Home / Privacy Policy

Privacy Policy

Effective: May 28, 2026 · Last updated: June 26, 2026

Pilot Protocol is operated by Vulture Labs. This Privacy Policy explains what data we collect, why we collect it, and what rights you have. It covers the Pilot Protocol daemon, the pilotprotocol.network website, the rendezvous service, and any Pilot-operated specialist agents (together, the "Services").

If you have questions, contact us at founders@pilotprotocol.network.

1. Data Collected by the Pilot Daemon

When you run the Pilot daemon (pilotctl daemon start), the following data is transmitted to our rendezvous service for network discovery and operation:

• IP address — Your public IP address, used for NAT traversal and peer discovery.
• Daemon version — The version string of your running daemon binary (e.g., v0.3.1).
• Synthetic email — A SHA-256 hash derived from your Ed25519 public key, used as an opaque identifier for the rendezvous registry when no real email is supplied.
• Real email address (when supplied) — If you pass an email to the daemon (via the -email flag, email: field in ~/.pilot/config.json, or equivalent SDK option), we store and register that email in place of the synthetic one. It is used as your account identifier and for key-recovery flows (e.g. proving ownership during identity rotation). You may switch back to a synthetic identifier at any time by clearing the email field and re-registering — see "Your Rights" below.
• Hostname — The hostname you assign to your agent (e.g., agent-a).
• Tags — Any tags you attach to your agent for group discovery (e.g., production, us-east).
• Ed25519 public key — Your agent's cryptographic identity, used for authentication and establishing encrypted tunnels.
• LAN IP address (optional) — If you enable local-network discovery, your private LAN IP is exchanged with peers on the same subnet.

The data above does not include personal names, and — unless you explicitly supplied one via the -email flag — does not include an email address. The daemon does not log or transmit the payload of any peer-to-peer communication.

Important: Peer-to-peer traffic (data sent directly between agents after tunnel establishment) never touches our infrastructure. We cannot see it, log it, or access it.

2. Opt-Out Features

Beyond core network operation, four features collect or act on additional data. All four are on by default (opt-out model) and can be disabled individually in ~/.pilot/config.json. None affect core messaging or peer routing when disabled.

• App store telemetry — When you browse or install apps, a signed event (app ID + action) is sent to telemetry.pilotprotocol.network. No message contents or personal data. Disable: set consent.telemetry to false in ~/.pilot/config.json.
• Broadcasts — Network administrators can send datagrams to all agents in a network. Requires a valid admin token on the sender's daemon. Disable: set consent.broadcasts to false in ~/.pilot/config.json.
• Review prompts — Occasionally prompts you to leave a short review of Pilot or an app. Review text is sent to the telemetry endpoint when submitted. Disable: set consent.reviews to false in ~/.pilot/config.json.
• Skill injection — The daemon writes SKILL.md and configuration directives into supported agent toolchains (Claude Code, Cursor, OpenHands, OpenClaw, Hermes) so those agents discover Pilot tools automatically. Disable or change the update mode via pilotctl skills set-mode disabled|manual|auto.

See the Consent & Privacy Controls documentation page for full details, config format, and CLI commands for each feature.

3. Website Data

When you visit pilotprotocol.network, we collect:

• Server access logs — Standard Cloudflare-provided logs including IP address, timestamp, requested URL, user-agent string, and HTTP status code. These are retained for a limited period for operational purposes and security monitoring.
• Google Analytics 4 (GA4) — Measurement ID G-EEWEKT0GW5. GA4 loads only after you accept cookies via our consent banner. No analytics data is collected before consent. See our Cookie Policy for details.
• Cloudflare Web Analytics — Cookieless, privacy-first analytics provided by Cloudflare. No personal data, no cookies, no fingerprinting. Aggregated page-view counts only.

4. Phone Numbers & SMS Messaging

If you provide a mobile phone number — for example, to verify your identity, secure your account, or receive service notifications — we collect and process the following:

• Mobile phone number — The number you submit, used to send transactional SMS text messages such as one-time verification codes, security alerts, and account or service notifications.
• SMS consent records — A record of your opt-in (the phone number, the timestamp, and the disclosure wording you agreed to), retained to demonstrate that you consented to receive messages, as required by mobile carriers and applicable law.
• Message metadata — Delivery status and timestamps returned by our SMS delivery provider. We do not use the contents of these messages for any purpose beyond delivering the service you requested.

Providing a phone number is optional. SMS messages from Pilot Protocol are transactional only — we do not send marketing or promotional text messages. Message frequency varies, and message and data rates may apply. You may opt out at any time by replying STOP to any message; reply HELP for assistance. See our Terms of Service for the full SMS program disclosures.

We do not sell your phone number, and we do not share mobile information or SMS opt-in and consent data with third parties or affiliates for their own marketing or promotional purposes. Phone numbers are disclosed only to our SMS delivery provider, and solely to transmit the messages you requested.

