Last updated: 2026, 24th April
This Data Processing Agreement (“DPA”) forms part of the agreement between AM Pilot and the customer using the AM Pilot platform.
This DPA applies where AM Pilot processes personal data on behalf of the customer in connection with the provision of its software services.
For personal data processed within the AM Pilot platform on behalf of the customer, the customer acts as the data controller and AM Pilot acts as the data processor.
The customer is responsible for ensuring that it has a lawful basis for collecting and processing personal data uploaded to or processed through the platform.
AM Pilot processes personal data only to provide, maintain, secure, and support the AM Pilot platform.
The processing may include storage, transmission, organization, retrieval, and deletion of data required for platform functionality.
The platform may process the following categories of data:
AM Pilot will process personal data only according to the documented instructions of the customer, unless required otherwise by applicable law.
If AM Pilot believes an instruction violates applicable data protection law, it may inform the customer and suspend the relevant processing until clarification is provided.
AM Pilot ensures that persons authorized to process personal data are subject to appropriate confidentiality obligations.
AM Pilot implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
These measures may include:
AM Pilot may use trusted third-party service providers (“sub-processors”) to deliver the platform, including hosting, infrastructure, payment, analytics, and communication providers.
AM Pilot ensures that sub-processors are subject to appropriate data protection obligations.
Where required, AM Pilot will inform customers of material changes to sub-processors.
If personal data is transferred outside the European Economic Area (EEA), AM Pilot will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized transfer mechanisms.
AM Pilot will provide reasonable assistance to the customer in fulfilling its obligations under applicable data protection laws, including requests related to data subject rights, security, and compliance documentation.
If AM Pilot receives a request from a data subject relating to personal data processed on behalf of the customer, AM Pilot will redirect the request to the customer unless legally required to respond directly.
AM Pilot will notify the customer without undue delay after becoming aware of a personal data breach affecting customer data.
AM Pilot will provide reasonable information available to assist the customer in meeting any legal notification obligations.
Upon termination of the service, AM Pilot will delete or return personal data in accordance with the customer’s instructions, unless retention is required by law.
Data may remain in backups for a limited period before being securely deleted according to backup retention procedures.
For self-hosted or standalone deployments, the customer is responsible for the infrastructure, hosting environment, data storage, security configuration, access control, and backups.
In such deployments, AM Pilot does not access or process customer data unless access is explicitly granted by the customer for support, maintenance, or agreed services.
AM Pilot will make reasonable information available to demonstrate compliance with this DPA.
Any audit request must be reasonable, proportionate, and subject to confidentiality obligations and prior written notice.
Liability under this DPA is subject to the limitations of liability set out in the applicable agreement between AM Pilot and the customer.
This DPA remains in effect for as long as AM Pilot processes personal data on behalf of the customer.
For questions related to this DPA or data protection, contact:
AM Pilot
hello@am-pilot.com
