PunchPilotAnalyze a report →
Legal

Privacy Policy

Last updated: April 10, 2026
Placeholder document. This page contains a structural template only. Replace with the official version generated by your legal provider (Termly, Termageddon, or an attorney) before going live.

This Privacy Policy explains how PunchPilot ("we", "us", or "our") collects, uses, and protects your information when you use our service.

1. Information We Collect

Information you provide

  • Email address — required to receive your repair list
  • Name — optional, used to personalize communications
  • Inspection PDF — the report you upload for analysis
  • Payment information — collected and processed by Stripe; we do not store full card numbers

Information collected automatically

  • Basic technical information such as IP address, browser type, and timestamps for security and abuse prevention

2. How We Use Your Information

  • To process your inspection report and generate your repair list
  • To deliver your report via email and provide a permanent access link
  • To process payments through Stripe
  • To contact you regarding your report or any service issue
  • To send you occasional updates about PunchPilot (you can unsubscribe at any time)
  • To improve the Service and prevent abuse

3. Third Parties We Share Data With

We share specific information with trusted service providers solely to operate the Service:

  • Anthropic — your inspection PDF is sent to Anthropic's Claude API for analysis. Anthropic processes the file to generate the repair list and does not retain your data for model training.
  • Amazon Web Services — we store your PDF and report data in AWS (S3 and DynamoDB), encrypted at rest, in the United States.
  • Stripe — handles payment processing. Subject to Stripe's privacy policy.
  • Amazon SES — delivers transactional emails to you.
  • HubSpot — we store your name and email as a contact in our CRM for customer communication.

We do not sell your personal information to anyone. We do not share your inspection reports with third parties beyond the processing partners listed above.

4. Data Retention

We retain your uploaded PDF and generated report for 90 days, after which the files are automatically deleted from our storage. Contact information in our CRM is retained until you request deletion. Payment records are retained as required by tax and accounting regulations.

5. Your Rights

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or obtain a copy of the data we hold about you. To exercise any of these rights, email us at privacy@[yourdomain].com.

California residents have specific rights under the California Consumer Privacy Act (CCPA). EU and UK residents have rights under GDPR. We honor all valid requests under applicable law.

6. Security

We use industry-standard security practices including encryption in transit (TLS) and at rest (AES-256), least-privilege access controls, and audit logging. No system is perfectly secure, but we work hard to protect your information.

7. Children's Privacy

PunchPilot is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have, please contact us to have it removed.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date reflects the most recent revision.

9. Contact

Privacy questions or requests? Email privacy@[yourdomain].com.