Privacy Policy

Last updated: March 2026

This privacy policy explains how NOVELDO AI GmbH (“we”, “us”, “our”) collects, uses, and protects your personal data when you use PILOT and our website at withpilot.ai. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR/DSGVO).

1. Controller

NOVELDO AI GmbH
Munich, Germany
Email: sebastian@schieke.de

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, and company information you provide during registration.
  • Usage data: Information about how you interact with PILOT, including voice inputs, email content (when you connect your accounts), and task data.
  • Technical data: IP address, browser type, device information, and cookies necessary for the service to function.
  • Communication data: Messages you send us via contact forms or email.

3. How We Use Your Data

We process your data for the following purposes:

  • Providing and operating the PILOT service
  • Generating your daily briefings, voice transcriptions, and email triage
  • Building and maintaining your personal knowledge graph
  • Improving our service and developing new features
  • Communicating with you about your account and the service
  • Complying with legal obligations

4. Legal Basis

We process your personal data based on: (a) performance of our contract with you (Art. 6(1)(b) GDPR), (b) your consent where applicable (Art. 6(1)(a) GDPR), (c) our legitimate interests in improving and marketing our services (Art. 6(1)(f) GDPR), and (d) compliance with legal obligations (Art. 6(1)(c) GDPR).

5. Data Hosting and Storage

All data is hosted on Microsoft Azure infrastructure within the European Union (Azure Europe regions). We guarantee EU data residency for all customer data. Your data never leaves the EU unless you explicitly request an integration that requires it.

6. Third-Party Services

We use the following third-party services to deliver PILOT:

  • Anthropic — AI processing for briefings, triage, and knowledge management. Data is processed under a data processing agreement.
  • ElevenLabs — Voice synthesis for audio briefings and voice interactions.
  • Microsoft Graph — Email and calendar integration (only when you connect your Microsoft account).
  • Vercel — Website hosting.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the service. When you delete your account, we remove your personal data within 30 days, except where we are required to retain it for legal purposes.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to the processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at sebastian@schieke.de.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security reviews.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through the service. The latest version is always available on this page.

Contact

If you have questions about this privacy policy or our data practices, contact us at:
sebastian@schieke.de