Privacy Policy
1. Data Controller
The data controller is SYSTANA LLC, Identification Code: 405378342, located at Krtsanisi Str. 22/24 D 45, Tbilisi, Georgia.
Contact: [email protected]
2. What Data We Collect
We follow the principle of data minimization. We collect only what is strictly necessary to provide and operate ShellPilot.
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account activation, license management, product communication | Until account deletion |
| Subscription status | License validation, feature access | Duration of subscription + 30 days |
| Device identifiers (hashed) | Device management (3-device limit) | Until device deactivation |
| Payment information | Transaction processing | Managed by FastSpring (Merchant of Record) |
3. What We Do NOT Collect or Store
We do not collect, store, log, or retain any of the following:
- Chat conversations or message content
- Generated scripts or code
- Script execution output or results
- Credentials, passwords, or secure strings
- Files, documents, or data from your local system
- System configuration, network topology, or environment details
- Screenshots or images sent to the AI
- IP addresses (beyond what is technically necessary for the connection)
4. AI Data Processing
ShellPilot is designed with a strict separation between AI communication and local execution. By default, only the text you type in the chat is sent to the AI processing service. This typically consists of task descriptions, questions, and error messages — none of which contain personal data.
The AI does not automatically access, read, or transmit any local data. Additional data (script output, screenshots, files) is only sent if you explicitly choose to do so via a deliberate action.
The following is never sent to any external service, regardless of user action: credentials, passwords, secure strings, session state, environment variables, system configuration, or network topology.
Since normal usage does not involve personal data, ShellPilot is GDPR-compliant in both Cloud AI and Local AI mode.
Chat messages are processed in real-time and are not stored on our servers. No conversation history is retained.
4.1 Cloud AI Mode
Chat text is routed through our proxy to an external AI processing service. The proxy performs authentication and rate limiting only — it does not log, store, or inspect message content.
4.2 Local AI Mode (coming Q1 2026)
All AI processing occurs on your own infrastructure using a locally hosted language model. No prompts, scripts, data, or any content leaves your network. The only external communication is a license validation heartbeat sent to our server once every 24 hours, containing only your license identifier and device hash.
5. Your Responsibility for Data Sent to AI
You control what data is sent to the AI. ShellPilot is designed to work without personal data — its purpose is script generation and error troubleshooting.
If you choose to send additional data (script output, screenshots, file contents), you do so via explicit action. If any of that data contains personal or regulated information, you are responsible for ensuring compliance with applicable data protection regulations.
We do not use any tracking or analytics services. No usage profiles are created.
6. Payment Processing
All payment processing is handled by FastSpring, our Merchant of Record. FastSpring collects and processes payment information (credit card details, billing address, etc.) in accordance with their privacy policy. We never receive or store your payment card details.
See: FastSpring Privacy Policy
7. Legal Basis for Processing (GDPR)
We process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Email address and subscription data are necessary to provide the product and manage your license.
- Legitimate interest (Art. 6(1)(f) GDPR): Device identifiers are necessary for license enforcement and abuse prevention.
- Consent (Art. 6(1)(a) GDPR): Marketing communications, if applicable, are sent only with your explicit consent.
8. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with similar data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Categories of Service Providers
To provide ShellPilot, we engage the following categories of service providers:
- AI processing services: Process chat messages for script generation (Cloud AI Mode only)
- Payment processing: FastSpring handles all payment transactions as Merchant of Record
- Email delivery services: Deliver activation codes and account-related notifications
- Cloud hosting: Infrastructure for our proxy and licensing services
A detailed list of specific service providers is available upon request by contacting [email protected].
10. Data Transfers
In Cloud AI Mode, chat messages may be processed by services located outside the EEA. These transfers are necessary for the core functionality of the product. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.
In Local AI Mode, no data is transferred outside your infrastructure.
11. Cookies and Website Analytics
Our website (shellpilot.app) uses only technically necessary cookies. We do not use third-party tracking, analytics tools, or advertising cookies. No user behavior profiling takes place on our website.
12. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted communication (TLS) for all data in transit
- Mutual authentication between client and proxy
- No persistent storage of chat content or scripts
- Server-side enforcement of rate limits and access controls
- Hashed device identifiers (no plain-text hardware information stored)
13. Children
ShellPilot is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us for immediate deletion.
14. Data Deletion
Upon cancellation of your subscription, we delete your account data (email address, device identifiers, subscription status) within 30 days. No chat data needs to be deleted because it is never stored in the first place.
To request deletion of your data at any time, contact [email protected].
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the product. The "Last updated" date at the top of this page indicates the most recent revision.
16. Contact
For privacy-related inquiries:
SYSTANA LLC
Krtsanisi Str. 22/24 D 45
Tbilisi, Georgia
Email: [email protected]
For payment-related privacy inquiries, contact FastSpring directly at FastSpring Support.