Legal

Privacy Policy

Last updated: March 1, 2026

IncidentPilot, Inc. ("IncidentPilot", "we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect information when you use our service.

1. Information we collect

  • Account information. When you sign up, we collect your name, email address, and organization name.
  • Integration data. To provide the service, IncidentPilot receives webhook payloads from Sentry (error events, stack traces, metadata), reads commit and pull request data from GitHub via OAuth, and sends messages to Slack on your behalf. We store only the data necessary to complete investigations.
  • Usage data. We collect anonymized usage metrics such as number of incidents processed, pipeline step durations, and feature usage to improve the product. This data is never linked to individual users.
  • Log data. Our servers automatically record IP addresses, browser type, and pages visited for security and debugging purposes. Logs are retained for 30 days.

2. How we use your information

  • To provide, maintain, and improve the IncidentPilot service.
  • To send transactional communications (incident summaries, account notifications).
  • To respond to support requests and inquiries.
  • To detect and prevent fraud, abuse, or security incidents.
  • We do not sell your data. We do not use your incident data to train AI models without explicit consent.

3. Data sharing

  • Service providers. We share data with trusted third-party providers who help us operate the service (cloud hosting, analytics, email delivery). All providers are bound by data processing agreements.
  • AI inference. Incident context is sent to large language model APIs for root cause analysis. Data sent to AI providers is subject to their data handling policies. We minimize the data sent and do not include personally identifiable information beyond what is present in the original Sentry event.
  • Legal requirements. We may disclose information if required by law or to protect the rights and safety of IncidentPilot, our users, or the public.

4. Data retention

  • Investigation records are retained for 90 days by default, configurable per organization.
  • Account data is retained for the duration of your subscription and deleted within 30 days of account closure upon request.
  • You may request deletion of your data at any time by emailing privacy@incidentpilot.dev.

5. Security

  • Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
  • Access to customer data is restricted to authorized personnel and logged.
  • We undergo regular security reviews and maintain responsible disclosure practices.
  • To report a security vulnerability, contact security@incidentpilot.dev.

6. Your rights

  • Depending on your location, you may have the right to access, correct, or delete your personal data.
  • EU and UK residents have additional rights under GDPR and UK GDPR, including the right to data portability and the right to object to processing.
  • To exercise any of these rights, contact privacy@incidentpilot.dev. We will respond within 30 days.

7. Changes to this policy

  • We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.
  • Continued use of IncidentPilot after the effective date constitutes acceptance of the updated policy.

Questions?

If you have any questions about this Privacy Policy, contact us at privacy@incidentpilot.dev or write to: IncidentPilot, Inc., 340 Pine Street, Suite 800, San Francisco, CA 94104.