Start free

Legal

Privacy Policy

Last updated: May 22, 2026

1. Who we are

AffiliPilot (“we,” “our,” or “us”) provides affiliate intelligence and link monitoring tools for publishers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the “Service”).

2. Information we collect

2.1 Information you provide

  • Account data: email address, full name, and authentication credentials when you create an account via email or Google OAuth.
  • Payment data: billing information is processed entirely by Lemon Squeezy, our payment processor. We do not store credit card numbers or sensitive payment details on our servers.
  • Content data: affiliate links you submit for monitoring, content brief preferences, and any information you provide through our tools.
  • Communications: emails you send to us, support requests, and survey responses.

2.2 Information collected automatically

  • Usage data: pages visited, time spent on pages, referral sources, and navigation patterns. This is collected via Plausible Analytics (privacy-first, no cookies) and optionally Google Analytics 4.
  • Device data: browser type, operating system, device type, and approximate location derived from IP address (country-level only).
  • Authentication logs: sign-in timestamps, IP addresses, and provider used (email or Google), managed by Supabase Auth.

3. How we use your information

  • To provide, maintain, and improve the Service
  • To monitor your affiliate links and send alerts about broken links, offer changes, or revenue risk
  • To process your subscription and manage your account
  • To send administrative emails (billing notices, security alerts, product updates)
  • To send weekly digest emails with link health summaries and content briefs (you may opt out)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

4. Legal bases for processing (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases:

  • Contractual necessity: processing required to provide the Service you signed up for.
  • Legitimate interests: improving the Service, securing our platform, and sending relevant product communications.
  • Consent: where required, such as for marketing emails or analytics cookies.

5. Data sharing and third parties

We share data only with the following service providers, all of whom are contractually bound to protect your data:

  • Supabase: database hosting, authentication, and file storage. Supabase stores your account credentials, monitored links, and content data. Supabase Privacy Policy.
  • Lemon Squeezy: payment processing and subscription management. Lemon Squeezy handles all payment card data. Lemon Squeezy Privacy Policy.
  • Google: if you sign in via Google OAuth, Google processes your authentication. If GA4 is enabled, Google processes analytics data.
  • Plausible Analytics: privacy-focused analytics with no personal data collection and no cookies. Plausible Privacy Policy.
  • Resend: transactional and marketing email delivery.

We do not sell, rent, or trade your personal data. We do not share your data with third parties for their own marketing purposes.

6. Data retention

  • Account data: retained for the life of your account plus 90 days after deletion, unless required longer by law.
  • Monitored links and alerts: retained for the life of your account.
  • Analytics data: anonymized usage data is retained indefinitely in aggregate form.
  • Payment records: retained for 7 years per tax and accounting requirements.

7. Data security

We implement appropriate technical and organizational measures including encryption in transit (TLS), encryption at rest (Supabase-managed), row-level security (RLS) on all database tables, and least-privilege access controls. Authentication is handled by Supabase Auth with industry-standard practices including bcrypt password hashing and OAuth 2.0 for Google sign-in.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data (“right to be forgotten”).
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at privacy@affilipilot.io. We will respond within 30 days.

9. Cookies

AffiliPilot uses only essential cookies required for authentication (managed by Supabase Auth) and session management. Our primary analytics provider, Plausible, does not use cookies. If Google Analytics 4 is enabled, it may set cookies per Google’s policies.

You can disable cookies in your browser settings, though this may affect your ability to sign in.

10. Children’s privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. International transfers

Our service providers (Supabase, Lemon Squeezy) operate data centers in the United States and the European Union. Where data is transferred internationally, we rely on standard contractual clauses and adequacy decisions as appropriate.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. The “Last updated” date at the top reflects the most recent revision.

13. Contact us

For privacy-related inquiries, contact our data protection team at privacy@affilipilot.io.