Tote-Pilot LogoTote-Pilot

Privacy Policy

Last updated: January 15, 2026

1. Introduction

Welcome to Tote-Pilot. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our application, and tell you about your privacy rights and how the law protects you.

2. Data We Collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes email address.
  • Content Data includes photos of items and Totes you upload, descriptions, and tags.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products and services.
  • Biometric Data: When you use features like Passkeys or Biometric Login, this authentication happens locally on your device. We do not collect, store, or transmit your biometric data (fingerprint, face ID, etc.).

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (providing the Tote-Pilot service).
  • To improve our service, such as using AI analysis to help you automatically categorize and describe your items.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

4. Image Analysis and AI

Tote-Pilot uses advanced artificial intelligence technologies to help you organize your life.

  • Smart Scanning: When you upload an image, we use Google Gemini (a third-party AI provider) to analyze the image content. This allows us to automatically suggest titles, descriptions, and categories for your items, making organization effortless.
  • Data Handling: Images are sent securely to our AI provider for analysis. We do not use your images to train public AI models. The analysis is performed strictly to provide the features of the application.
  • Safety & Compliance: We maintain a zero-tolerance policy for child sexual abuse material (CSAM) and other illegal content. We cooperate fully with law enforcement agencies and will report any such content detected during our scanning process.

5. Data Storage and Third-Party Services

We use trusted third-party service providers to securely store and process your data.

  • Cloud Storage: Your photos and data are stored in secure cloud storage buckets provided by Railway. We implement strict access controls to ensure only you (and those you explicitly share with) can access your content.
  • AI Processing: As mentioned, we use Google Gemini for image analysis.
  • Payments & Subscriptions: We use Lemon Squeezy as our Merchant of Record. They handle all payment processing, invoicing, and tax compliance. Your payment details are processed directly by them and are not stored on our servers.
  • Email Communications: We use Resend to send transactional emails (like verification links and password resets).

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our service and hold certain information.

  • Strictly Necessary Cookies: We use a secure, HTTP-only cookie (refresh_token) to maintain your login session. This cookie is essential for the application to function and secure your account. It allows you to stay logged in as you navigate between pages.
  • Privacy-Friendly Analytics: We use Vercel Analytics to understand how visitors interact with our website. This service collects anonymous data (such as page views and improved performance metrics) without setting cookies on your device or tracking you across different websites. The data is aggregated and does not identify you personally.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

8. Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Tote-Pilot aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • The right to access, update or to delete the information we have on you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where Tote-Pilot relied on your consent to process your personal information.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).

  • Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
  • Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

We do not sell your personal information.

10. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us at support@tote-pilot.com.