Social Pilot
your business social media on auto pilot
Legal

Privacy Policy

Effective date: May 6, 2026

This Privacy Policy explains how Chesapeake Information Systems LLC ("Chesapeake," "we," "us," or "our") collects, uses, shares, and protects information when you use Social Pilot (the "Service") at socialpilot.ai. Social Pilot helps small businesses manage and automate their social media presence with the help of artificial intelligence.

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who We Are

Social Pilot is operated by Chesapeake Information Systems LLC, a limited liability company organized under the laws of Maryland, USA.

Mailing address:
Chesapeake Information Systems LLC
4624 Dillon Pl
Baltimore, MD 21224
United States

Privacy contact: info@chesapeake.biz

2. Information We Collect

2.1 Information you provide directly

  • Account information: name, business name, email address, password (stored hashed), phone number, business address.
  • Business profile: services offered, team member names and bios, photos, logos, brand colors, voice preferences.
  • Content you create: social media posts, captions, replies to reviews, promotional offers, and other content drafted or scheduled through the Service.
  • Payment information: when you subscribe, payment details are collected and processed by our payment processor (Stripe, Inc.). Chesapeake does not store full credit card numbers on our servers.

2.2 Information from connected social media accounts

When you connect Social Pilot to platforms such as Instagram, Facebook, TikTok, Google Business Profile, or Yelp, we receive information those platforms make available, which may include:

  • Account identifiers, usernames, and profile information
  • Page or business location data
  • Posts, comments, mentions, reviews, and engagement metrics (impressions, reach, likes, comments, shares, saves, link clicks)
  • Access tokens that allow us to publish on your behalf

We only request the permissions necessary to provide the features you use. You can disconnect any connected account at any time from the Sources page in your dashboard, which revokes our access tokens.

2.3 Information collected automatically

  • Usage data: features used, pages viewed, actions taken, time spent, and device information.
  • Device and log information: IP address, browser type, operating system, device identifiers, referring URLs, timestamps.
  • Cookies and similar technologies: we use cookies for authentication, preferences, and analytics. See Section 9 for details.
  • Tracked links: when posts include booking or call-to-action links generated by the Service, we record click counts and basic referral data so you can measure performance.

2.4 Information from third-party services

We may receive limited information from analytics providers, payment processors, anti-fraud services, and the social media platforms listed above.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service
  • Generate, schedule, and publish social media content on your behalf using artificial intelligence
  • Monitor and respond to reviews, mentions, and other feedback
  • Process payments and manage your subscription
  • Communicate with you about your account, security alerts, and product updates
  • Personalize the Service, including tailoring content suggestions to your business vertical and brand voice
  • Analyze usage trends to improve our recommendations and post-mix optimization
  • Detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service
  • Comply with legal obligations

4. AI and Automated Processing

Social Pilot uses artificial intelligence (including large language models from Anthropic) to generate content drafts, analyze reviews, suggest reply postures, and recommend strategies. Specifically:

  • Your business profile information and connected-account data may be included in prompts sent to our AI provider to generate personalized content.
  • AI-generated content is presented to you for review and approval before being published, except where you have explicitly enabled auto-publishing for specific content categories.
  • We do not use your content to train foundational AI models. Our AI provider (Anthropic) does not train its models on data submitted by our customers via API by default.
  • You retain ownership of all content created through the Service.

5. How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers: with vendors who help us operate the Service (Supabase for database hosting, Vercel for application hosting, Stripe for payments, Anthropic for AI processing). These providers are bound by confidentiality and data-protection obligations.
  • Connected social platforms: when you publish content or perform actions through connected accounts, we send the necessary data to those platforms.
  • Legal compliance: if required by law, subpoena, court order, or governmental request, or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred subject to standard confidentiality protections.
  • With your consent: for any other purpose disclosed to you at the time we collect the information, with your permission.

6. Data Retention

We retain your information for as long as your account is active and as needed to provide the Service. After you cancel or delete your account:

  • Account and business data: retained for 90 days after cancellation, then permanently deleted from our active systems.
  • OAuth tokens for connected platforms: revoked immediately upon account deletion or disconnection.
  • Backups: may persist for up to 30 additional days before being permanently overwritten.
  • Aggregate or anonymized analytics: may be retained indefinitely.
  • Records required by law: we retain billing and tax-related information as required by applicable law (typically 7 years).

7. Your Rights and Choices

7.1 All users

  • Access and update: view and edit most of your account information directly from the Service.
  • Disconnect platforms: revoke our access to any connected social media account at any time.
  • Delete your account: request account deletion at /data-deletion or by emailing info@chesapeake.biz.
  • Email preferences: opt out of marketing emails using the unsubscribe link in any message. Transactional emails (security alerts, billing) cannot be disabled while your account is active.

7.2 California residents (CCPA / CPRA)

If you reside in California, you have the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of your personal information
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising your rights

We do not sell personal information. To exercise any California right, contact info@chesapeake.biz. We will verify your identity before processing requests.

7.3 EU / UK residents (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten") subject to legal retention obligations
  • Restrict or object to certain processing
  • Data portability — receive your data in a portable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection authority

Legal bases: we process personal data under the following GDPR legal bases: (a) performance of a contract; (b) legitimate interests (improving the Service, security, fraud prevention); (c) consent (for optional features); (d) legal obligation.

International transfers: our servers are located in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses or other approved mechanisms.

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for sensitive fields including OAuth tokens
  • Row-Level Security on our database, isolating each business's data
  • Strict access controls and least-privilege permissions for our staff
  • Regular security reviews and dependency monitoring

No system is completely secure. If we become aware of a data breach affecting your information, we will notify you and applicable regulators as required by law.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: required for login and core functionality.
  • Preference cookies: remember your settings.
  • Analytics cookies: help us understand how the Service is used.

You can control cookies through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly.

10. Children's Privacy

Social Pilot is intended for users 18 years of age or older who are operating a legitimate business. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with information, please contact us at info@chesapeake.biz and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and update the effective date above. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

12. Contact Us

Questions, requests, or complaints about this policy or our privacy practices? Contact:

Chesapeake Information Systems LLC
Attn: Privacy
4624 Dillon Pl
Baltimore, MD 21224
Email: info@chesapeake.biz