Privacy Policy

Last updated: February 2026

BinPilot ("BinPilot", "we", "us") is operated by FOP Shostkevych Oleh (individual entrepreneur), registered in Ukraine. We are the data controller responsible for your personal data.

This Privacy Policy explains how we collect, use, store, and share information when you use our applications, websites, and related services ("Services"). For privacy-related inquiries, contact us at [email protected].

BinPilot is an inventory and organization platform, not a medical, legal, or professional advisory service.

1. Scope of This Policy

This Privacy Policy applies to all users of BinPilot worldwide, including users in the United States, Canada, European Union, United Kingdom, and other regions where the Services are available.

2. Data We Collect

2.1 Data You Provide

  • Account information (email address, authentication data)
  • Inventory data you create (item names, descriptions, quantities, locations, categories, tags)
  • Photos and images you upload
  • Optional notes or metadata you add

2.2 Automatically Collected Data

  • Device and app data (device type, OS, app version, language)
  • Usage and diagnostic data (feature usage, crashes, performance)
  • Approximate region (country/language inferred from browser settings)

We do not collect precise GPS location data.

3. Photos and Uploaded Content

When you upload photos or other content:

  • Content is stored securely
  • Content may be processed to extract item information
  • Original content is never sold or used for advertising

You are responsible for ensuring you have the right to upload and process any content you provide.

4. Pilot Intelligence & AI Processing

BinPilot uses automated features branded as Pilot Intelligence, which may rely on third-party AI service providers, including OpenAI.

How AI is used:

  • Item recognition and classification
  • Category and description suggestions
  • Organizational assistance
  • Answering questions about your inventory based on your stored data (retrieval-augmented generation)

AI safeguards:

  • Only data required for a requested feature is processed
  • Data is not used to train AI models. This is contractually guaranteed under our data processing agreement with OpenAI.
  • User data is pseudonymized before being sent to AI providers — the AI does not receive your account identity or personal identifiers
  • AI processing is limited, scoped, and purpose-bound
  • We do not sell AI-processed data

AI limitations:

AI-generated output may be incomplete, inaccurate, or outdated. You remain responsible for reviewing and verifying AI-generated content before relying on it.

5. Automated Decision-Making & Profiling

BinPilot uses AI for item classification, categorization, and suggestions through its Pilot Intelligence features. These AI features are assistive only and do not produce decisions that have legal or similarly significant effects on you within the meaning of GDPR Article 22.

All AI-generated output is presented as suggestions. You can always review, override, edit, or discard any AI output. No automated decision is made without the opportunity for human review.

6. Medical, Health & Safety Disclaimer

BinPilot and its Pilot Intelligence features do not provide medical, pharmaceutical, or professional healthcare advice.

Any information, categorization, reminders, or suggestions related to medications, supplements, medical supplies, or health-related items are provided for organizational and informational purposes only.

AI-generated recommendations must never be treated as a substitute for advice from a licensed physician, pharmacist, or other qualified healthcare professional.

BinPilot cannot account for individual medical history, allergies, dosage requirements, or drug interactions and disclaims all liability for decisions made based on health-related information generated by the Services.

7. How We Use Data

We process personal data only to:

  • Provide and operate the Services
  • Enable Pilot Intelligence features
  • Sync inventory across devices
  • Improve reliability, security, and performance
  • Provide user support
  • Comply with legal obligations

8. Legal Bases for Processing (EU/UK)

For users in the EU/EEA/UK, we process data under the following legal bases:

  • Performance of a contract
  • Legitimate interests (security, service improvement)
  • Consent (where required)
  • Legal obligation

9. Data Sharing & Sub-Processors

We share data only when necessary and only with trusted processors:

  • Cloud infrastructure: Supabase (database, storage, authentication)
  • AI processing: OpenAI (item recognition, Pilot Intelligence features)
  • Payments: Paddle, Apple, Google (subscription billing)
  • Analytics: Microsoft Clarity (session heatmaps and behavior insights)
  • Legal authorities when required by law

We do not sell personal data.

10. International Data Transfers

BinPilot operates globally. Your data may be transferred to and processed in countries outside your country of residence, including:

  • United States — OpenAI (AI processing)
  • European Union — Supabase (database and storage)

Appropriate safeguards are in place for these transfers, including Standard Contractual Clauses (SCCs) or equivalent protections recognized under applicable law. You can request a copy of these safeguards by contacting [email protected].

11. EU/UK Representative

As we are established outside the EU/EEA, we are in the process of appointing an EU representative under GDPR Article 27. In the meantime, please direct any inquiries to [email protected].

12. Data Retention

  • Account data is retained while your account is active
  • Deleted accounts and associated data are permanently removed within 30 days, except where retention is required by law
  • Backups are rotated and securely deleted on a regular cycle
  • AI processing data is transient and not persisted beyond the immediate request

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
  • Where the breach is likely to result in a high risk to your rights, we will notify affected users without undue delay
  • For users in Canada, we will report breaches to the Office of the Privacy Commissioner of Canada and notify affected individuals as required under PIPEDA
  • Notifications will include the nature of the breach, likely consequences, and measures taken or proposed to address it

14. Your Rights

Depending on your location, you have specific rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

14.1 European Union / United Kingdom (GDPR)

If you are in the EU/EEA or UK, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability — receive your data in a structured, commonly used, machine-readable format
  • Object to processing based on legitimate interests, including profiling
  • Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal
  • Lodge a complaint with your local data protection supervisory authority

14.2 United States — California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of your personal information
  • Non-discrimination — you will not receive discriminatory treatment for exercising your privacy rights

14.3 Canada (PIPEDA)

If you are in Canada, you have the right to:

  • Access your personal information held by us
  • Correct inaccurate or incomplete personal information
  • Challenge compliance — file a complaint with us or the Office of the Privacy Commissioner of Canada if you believe we are not complying with PIPEDA

15. Do Not Sell or Share My Personal Information

BinPilot does not sell your personal information. We also do not share your personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA/CPRA).

If you wish to exercise your right to opt out or have questions about our data sharing practices, contact us at [email protected].

16. User Responsibilities

You are responsible for:

  • The accuracy of content you upload
  • Ensuring uploaded content does not violate laws or third-party rights
  • Reviewing AI-generated output before acting on it

17. Service Availability & Data Loss

The Services are provided "as is" and "as available." We do not guarantee uninterrupted operation or error-free performance.

While we take reasonable security measures, BinPilot is not responsible for accidental loss, corruption, or deletion of user data, except where required by law.

18. Children's Privacy

BinPilot is not intended for children under 13 (or under 16 where applicable). We do not knowingly collect data from children. If we become aware that we have collected personal data from a child, we will delete the account and associated data promptly.

19. Cookies & Tracking

Our website uses essential cookies required for the Services to function (e.g. authentication, language preferences).

We use Microsoft Clarity for session heatmaps and behavior insights to improve the user experience. Clarity may record mouse movements, clicks, and scrolling activity. No personally identifiable information is collected by Clarity.

Analytics tools are only activated after you accept cookies via our cookie banner. We do not use third-party advertising trackers or sell data to advertisers.

You can change your cookie preferences at any time using the cookie settings link in the footer of our website. If you opt out, analytics cookies will be disabled and your browsing will not be tracked.

20. Legal Compliance

We may access, preserve, or disclose information if required to:

  • Comply with legal obligations
  • Enforce policies and agreements
  • Protect the rights, safety, or property of BinPilot or others

21. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email.

22. Contact

For privacy questions or requests:

Data Controller: FOP Shostkevych Oleh, Ukraine

Email: [email protected]