Privacy Policy

Last updated: 22 February 2026

1. Who We Are

Outpilot Ltd (company number 16977693) is a company incorporated in England and Wales, with its registered office at 5 Beech Court, Hurst, Berkshire, England, RG10 0RQ.

Outpilot provides an AI-assisted outreach platform for B2B commercial teams.

In the course of providing our services, we may act as a data controller (where we collect business contact data from publicly available sources) and as a data processor (where we process data on behalf of our subscribers in accordance with their instructions).

For privacy-related enquiries, contact us at privacy@outpilot.ai.

2. What Personal Data We Collect and Where From

Subscriber data

When organisations sign up to use Outpilot, we collect information provided during account setup and onboarding, including names, job titles, business email addresses, and company names.

Prospect data

We collect business contact information from publicly available professional sources and third-party data providers to support our subscribers' outreach activities. This includes names, job titles, company names, business email addresses, and communication history generated during campaign activity.

If you received an outreach email: Your business contact information was collected from publicly available professional sources to facilitate a business communication on behalf of our subscriber. You can opt out of future communications at any time. See Your Rights below.

Technical data

We collect technical data for security and operational purposes, including IP addresses, browser type, device information, and access logs.

3. Why We Process Personal Data (Lawful Basis)

We process personal data under the UK General Data Protection Regulation (UK GDPR) on the following lawful bases:

  • Legitimate interests (Article 6(1)(f)) : for collecting publicly available business contact data and facilitating B2B commercial communications, in reliance on Regulation 22(3) of the Privacy and Electronic Communications Regulations 2003 (PECR).
  • Contract performance (Article 6(1)(b)) : for processing subscriber account data to provide our platform services.
  • Legal obligation (Article 6(1)(c)) : where processing is required by law.
  • Legitimate interests (Article 6(1)(f)) : for platform security and service improvement.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals within the meaning of Article 22 UK GDPR.

4. How We Use Personal Data

We use personal data to provide and operate our platform services, facilitate outreach communications on behalf of subscribers, manage campaign reporting, maintain opt-out and suppression lists, and ensure platform security.

We do not sell personal data. We do not use personal data for unrelated advertising or profiling.

5. Who We Share Personal Data With

We work with a limited number of trusted third-party service providers who assist us in delivering our services. These providers fall into the following categories: data storage and hosting, email verification, email delivery infrastructure, AI technology, and workflow automation.

All third-party providers are bound by appropriate contractual obligations requiring them to process personal data securely and in accordance with applicable data protection law.

6. International Transfers

Some of our service providers may process personal data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law, including approved transfer mechanisms.

7. How Long We Keep Personal Data

  • Subscriber account data: retained for the duration of the subscription and for up to 60 days thereafter for secure deletion or return.
  • Prospect and campaign data: retained for the duration of the subscription and for up to 60 days thereafter.
  • Suppression list data (opt-out records): retained for as long as necessary to prevent re-contacting individuals who have opted out. This data is limited to the minimum information needed to identify opted-out individuals and is not used for any other purpose.
  • Technical and security logs: retained for up to 12 months for security and operational purposes.

Data is deleted securely when it is no longer needed for the purposes described in this policy.

8. Your Rights

You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.

Under UK GDPR, you also have the following rights in relation to your personal data:

  • Right of access (Article 15) : to request a copy of the personal data we hold about you
  • Right to rectification (Article 16) : to request correction of inaccurate or incomplete data
  • Right to erasure (Article 17) : to request deletion of your personal data in certain circumstances
  • Right to restriction of processing (Article 18) : to request that we limit how we use your data
  • Right to data portability (Article 20) : to receive your data in a structured, commonly used format, where applicable
  • Right to object (Article 21) : to object to processing based on legitimate interests

How to exercise your rights

How you exercise your rights depends on the capacity in which Outpilot processed your data:

  • If Outpilot collected your data as a Controller (for example, we sourced your business contact information from publicly available sources): contact us directly at privacy@outpilot.ai.
  • If Outpilot processed your data as a Processor on behalf of a subscriber (for example, you received an outreach email from an organisation using our platform): please contact the organisation whose outreach email you received. They are the data controller for that campaign activity.

We will respond to rights requests within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at ico.org.uk.

9. AI and Automated Processing

We use AI technology to assist with generating outreach content on behalf of our subscribers. We do not use personal data to train AI models. All outreach content is reviewed and approved by our subscribers before it is sent.

10. Data Security

We implement appropriate technical and organisational security measures to protect personal data, including encryption, access controls, and regular review of our security practices. While we take reasonable steps to protect personal data, no system is completely secure.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. Changes will be published on this page with a revised "last updated" date. Where changes are material, we will communicate them to active subscribers.

12. Contact Us

If you have any questions about this privacy policy or how we handle personal data, please contact us:

  • Email: privacy@outpilot.ai
  • Address: Outpilot Ltd, 5 Beech Court, Hurst, Berkshire, England, RG10 0RQ