Privacy Policy

1. Who we are

This Privacy Policy explains how myPitLab collects, uses, stores, and protects personal data when you use our platform.

2. What data we process

Depending on your usage, we may process:

• Account identity data (name, email, role, organization membership).
• Operational project data (inspections, reports, photos, workspace records).
• Security and audit data (authentication, access, system events).

3. Legal bases and purposes

We process data under one or more legal bases: performance of a contract (service delivery), legitimate interests (security and fraud prevention), legal obligations (compliance and records), and consent where required. Purposes include account management, feature operation, support, security monitoring, incident response, and billing.

4. Retention periods

• Security audit logs are retained for up to 365 days.
• Application error logs are retained for up to 90 days.
• Expired organization invitations are removed 30 days after expiry.

5. Processors, hosting, and sharing

We use vetted subprocessors for infrastructure, database, email, billing, and optional AI-enabled functionality. Access is restricted on a least-privilege basis and reviewed under our internal security process. We do not sell personal data. We share data only as needed to provide the service, comply with law, or protect rights and safety.

6. International transfers and security

Where data is processed across regions, we apply appropriate safeguards. We use technical and organizational controls including access control, encryption in transit, monitoring, audit logging, and incident response procedures.

7. Cookies and analytics

We may use essential cookies and similar technologies to operate secure sessions and maintain platform reliability. Optional analytics and performance tooling are used to improve product quality and are managed in line with applicable law.

8. Your rights

Depending on your jurisdiction, you may request access, correction, export, restriction, objection, or deletion of personal data. You can also lodge a complaint with a supervisory authority where applicable. Contact support@mypitlab.com for data rights requests.

9. Children and sensitive data

The service is intended for professional/business use and not directed to children. Do not upload special category/sensitive data unless you have a clear lawful basis and suitable safeguards.

10. Policy updates

We may update this Privacy Policy from time to time. Material updates will be reflected on this page with a revised “Last updated” date.