Note: This Privacy Policy is currently in template form pending external solicitor review (target: post-launch). It is effective as stated above but will be updated once reviewed by independent legal counsel.
Summary: PatchPilot collects only the data necessary to provide patch management services. We do not sell your data. Your endpoint telemetry stays within your organisation's account. You control your data and can request deletion at any time.
PatchPilot Ltd ("PatchPilot", "we", "us") operates the PatchPilot patch management platform at patchpilot.co.uk. We are the data controller for personal data collected through the Service. For questions, contact privacy@patchpilot.co.uk.
Account data: Name, email address, organisation name, billing information, and account preferences provided during registration.
Endpoint telemetry: Device hostnames, operating system names and versions, installed software inventories, patch status, vulnerability data, and security posture information collected by the PatchPilot agent.
Usage data: Log data, IP addresses, browser type, pages visited, and feature usage patterns collected automatically when you use the Service.
Communications: Any messages you send us via support channels or email.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Data is stored on servers located in the United Kingdom and European Economic Area. We use encryption in transit (TLS 1.2+) and at rest, access controls, and regular security reviews to protect your data. API keys and webhook secrets are encrypted using AES-256-GCM before storage.
We retain your data for as long as your account is active. Upon account termination, we will delete your data within 30 days, except where retention is required by law. Anonymised, aggregated analytics data may be retained indefinitely.
We may share data with the following categories of service providers who assist in delivering the Service:
All third-party providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing their service to us.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact privacy@patchpilot.co.uk. We will respond within 30 days.
The Service uses session cookies for authentication and functional cookies to remember your preferences. We do not use third-party tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect your ability to log in.
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before changes take effect. Your continued use of the Service after that date constitutes acceptance.
For privacy questions: privacy@patchpilot.co.uk
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have been violated.