← Back to SketchPilot

Privacy Policy

Last updated: April 4, 2026

At SketchPilot, we are committed to protecting your privacy and ensuring the security of your personal information. As a European company, we adhere to the highest standards of data protection under the General Data Protection Regulation (GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, and safeguard your data when you use our AI-powered diagramming platform.

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide when you:

  • Create an account via Google or Microsoft OAuth
  • Subscribe to a paid plan
  • Contact us for support or inquiries

This information may include:

  • Name, email address, and profile picture (from your OAuth provider)
  • Payment information (processed securely through Stripe)
  • Account preferences

1.2 Usage Data

We automatically collect certain information when you use our platform:

  • Token usage counts for rate limiting and billing
  • Feature usage patterns (e.g., diagram types created)
  • Anonymous session identifiers

1.3 Speech and Transcript Data

When you use SketchPilot's voice features:

  • Browser speech recognition — audio is processed locally by your browser's speech recognition engine. We receive only the transcribed text, never audio recordings.
  • Microsoft Teams meetings — when you enable the Listen feature in Teams, we receive transcript text via the Microsoft Graph API. Transcripts are processed in real-time and not stored after the meeting ends.

1.4 Diagrams

Diagrams you create and save are stored in our database. Diagrams created without signing in are associated with an anonymous session that expires after 90 days of inactivity.

2. How We Use Your Information

2.1 Service Provision

  • Process speech and transcript text through AI models to generate diagram operations
  • Store and retrieve your saved diagrams
  • Authenticate users and maintain account security
  • Process payments and manage subscriptions

2.2 Service Improvement

  • Monitor system performance and troubleshoot issues
  • Analyze aggregated usage patterns to improve the platform

2.3 Communication

  • Send important service updates and security notifications
  • Provide customer support

3. Data Security and Protection

3.1 Security Measures

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all data transmission
  • Secure cloud infrastructure on Microsoft Azure (EU region)
  • JWT-based authentication with short-lived access tokens
  • Rate limiting to prevent abuse

3.2 Data Processing Location

Your data is primarily processed on secure cloud servers located in the European Union. AI processing occurs via Anthropic's API, which may process data in the United States under appropriate safeguards.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

  • Anthropic — transcript and speech text is sent to Anthropic's Claude API for AI processing. See Anthropic's Privacy Policy.
  • Stripe — payment processing. See Stripe's Privacy Policy.
  • MongoDB Atlas — database hosting within the EU.
  • Microsoft Graph API — Teams meeting transcript access (only when you explicitly enable recording in a meeting).

4.2 Legal Requirements

  • When required by law or legal process
  • To protect our rights, property, or safety
  • To investigate potential violations of our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

5. Your Rights Under GDPR

5.1 Your Legal Rights

As a data subject under GDPR, you have the following rights:

  • Right of Access — request access to your personal data and information about our processing
  • Right to Rectification — request correction of inaccurate or incomplete personal data
  • Right to Erasure — request deletion of your personal data under certain circumstances
  • Right to Restrict Processing — request limitation of processing in specific situations
  • Right to Data Portability — receive your personal data in a structured, machine-readable format
  • Right to Object — object to processing of your personal data for direct marketing or legitimate interests
  • Right to Withdraw Consent — withdraw consent for processing based on consent at any time
  • Right to Lodge a Complaint — file a complaint with your local data protection authority

5.2 Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 9. We will respond to your request within one month.

5.3 Data Retention

  • Account data — retained while your account is active and for 3 years after deletion for legal compliance
  • Saved diagrams — retained until you delete them or your account is terminated
  • Anonymous sessions — expire automatically after 90 days of inactivity
  • Meeting transcripts — processed in real-time and not stored after the meeting

6. Cookies and Tracking

6.1 Cookies We Use

SketchPilot uses only strictly necessary cookies:

  • sketchpilot_session — anonymous session identifier (HTTP-only, 90 days)
  • refresh_token — authentication session refresh (HTTP-only, 30 days)

We do not use analytics cookies, advertising cookies, or third-party tracking scripts.

7. Children's Privacy

SketchPilot is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take immediate steps to delete it.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Displaying prominent notices in our platform

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

privacy@sketchpilot.io

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For our primary jurisdiction:
Belgian Data Protection Authority