Privacy Policy
At Metal Pilot, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully.
1. Provider Information
Metal Pilot is operated by the following provider:
Legal name: Wojciech Rzepka Software
Trading name: Metal Pilot
Tax ID (NIP): 9721364903
Country of establishment: Poland
Contact email: contact@metalpilot.com (full registered address and REGON available on request)
In this document, "Metal Pilot", "we", "us", "our", and "the Company" refer to Wojciech Rzepka Software, and "the Service" refers to the Metal Pilot platform, website, and related services. The email address contact@metalpilot.com serves as our single electronic point of contact for users and for communication with authorities.
2. Information We Collect
We may collect personal information that you voluntarily provide when using our service, including:
Contact information (such as name and email address)
Account credentials
Payment information
Account preferences and inputs you create within the platform, such as watchlists of companies, custom lists, notes, and feature requests or company-addition / data-correction submissions you choose to send us
Any other information you choose to provide
When you access our service, we may automatically collect certain information, including:
Device information (such as IP address, browser type, and operating system)
Usage data (such as pages visited, time spent on pages, and click patterns)
Cookies and similar tracking technologies
For operation and maintenance purposes, Metal Pilot and its third-party infrastructure providers may collect files that record interaction with Metal Pilot (system logs). These logs may contain Personal Data (such as IP Address) to help us diagnose errors and secure the platform. These logs are rotated and deleted regularly.
3. Public Company and Project Data
Separately from your personal information, Metal Pilot ingests, processes, and displays publicly available information about mining, oil & gas, and related commodities companies and their projects (for example, from public filings, annual reports, and other public sources). Such data concerns legal entities and assets, not you as an individual user, and is not treated as your personal data. Our handling of that public data is governed by the Terms of Service and the Disclaimer rather than this Privacy Policy.
Public filings and technical reports ingested by the Service may incidentally contain personal data of natural persons acting in a professional capacity — for example, names and professional details of company officers, directors, or qualified/competent persons who signed technical reports. We process such data as part of the ingested documents on the legal basis of our legitimate interest in operating a public-filings research tool (GDPR Art. 6(1)(f)). Because the data originates from public disclosures made by the issuers themselves, this Privacy Policy serves as the public information notice for that processing (GDPR Art. 14(5)(b)). If you are such a person, you may exercise your rights of access, rectification, erasure, restriction, and objection by contacting contact@metalpilot.com.
4. How We Use Your Information
We may use the information we collect for various purposes, including to:
Provide, maintain, and improve our service
Process transactions and send related information
Respond to your comments, questions, and requests
Send you technical notices, updates, security alerts, and administrative messages
Monitor and analyze trends, usage, and activities in connection with our service
Detect, prevent, and address technical issues
Protect against and prevent fraud, unauthorized transactions, claims, and other liabilities
We treat the personal account data you store within your account (such as watchlists, custom lists, and personal notes) as confidential. We do not access, view, or analyze such account inputs except where required by law or to provide specific support assistance requested by you
For GDPR compliance, we conduct legitimate interest assessments to ensure our processing does not override your fundamental rights and freedoms
5. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
Contractual Necessity: To provide the service, manage your account, and process payments.
Legitimate Interest: To improve our platform, conduct product development, ensure security, and prevent fraud, based on our legitimate interest in innovating and enhancing our services, subject to a balancing test against your rights and freedoms.
Consent: For optional features like newsletters or non-essential cookies.
Legal Obligation: To comply with tax, accounting, and other legal requirements.
6. Information Sharing and Disclosure
We may share your information in the following circumstances:
With service providers, consultants, and other third parties who require access to perform work on our behalf
In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process
If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of ourselves or others
In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company
With your consent or at your direction
7. US State Privacy Disclosures (Sale/Sharing and Targeted Advertising)
We do not “sell” personal information, we do not “share” personal information for cross‑context behavioral advertising as defined under California law, and we do not process personal information for targeted advertising under other U.S. state privacy laws.
Our use of Google Analytics is restricted to measurement and product analytics. We have disabled Google Signals, advertising features (including remarketing and demographics), and any linking with Google Ads. We do not use analytics data to build profiles for advertising or to target ads across different websites or apps.
We disclose personal information only to service providers (for example, hosting, error monitoring, email delivery, payments via Stripe) under contracts that prohibit them from using personal information for their own purposes.
We honor Global Privacy Control (GPC) and other recognized universal opt‑out mechanisms where required by applicable law. We treat these signals as valid requests to opt out of “sale”/“sharing” and targeted advertising. Because we do not sell/share or engage in targeted advertising, we also apply such signals to disable non‑essential cookies (including analytics) for that browser.
We do not sell or share the personal information of consumers under 16 years of age.
8. Users in Canada and Australia
Canada: We handle the personal information of Canadian users in line with the principles of the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, the Act respecting the protection of personal information in the private sector (Law 25). Canadian users may request access to and correction of their personal information, and may withdraw consent subject to legal and contractual restrictions, by contacting contact@metalpilot.com. Complaints may be directed to the Office of the Privacy Commissioner of Canada (or, in Quebec, the Commission d'accès à l'information).
Australia: We handle the personal information of Australian users in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth). Australian users may request access to and correction of their personal information via contact@metalpilot.com. If you are unsatisfied with our response to a privacy complaint, you may complain to the Office of the Australian Information Commissioner (OAIC).
