SlipPilot

Privacy Policy

Last updated: March 15, 2026

1. Who We Are

SlipPilot LLC (“SlipPilot,” “we,” “us,” or “our”) operates the SlipPilot web application. This policy explains what data we collect, why we collect it, and how we protect it.

2. Data We Collect

Account data

When you create an account we collect your email address. During onboarding you may optionally provide your business name, phone number, trade type, and license number. These appear on your estimates and invoices.

Customer data

You enter your customers' names, contact information, and job addresses. This data is stored securely and used only to generate estimates and invoices on your behalf.

Signature data

When a customer signs an estimate we capture their drawn signature (as image data), their typed name, IP address, browser user-agent, and a UTC timestamp. This information is stored to provide a legal audit trail.

Usage data

We log server-side events (estimate created, invoice sent, etc.) using structured logs. Logs never contain passwords, tokens, payment card numbers, or customer emails.

3. How We Use Your Data

  • To provide and maintain the Service
  • To generate PDF estimates and invoices
  • To send invoice emails to your customers on your behalf
  • To authenticate you securely
  • To troubleshoot errors and improve reliability
  • To send transactional emails (invoice delivery, receipts)

We do not sell your data or your customers' data. We do not use your data for advertising.

4. Third-Party Services

We share data with the following third parties only as necessary to operate the Service:

  • Supabase — database and file storage. Your data is stored in Supabase's EU or US data centers with row-level security enabled.
  • Stripe — payment processing. We pass invoice amounts to Stripe to generate payment links. We never store full card numbers.
  • Resend — transactional email delivery. Invoice emails are sent via Resend. They process customer email addresses solely for delivery.
  • OpenAI — AI line item suggestions. Query text (trade type + job description) is sent to OpenAI. No customer PII is included in these requests.

5. Data Retention

We retain your account data for as long as your account is active. Upon account deletion or subscription cancellation, data is retained for 30 days and then permanently deleted. Logs are retained for 90 days.

6. Security

All data is transmitted over HTTPS. Sensitive data at rest is encrypted using AES-256. We enforce row-level security policies so that contractors can only access their own data. API keys and secrets are stored only as environment variables and are never exposed to the browser.

7. Your Rights

Depending on your jurisdiction you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email privacy@slippilot.app. We will respond within 30 days.

8. Cookies

We use cookies solely for session authentication (Supabase auth tokens). We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Privacy questions or requests? Email privacy@slippilot.app.