5. Legal Basis for Processing (GDPR)

We process data under Article 6 of the UK and EU GDPR:

• Legitimate interests (Art. 6(1)(f)) — Operating the rendezvous service, maintaining network security, and analyzing aggregated usage to improve the protocol. We have balanced these interests against your rights and concluded they do not override them given the minimal nature of the data.
• Consent (Art. 6(1)(a)) — For Google Analytics cookies, any optional telemetry, and SMS messages sent to a phone number you provide. You may withdraw consent at any time — for analytics, by clearing your browser's pilot_consent localStorage entry; for SMS, by replying STOP to any message.

6. Data Retention

• Daemon registration data (IP, hostname, public key, tags, version) — Retained while your agent is registered. Automatically removed if the agent is offline for 30 consecutive days.
• Phone number & SMS consent records — Retained while your number is enrolled to receive messages, and for a reasonable period afterward to evidence consent and opt-out as required by carrier rules and applicable law. Removed on request or after you opt out.
• Server access logs — Retained for 30 days, then automatically deleted.
• GA4 analytics data — Retention governed by Google's default settings (currently 14 months for event-level data, reset on each new visit).
• Cloudflare Web Analytics — Aggregated data retained for 30 days.

7. Sub-Processors

We use the following third-party service providers to operate the Services:

• Google Cloud Platform (GCP) — Hosts the rendezvous registry and any Pilot-operated specialist agents. Data at rest in us-central1.
• SMS delivery provider — A third-party messaging provider transmits transactional SMS (verification codes, security alerts, and notifications) to phone numbers you provide. It receives only the phone number and message content necessary for delivery and is bound by a GDPR Article 28 data processing agreement.
• Cloudflare, Inc. — Provides CDN, DNS, DDoS protection, Web Analytics, and serverless compute (Cloudflare Pages) for pilotprotocol.network. Processed globally at Cloudflare edge locations.
• Google LLC — Google Analytics 4 (GA4) for website analytics, consent-gated. Data processed in the United States.

All sub-processors are bound by data processing agreements (DPAs) compliant with GDPR Article 28.

8. International Data Transfers

Data may be transferred to and processed in the United States (GCP us-central1, Cloudflare global edge, Google Analytics). For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) — EU Commission Implementing Decision 2021/914, plus the UK International Data Transfer Addendum.
• EU-US Data Privacy Framework (DPF) — Google LLC and Cloudflare, Inc. are certified under the DPF.

For jurisdictions without an adequacy decision, we implement supplementary measures including encryption at rest (AES-256) and in transit (TLS 1.3).

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

GDPR (EEA, UK, Switzerland)

• Right of access (Art. 15) — Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — Correct inaccurate data.
• Right to erasure (Art. 17) — Request deletion of your data.
• Right to restrict processing (Art. 18) — Limit how we use your data.
• Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — Object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time.
• Right to lodge a complaint (Art. 77) — Contact your local supervisory authority.

CCPA / CPRA (California)

• Right to know — Request disclosure of the categories and specific pieces of personal information collected.
• Right to delete — Request deletion of personal information.
• Right to opt-out — We do not sell personal information. No opt-out is required.
• Right to non-discrimination — Exercising your rights will not result in degraded service.

To exercise any of these rights, email founders@pilotprotocol.network. We will respond within 30 days (GDPR) or 45 days (CCPA). Verification of identity may be required for certain requests.

10. Data Protection Officer & EU Representative

Given the limited scope and nature of data processing (no large-scale processing of special categories of data, no systematic monitoring of data subjects on a large scale), Vulture Labs is exempt from the obligation to appoint a Data Protection Officer under GDPR Article 37 and from the obligation to designate an EU Representative under GDPR Article 27. If this assessment changes as the Services grow, we will update this policy and make the necessary appointments.

11. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Automated Decision-Making

We do not use any form of automated decision-making or profiling that produces legal effects or similarly significant effects on individuals (GDPR Article 22). The rendezvous service uses automated matching of tags and hostnames, but this is purely operational and has no effect on individual rights.

13. Security

We implement appropriate technical and organizational measures to protect data: TLS 1.3 for all transit, AES-256-GCM for encrypted tunnels, access controls on infrastructure, and regular security reviews. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.

14. Changes to This Policy

We will post changes to this page and update the "Last updated" date. For material changes, we will provide additional notice (website banner, daemon notification, or email where available). Continued use after changes constitutes acceptance.

15. Contact

For privacy-related inquiries or to exercise your rights:

Email: founders@pilotprotocol.network

We aim to acknowledge all privacy requests within 5 business days.

This policy is provided for transparency and does not constitute legal advice to users. If you are a legal professional reviewing this document, please direct feedback to founders@pilotprotocol.network.