Privacy Policy
Last updated: 15 May 2025
This Policy explains what we collect, why, and how you control it.
1. Data We Collect
| Type | Details | Purpose |
|---|---|---|
| Account Data | • Slack email address (required) | Create & authenticate your account |
| • Slack auth token | Login security | |
| Schedule Data | • Presence schedule you design | To send “active” heartbeats at the right times |
| Usage Logs | • Timestamped API pings & status codes | Debugging, abuse prevention |
No messages, files, channels, or workspace metadata are ever stored.
2. How We Use Your Data
- Provide the Service
- Improve & secure – monitor uptime, prevent fraud, detect abuse.
- Communicate – send service notices, receipts, or critical updates.
We do not sell or rent data. We do not use data for advertising.
3. Legal Bases (GDPR)
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract (Art. 6 (1)(b)) |
| Improving security | Legitimate Interests (Art. 6 (1)(f)) |
| Billing | Contract |
| Legal compliance | Legal Obligation (Art. 6 (1)(c)) |
4. Your Rights
- Access – Know what we hold.
- Rectification – Fix inaccuracies.
- Erasure – Delete your data (“right to be forgotten”).
Email [email protected] to exercise any right. We answer within 30 days.
5. Security Measures
- AES-256 encryption at rest, TLS 1.3 in transit.
- Principle of least privilege across infrastructure.
No method is 100 % secure, but we strive for industry best practice.
6. Children
Idle Pilot is not directed to children under 15. We do not knowingly collect data from minors. If you believe a child has provided data, contact us for deletion.
7. International Transfers
Servers are in the United States (AWS us-east-1).
If you access the Service from outside the U.S., you consent to transferring your data to the U.S. and the application of U.S. privacy laws, supplemented by Standard Contractual Clauses where required.
8. Third-Party Processors
| Processor | Purpose | Safeguards |
|---|---|---|
| Slack | Receives presence API calls | OAuth 2.0 tokens (user-scoped) |
| Stripe | Payment processing | PCI-DSS Level 1 |
| AWS | Hosting & backups | ISO 27001, SOC 2 |
We sign DPAs with all processors.
9. Cookies & Tracking
We use only essential cookies (session token, CSRF protection). No analytics, ads, or cross-site tracking.
10. Changes to This Policy
We will post any changes here and email the address on file at least 30 days before they take effect.
11. Contact
Idle Pilot Privacy Team
[email protected]