Privacy Policy
Last updated: May 7, 2026
PickPilot is an AI shopping assistant that recommends products available on Amazon based on a natural-language conversation. This policy explains what we collect, what we do with it, and the choices you have.
What we collect
- Chat content — the messages you send to PickPilot and the responses we generate. Stored in our database, bound to a random, anonymous identifier issued to your browser. We do not request or store your name, email, address, age, gender, or payment information.
- One functional cookie (
pp_session) — an httpOnly token that ties your browser to your anonymous identifier so your chat history persists. Cleared on cookie wipe. - Standard server logs — IP address, request URL, timestamps, and error traces. Used for security and reliability; redacted for sensitive headers and rotated.
What we don’t collect
- No advertising/tracking cookies. No third-party analytics.
- No precise geolocation, contacts, photos, or device sensors.
- No accounts: PickPilot does not require email, password, or any login today. The anonymous identifier is the only thing that links a browser to its chat history.
Third-party processors
To produce recommendations we send your message text to:
- DeepSeek — large language model that generates the assistant’s replies. DeepSeek processes the prompt under their terms; we do not provide them with the cookie or identifier.
- RainforestAPI — used to fetch Amazon product data (titles, prices, ratings) for ASINs the model decides to look up. We send the search query/ASIN, not your identifier.
- Brave Search — used to surface independent reviews referenced by the assistant. We send the search query, not your identifier.
We do not sell or share personal information for cross-context behavioural advertising.
Affiliate disclosure
PickPilot may participate in the Amazon Associates Program. When that is active, links to Amazon products in our recommendations may include an affiliate tag, and we may earn a commission on qualifying purchases at no extra cost to you. We disclose this in the United States in accordance with the FTC’s 16 CFR Part 255 Endorsement Guides.
Your rights
Depending on where you live, you may have rights under laws such as the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the EU/UK GDPR:
- Right to know what personal information we hold about you.
- Right to deletion of personal information.
- Right to correction of inaccurate personal information.
- Right to opt out of sale or sharing of personal information.
- Right to non-discrimination for exercising these rights.
Because PickPilot only stores anonymous identifiers and chat content tied to them, the simplest way to delete “your” data is to clear the pp_session cookie in your browser; the orphaned chat rows will be purged on our next routine cleanup. For any other request reach us at the email below and we will respond within 45 days.
Children
PickPilot is not directed to children under 13. We do not knowingly collect data from them.
Security
The session cookie is httpOnly, Secure (in production), and SameSite=Lax. All traffic is served over HTTPS via Caddy and Let’s Encrypt.
Changes to this policy
We may update this page; the “Last updated” date at the top will change. Material changes will be flagged on the site.
Contact
Privacy questions or requests: privacy@pickpilot.app.