Optimize Pilot
◆ TRUST CENTER

Trust at OptimizePilot.

OptimizePilot processes site analytics and competitor data on behalf of marketing teams at funded startups. We take that responsibility seriously. Below is exactly what we do, where data lives, and what protections are in place — including what we're still building.

01Current status

Where we are right now.

OptimizePilot is a young company building toward enterprise-grade security and compliance. Some certifications are in progress. Some controls are operational today. We believe you deserve to know which is which before you trial us, not after.

◉ CURRENTLY OPERATIONAL
  • TLS encryption for all data in transit
  • AWS-hosted infrastructure (us-east-1)
  • MFA enforced on all admin systems
  • Internal network restriction for server access
  • Full audit logs via GitHub review for all code changes
  • Founder/CEO only access to production customer data
◎ IN PROGRESS
  • [YOUR INPUT: SOC 2 Type II audit — scheduled for Q[X] 20XX]
  • [YOUR INPUT: ISO 27001 evaluation — under review]
  • [YOUR INPUT: Penetration test — scheduled with [vendor]]
  • [YOUR INPUT: add other in-progress items]
○ ROADMAP
  • [YOUR INPUT: HIPAA-eligibility — Q4 20XX]
  • [YOUR INPUT: EU data residency — Q[X] 20XX]
  • [YOUR INPUT: FedRAMP path — under evaluation]
  • [YOUR INPUT: add other roadmap items]

If a control isn't on this page, assume we don't have it yet. Ask us anyway — we'd rather have the conversation than have you find out post-purchase.

02Data handling

What we collect. What we don't. Where it lives.

◆ WHAT WE COLLECT
  • Site analytics events (page views, click events, funnel conversions)
  • Page-level metadata (URL structure, element selectors for A/B variants)
  • Competitor public web data (crawled from publicly accessible pages)
◆ WHAT WE DO NOT COLLECT
  • Personally identifiable information (PII)
  • Payment card data
  • Authenticated user content or session recordings
  • Health or sensitive personal data
◆ WHERE DATA IS STORED
  • US-based AWS datacenters (us-east-1 primary)
  • Encryption in transit: TLS
  • Encryption at rest: [YOUR INPUT: confirm method — e.g., AES-256]
  • Retention: [YOUR INPUT: confirm retention policy]
◆ ACCESS CONTROLS
  • Customer data protected internally — Founder/CEO only has full production access
  • MFA enforced on all systems with servers accessible only through internal network
  • Full audit logs maintained — all code changes go through GitHub review
  • [YOUR INPUT: background check policy for staff with data access]
03Sub-processors

The full list.

Every third party that touches customer data, why they touch it, and where they operate. Changes are posted 30 days before taking effect.

PROVIDER
PURPOSE
REGION
Amazon Web Services
Cloud infrastructure, storage, compute
US (us-east-1)
Cloudflare
CDN, DDoS protection, WAF
Global edge
Anthropic
AI inference (Claude models)
US
Stripe
Payment processing
US / EU
Matomo Cloud
Analytics backbone (customer-elected)
EU
Postmark
Transactional email delivery
US
Vercel
Marketing site hosting
Global edge
04Incident response

What happens when something goes wrong.

[YOUR INPUT: describe your incident response process — e.g., who gets notified, in what order, with what timelines. Include: initial acknowledgment SLA, customer notification timeline for confirmed data incidents, and post-incident report commitment.]

Status page: optimizepilot1.statuspage.io

05FAQ

Questions we answer weekly.

Where is our data stored?

All data is hosted and stored in US-based AWS datacenters (us-east-1 primary).

Who has access to our data?

Outside of your team, only OptimizePilot's Founder/CEO has access to customer data. Engineering works from and tests against sample data sets.

What happens to our data if OptimizePilot shuts down?

In the event that OptimizePilot ceases operations, you will be able to download your data during our wind-down period. Upon ceasing operations, all customer data will be permanently deleted.

Can we export our data?

Yes. Full data export is available at any time from the Flight Deck under Settings → Data.

Do you sell or share customer data?

No. We never sell customer data. We aggregate anonymized patterns to improve recommendations across the platform, but we do not share account-specific data with third parties.

Can you complete our security questionnaire (SIG, CAIQ, etc.)?

Yes. Email security@optimizepilot.com with your questionnaire and we'll typically return it within 5 business days.

Do you publish a status page?

Yes — optimizepilot1.statuspage.io. Subscribe to incident and maintenance notifications via email or RSS.

SECURITY QUESTIONS
security@optimizepilot.com
VULNERABILITY DISCLOSURE
vulnerabilities@optimizepilot.com
◉ SECURITY QUESTIONS

Have a security questionnaire? We'll return it in 5 days.

Email security@optimizepilot.com. We'd rather answer your questions before purchase than have you find out post-purchase.

Book a 15-min stack audit →