Privacy Policy — Login Pilot

1. Who we are (Controller)

The data controller for the Login Pilot service is:

DNA HEALTHCARE PSA
Adama Branickiego 15, 02-972 Warsaw, Poland
Email: privacy@login-pilot.com
Support: support@login-pilot.com

This Privacy Policy applies to www.login-pilot.com and the sign-in (SSO) functionality provided by Login Pilot.

2. What Login Pilot is

Login Pilot is a service that enables secure sign-in to services within the DNA HEALTHCARE ecosystem. Login Pilot may use external sign-in (SSO) providers such as Google, Apple, and Facebook.

3. What data we process

3.1 Account and sign-in data

• your Login Pilot user ID
• email address
• name / profile name
• profile picture (if available)
• information that your account is linked to an SSO provider
• data needed to maintain a secure session (e.g., session tokens, security markers)

3.2 Data received from SSO providers

• Google: provider ID, email, basic profile (typically scopes: openid, email, profile)
• Apple: provider ID, email (including relay address), optionally name
• Facebook (Meta): provider ID, email, public profile (typically: email, public_profile)

We do not request or collect your email content, contacts, or private social network data unless it is strictly required for sign-in.

3.3 Technical and security data

• IP address
• limited browser/device identifiers and parameters (for security and diagnostics)
• sign-in timestamps and security events
• server logs and error logs

4. Purposes and legal bases (EU/EEA — GDPR)

1. Providing sign-in and maintaining your account — GDPR Art. 6(1)(b)
2. Security, fraud/abuse prevention, service reliability — GDPR Art. 6(1)(f)
3. Legal obligations (if applicable) — GDPR Art. 6(1)(c)
4. Non-essential cookies (if enabled in the future) — consent where required

5. Cookies and similar technologies

Login Pilot uses mechanisms necessary to maintain the sign-in session and protect against abuse and attacks. If optional analytics cookies are enabled in the future, a consent mechanism will be provided where required.

6. Sharing of data (Recipients)

• infrastructure and hosting providers
• authentication and database providers
• SSO providers as required to complete sign-in
• legally authorized entities if required by law

We do not sell personal data.

7. International transfers (outside the EEA)

Some providers may process data outside the EEA. Where applicable, we use appropriate safeguards (e.g., Standard Contractual Clauses).

8. Data retention

• Account data: while the account is active
• Security and technical logs: limited time as needed for protection and diagnostics
• After deletion: minimal data may be kept for legal compliance or dispute resolution

9. Your rights (EU/EEA — GDPR)

• access, rectification, deletion
• restriction, portability
• objection (for legitimate interests)
• complaint to a supervisory authority

Contact: privacy@login-pilot.com

10. Information for users in the United States (CCPA/CPRA — if applicable)

Some U.S. residents may have additional rights (access, deletion, correction). Login Pilot does not sell personal data. Requests: privacy@login-pilot.com

11. Children

Login Pilot is not directed to children and we do not knowingly collect personal data from children.

12. Data and account deletion (including Meta requirements)

1. Use “Delete account” in the target app (if available), or
2. Email privacy@login-pilot.com from the email used to sign in with subject: “Login Pilot account deletion request”.

13. Changes to this Privacy Policy

We may update this policy. The latest version will be published on this page with an updated date.