Legal

Privacy Policy

Last updated: April 2026

The short version: RadarPilot stores HubSpot portal tokens and enrichment analytics to power the app. We encrypt your OAuth tokens, never sell your data or your contacts' data, and you can request deletion at any time.

Overview

RadarPilot is a HubSpot Marketplace App with a backend service that connects to the People Data Labs API to enrich contact and company records inside HubSpot. This policy describes what data we collect, how it is stored, and how it is used.

What data we collect

When you install RadarPilot, we collect and store the following:

  • HubSpot portal ID — to uniquely identify your HubSpot account
  • HubSpot OAuth tokens (encrypted) — access token and refresh token, stored with AES-256 encryption; never stored or transmitted in plaintext
  • Subscription plan and credit usage — which plan you're on and how many enrichment credits have been used this billing period
  • Enrichment log entries — HubSpot object IDs, which fields were written, PDL confidence score, and enrichment status (success / no match / error). No contact PII is stored in logs.
  • Enrichment cache — the enriched field values for a given contact, stored for up to 30 days to avoid re-charging credits for the same record
  • Stripe customer ID — if you subscribe to a paid plan, to manage billing

When enriching a contact, RadarPilot reads the contact's name, email address, company name, phone, and LinkedIn URL from HubSpot solely to query the People Data Labs API. Contact PII (email addresses, names, phone numbers) is never written to our database — it is used in-memory during the API call only.

What data we do not collect

RadarPilot does not collect, store, or process:

  • Contact or company PII beyond what is described above (names and emails are used transiently, never persisted)
  • Payment card details or financial account information
  • Browsing data, cookies, or session information beyond a signed session cookie for the RadarPilot dashboard
  • Any data from contacts' or companies' devices or browsers

People Data Labs (PDL)

RadarPilot uses People Data Labs (peopledatalabs.com) as its enrichment data provider. When you enrich a contact, we send the contact's name, email, company name, and/or LinkedIn URL to the PDL API to retrieve firmographic and professional data. PDL's privacy policy governs how they process and store that data on their platform. We only call PDL when you explicitly trigger an enrichment (manually or via auto-enrich).

Data storage and security

All data is stored in a PostgreSQL database hosted on Supabase in the US-East region. Data is encrypted at rest using AES-256. HubSpot OAuth tokens are additionally encrypted at the application layer using AES-256 before being written to the database, and are decrypted only in-memory when needed to make HubSpot API calls.

The RadarPilot backend is hosted on Vercel using serverless functions. No persistent in-memory state or file system access is used. All HubSpot webhook requests are verified using HMAC signature validation before processing.

Third-party services

RadarPilot uses the following third-party services to operate:

  • People Data Labs (peopledatalabs.com) — contact and company enrichment data provider
  • Hunter.io (hunter.io) — email enrichment fallback, used only when PDL does not return an email and sufficient signal is available
  • Supabase (supabase.com) — managed PostgreSQL database
  • Vercel (vercel.com) — serverless hosting and function execution
  • Stripe (stripe.com) — payment processing for paid plans

We do not use any advertising networks, analytics trackers, session recording tools, or any other third-party services beyond those listed above.

How we use your data

The data we collect is used exclusively to:

  • Authenticate your HubSpot portal and maintain the OAuth token required to read and write contact data
  • Enrich contacts and companies in your HubSpot portal using People Data Labs
  • Track credit usage and enforce plan limits
  • Display enrichment history and usage analytics in the RadarPilot dashboard
  • Process subscription payments via Stripe

We never use your data or your contacts' data for advertising, cross-customer benchmarking, or any purpose unrelated to providing the RadarPilot service to your account.

HubSpot data access

RadarPilot requests the minimum HubSpot OAuth scopes necessary to function: read and write access to contacts and companies, permission to create custom properties, and permission to register CRM card extensions. We do not request access to deals, tickets, emails, files, or any other HubSpot objects beyond contacts and companies.

Data retention

Account data and enrichment history are retained for as long as you have an active RadarPilot installation. If you uninstall the app, your account is marked inactive but data is retained for 90 days in case you reinstall. After 90 days, or upon explicit request, all data associated with your HubSpot portal is permanently deleted. To request deletion, email hello@pricepilot.cloud.

Data selling

We do not sell, rent, license, or otherwise transfer your data — or your contacts' data — to any third party, ever, under any circumstances.

Analytics & tracking

This website and the RadarPilot app do not use analytics, tracking pixels, cookies, session recording, or any monitoring tools of any kind beyond the functional session cookie required for the RadarPilot dashboard.

Children's privacy

RadarPilot is a business tool intended for use by HubSpot account holders. It is not directed at or intended for use by children under the age of 13.

Changes to this policy

If this policy changes materially, the app listing and this page will be updated with a new effective date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy or requests for data deletion? Email us at hello@pricepilot.cloud and we'll get back to you within 1–2 business days.