and Limited Use constraints.

3. Data We Collect

We may collect, store, and process various categories of personal data about you to operate our SaaS platform, depending on your interactions with us:

• Identity Data: First name, last name, business name, and username.
• Contact Data: Billing address, email address, and telephone numbers.
• Financial & Billing Data: Payment details and billing history. Payment processing is handled securely by our third-party payment partner, Stripe, and is subject to standard PCIDSS compliance.
• Google Calendar Integration Data: When you connect your Google Account via the OAuth screen, we collect and store:
  • Your Google OAuth 2.0 access and refresh tokens (securely encrypted).
  • Google Calendar metadata (such as timezone, calendar name, and calendar ID).
  • Event details (event titles, descriptions, start/end dates and times, attendee email addresses, organizer names, and Google Meet video links) required for active synchronization.
• Technical Data: IP address, session details, browser type and version, timezone settings, location data, operating system, and hardware identifiers.
• Communication Data: Inbound and outbound SMS messages, WhatsApp messaging details, and voice calling logs initiated via our integration with telephony gateways (such as Twilio).

4. How We Use Data

We will only process your personal data when authorized by law. Most commonly, we utilize your personal data in the following operational scenarios:

• Performance of Contract: To set up your account, process payments, operate the autonomous AI agents, and deliver the scheduling features of the platform.
• Legitimate Business Interests: To improve our service offerings, debug technical issues, detect and prevent fraud, and enhance the security of the SaaS system.
• Legal Compliance: To comply with statutory legal requirements, tax reporting obligations, or regulatory demands.

5. Google Calendar Integration Details

Integrating your Google Calendar with AbiPilot allows the platform to perform real-time scheduling automation, preventing double bookings and automating calendar scheduling for leads. Below are the precise technical details of this integration:

6. Security and Encryption

We employ robust, enterprise-grade physical, technical, and administrative security measures designed to protect your personal data from accidental loss, disclosure, modification, or unauthorized access:

• Data in Transit: All communication between your browser and our platform is encrypted using standard Secure Sockets Layer (SSL) / Transport Layer Security (TLS/HTTPS) protocols.
• Data at Rest: All sensitive integration credentials, including Google OAuth tokens, API keys, and configuration data, are encrypted at rest using industry-standard Advanced Encryption Standard (AES-256) cryptographic algorithms.
• Infrastructure Security: Our databases and application servers are hosted in secure, world-class virtual private environments provided by Google Cloud Platform (GCP).

7. Data Retention and Deletion

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting obligations.

How to disconnect and delete your integrated Google Data:

1. Dashboard Disconnect: You can disconnect your Google Calendar integration at any time by navigating to your User Profile -> Integrations page in the AbiPilot panel and clicking "Disconnect". This instantly and permanently deletes your Google OAuth access and refresh tokens, as well as all cached integration metadata from our active servers.
2. Google Security Dashboard: You can revoke AbiPilot’s API access externally at any time via the Google Security page at https://myaccount.google.com/permissions.
3. Complete Deletion Request: If you wish to permanently delete your entire account, including all customer records, billing history, and connected integrations, you can submit an explicit deletion request by contacting us at support@abipilot.com. We will process your request within 30 days, in compliance with applicable law.

8. Third-Party Data Sharing

We do not sell, rent, or lease your personal data or Google Calendar data to third-party data brokers, advertisers, or marketing networks. We only share information with trustworthy third-party service providers who help us deliver our SaaS service, under strict contractual privacy obligations:

• Stripe: Secure PCIDSS payment processing and transaction settlement.
• Twilio: SMS delivery, WhatsApp messaging, and voice call dispatch.
• Google Cloud Platform: Secure data hosting and server database architecture.

Important Note: Under no circumstances do we share any Google Calendar or Google API data with payment or telephony gateways (such as Stripe or Twilio).

9. GDPR and CCPA Rights

Depending on your geographic residency, you may possess specific legal rights regarding your personal data:

GDPR (EU and UK Residents):

• Right of Access (request copies of your personal data).
• Right to Rectification (request correction of inaccurate information).
• Right to Erasure (request data deletion, "Right to be Forgotten").
• Right to Portability (request digital transfer of your data).
• Right to Object (object to automated profiling or marketing).

CCPA/CPRA (California Residents):

• Right to Know (request details about categories of data collected and shared).
• Right to Delete (request deletion of personal data).
• Right to Opt-Out (right to opt-out of the "sale" or "sharing" of personal data — note that we do not sell or share your data).
• Right to Non-Discrimination (we will never deny service or charge different prices based on exercising your CCPA rights).

To exercise any of these rights, please email us at legal@abipilot.com.

10. Contact Information

For questions, formal notices, or complaints regarding this Privacy Policy or our privacy practices, please contact our Legal and Data Protection Officer at: