Privacy Policy
This Privacy Policy explains what personal data Newspilot (operated by DataCrab AI, "we", "us") collects, how we use it, and your rights under applicable law including the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar regulations.
Contents
1. Scope & controller
This policy applies to the Newspilot website (newspilot.io) and the Newspilot platform. The data controller is DataCrab AI. You can reach us at privacy@newspilot.io.
2. Personal data we collect
We collect personal data in three contexts:
2.1 Information you give us
- Account & billing: name, work email, company, role, billing address, payment metadata (we never store full card numbers — handled by Stripe).
- Communications: messages you send to hello@newspilot.io, sales@newspilot.io, demo@newspilot.io, or via support.
- Dashboard configuration: the topics, entities, keywords, and recipient lists you set up inside the platform.
2.2 Information collected automatically
- Usage data: pages visited, features used, anonymised session duration, referrer.
- Device data: browser type, operating system, language preference, screen size.
- Network data: IP address (truncated for analytics), approximate geolocation by country.
- Cookies & similar: see our Cookie Policy.
2.3 Information from third parties
- Authentication providers: if you sign in via SSO (Google, Microsoft, or your enterprise SAML/OIDC IdP), we receive name, email, and the data your IdP discloses.
- Public sources: Newspilot ingests publicly available news, social, and broadcast content as the substantive function of the service. No personal data of you, our customer, comes from these sources.
3. How and why we use your data
- To provide the service — authenticate you, run your dashboards, deliver briefings.
- To support you — respond to enquiries, troubleshoot, onboard.
- To bill you — process payments and renewals.
- To improve the platform — aggregated usage analytics, model evaluation. We do not train external models on your private data.
- To communicate with you — product updates, security notices, billing notifications. Marketing communications require explicit opt-in for EU residents.
- To comply with law — respond to lawful requests and protect against fraud or abuse.
4. Legal basis for processing (GDPR)
| Purpose | Lawful basis |
|---|---|
| Account, billing, service delivery | Contract (Art. 6(1)(b)) |
| Support & security communications | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails to EU residents | Consent (Art. 6(1)(a)) |
| Product analytics & improvement | Legitimate interest, balanced against your rights |
| Legal & tax obligations | Legal obligation (Art. 6(1)(c)) |
5. Sharing & sub-processors
We share personal data only with sub-processors we contract to deliver the service. The current list (also available in our DPA):
| Sub-processor | Purpose | Region |
|---|---|---|
| Stripe, Inc. | Payment processing | US · EU |
| Amazon Web Services | Hosting, storage | EU (eu-central-1) · optional US/AZ |
| Cloudflare, Inc. | CDN, DDoS protection | Global edge |
| Postmark | Transactional email | US |
| Plausible Analytics | Privacy-friendly usage analytics | EU |
We do not sell your personal data. We do not share it with advertisers.
6. International transfers
Newspilot is operated from the EU with primary data hosted in eu-central-1 (Frankfurt). Where data is transferred outside the EEA (for example to US sub-processors), we rely on EU Standard Contractual Clauses (2021) and supplementary measures including encryption in transit and at rest.
Enterprise customers can opt into a dedicated EU-only or AZ-residency deployment via contract.
7. Data retention
- Account data: retained while you have an active account. Deleted within 30 days after account closure unless we are required to retain (tax, audit, legal).
- Billing records: 7 years (statutory tax retention).
- Usage analytics: aggregated and anonymised after 26 months.
- Support communications: 3 years from last contact.
8. Security
We use industry-standard technical and organisational measures including TLS 1.3 in transit, AES-256 at rest, customer-data isolation at the database level, principle-of-least-privilege access, mandatory MFA for staff, and audit logging.
Specific compliance certifications and audit reports are available under NDA. Contact security@newspilot.io.
9. Your rights
Under the GDPR and similar laws you have the right to:
- Access a copy of your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Portability — receive your data in a machine-readable format
- Withdraw consent for any processing based on consent
- Lodge a complaint with your local supervisory authority
Email privacy@newspilot.io to exercise any of these rights. We respond within 30 days.
10. Children
Newspilot is a B2B product not intended for anyone under 18. We do not knowingly collect personal data from children.
11. Changes to this policy
We update this policy when our practices change. Material changes are notified by email to account holders at least 30 days before they take effect. The "Last updated" date at the top reflects the latest revision.
12. Contact us
Privacy questions: privacy@newspilot.io
Security disclosures: security@newspilot.io
General contact: hello@newspilot.io