9. Data Controller
The data controller responsible for your personal information is Wojciech Rzepka Software, Tax ID (NIP): 9721364903.
10. Data Security
We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. Access to data is restricted to authorized personnel who need it to operate the service.
11. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. As a rule, we apply the following retention periods:
Account data (profile, watchlists, custom lists, notes): for the life of your account, then deleted or anonymized within 30 days of account deletion.
Billing and invoicing records: 5 years from the end of the tax year in which the transaction occurred, as required by Polish tax and accounting law.
System and security logs: up to 90 days, unless needed longer for an ongoing security investigation.
Support correspondence: up to 24 months after the matter is closed.
Analytics data: per the retention period configured in Google Analytics.
After account deletion, we may retain certain information where required by law or necessary to establish, exercise, or defend legal claims
We take measures to delete your personal information or anonymize it when it is no longer necessary
You may request deletion of your data at any time by contacting us
12. Your Rights and Choices
Upon request, we will provide you with information about whether we hold any of your personal information. Depending on your location, you may have certain rights regarding your personal information, including:
Accessing, correcting, or updating your personal information through your account settings
Deleting your personal information by contacting our support team
Objecting to our processing of your personal information
Requesting restriction of processing your personal information
Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: Where processing is based on your consent (for example, newsletters or non-essential cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
Opting out of marketing communications via the unsubscribe link in emails or your account settings
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. In Poland, the relevant authority is the President of the Personal Data Protection Office (UODO).
To exercise these rights, please contact us using the information provided at the end of this policy. We respond to rights requests within one month; for complex or numerous requests this period may be extended by up to two further months, in which case we will inform you of the extension and its reasons within the first month. We may ask you to verify your identity before fulfilling a request.
13. Cookies and Third-Party Services
We use cookies and similar tracking technologies to track activity on our service and hold certain information. We categorize these cookies into two types:
Strictly Necessary Cookies: These are required for the operation of our service (e.g., to facilitate authentication, security, and session management). You cannot opt out of these cookies as they are essential for the application to function.
Non-Essential Cookies & Analytics: These are used for analytics and performance monitoring. Our service uses third-party services, such as Google Analytics, to collect information about your use of our service. These third parties may use cookies to help us analyze usage patterns and improve our platform. We do not control these third parties' tracking technologies.
You can manage your preferences for Non-Essential cookies through the Cookie Consent panel on our website. Refusing Non-Essential cookies will not prevent you from using the core features of our service, though it may limit our ability to analyze how the service is used.
For more information on how Google collects and uses your data, you can review Google's Privacy Policy.
14. Payment Information
Payments are processed by Stripe. Your payment details are submitted directly to Stripe and are not stored on Metal Pilot's servers. We do not collect or store sensitive payment instrument data (such as full card numbers or CVC codes). We receive from Stripe only limited billing information (for example, name, email, billing address) and payment method metadata (for example, card brand, last four digits, and expiration month/year) for invoicing, fraud prevention, and customer support. Stripe is a PCI DSS Level 1 certified service provider. For more information, please review Stripe's Privacy Policy.
15. Artificial Intelligence and Automated Processing
Metal Pilot uses automated systems and artificial intelligence to ingest, normalise, classify, and summarise publicly available data about companies and projects (for example, keyword tags, sector classifications, project ratings, and textual summaries). These automated processes operate on publicly disclosed company and project data and are not used to profile you as an individual user or to make decisions producing legal or similarly significant effects on you. We align our use of such systems with applicable transparency requirements under the EU AI Act and other relevant regulations.
16. Children's Privacy
Our service is not directed to individuals under the age of 18 years. We do not knowingly collect personal information from individuals under this age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
17. Sub-processors
We use the following categories of sub-processors to operate the Service. Each is engaged under a data processing agreement (or equivalent contractual safeguards) where required:
DigitalOcean, LLC (United States) — application hosting and infrastructure.
Stripe, Inc. (United States / EU) — payment processing and billing.
Google LLC (United States) — analytics when you consent to non-essential cookies (Google Analytics; advertising features and Google Signals disabled).
Resend, Inc. (United States) — delivery of account, billing, and security emails.
Grafana Labs, Inc. (United States) — application log aggregation and infrastructure monitoring (system logs may include IP addresses).
Transfers of personal data to the United States rely on Standard Contractual Clauses and our sub-processors' contractual commitments. A current sub-processor list or Data Processing Addendum for business customers is available on request at contact@metalpilot.com.
18. International Data Transfers
Your information, including personal data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. Specifically, our servers are hosted by DigitalOcean, LLC in the United States.
When we transfer your personal data from the European Economic Area (EEA) to the United States, we ensure appropriate safeguards are in place. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and Data Processing Agreements to ensure your data remains protected in accordance with GDPR standards. You may request a copy of the relevant safeguards at contact@metalpilot.com.
19. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
If we make material changes to how we use or share personal information previously collected from you, we will notify you through our service, by email, or other prominent communication methods. You are advised to review this Privacy Policy periodically for any changes.
20. Contact Information
If you have any questions about this Privacy Policy, please contact us at contact@metalpilot.com.
Last Updated: 17 June 2026
We use strictly necessary cookies for authentication and site functionality. Optional analytics (Google Analytics) load only after you accept; we do not use advertising, remarketing, or Google Signals. We honour Global Privacy Control (GPC) and other recognised opt-out signals by keeping analytics off for that browser.