Privacy Policy

Last updated: May 25, 2026

Dream Pilot ("we," "us," or "our") operates the Dream Pilot platform at app.dreampilot.org. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and organization name.

Event Data: Information you enter about your events, including event details, sponsor and guest lists, seating arrangements, and related content.

Connected Services: When you connect third-party services (such as Google Workspace), we receive access tokens that allow us to interact with those services on your behalf. We store these tokens securely and only use them for the features you've authorized.

Usage Information: We collect standard server logs including IP addresses, browser type, and pages visited to maintain and improve our service.

Giving and Financial History: When organizations using Dream Pilot record sponsorships, pledges, or past giving for their contacts, that information is stored as part of the organization's account. We do not store payment card numbers; payments flow through Stripe (see Section 4) to the receiving organization's connected Stripe account.

Relationship and Household Data: Organizations may record household connections, spouse names, and relationship graph information for their contacts. This data is stored as part of the organization's event and contact records.

Outreach Activity: We log when invitations and outreach emails are sent and opened, when shared links are clicked, and the channel and timestamp of recent outreach, in order to power follow-up features.

Custom Fields: Organizations may add their own custom fields to contacts and prospects. We do not validate the content of these fields; the organization is responsible for what it stores there.

2. How We Use Your Information

• To provide, maintain, and improve the Dream Pilot platform
• To create and manage your event assets (invite pages, sponsorship packets, flyers)
• To import and export data through connected integrations you authorize (Google Sheets, Drive, Gmail, etc.)
• To send transactional emails (event invitations, RSVP confirmations, sponsor notifications)
• To process payments through Stripe when you subscribe to a paid plan
• To respond to your requests and provide customer support
• To power AI-assisted content generation (drafting copy, refining sponsorship language, suggesting outreach), which may process event content through third-party AI providers (Anthropic and OpenAI). We do not allow these providers to train on your data.

3. Google API Services

Dream Pilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google account, we request access to:

• Google Sheets: To import and export sponsor/prospect lists
• Google Drive: To browse and import files you select
• Google Docs: To import sponsorship packet content
• Gmail: To send outreach emails on your behalf
• Google Contacts: To suggest contact details for your prospects

We only access the specific data you request through our interface. We do not scan, index, or use your Google data for advertising, profiling, or any purpose unrelated to providing Dream Pilot's features. You can disconnect your Google account at any time from Settings > Integrations.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these circumstances:

• Service providers: We use the following third parties to operate our platform. Each only accesses the data necessary for its function:
  • Stripe — payment processing for subscription billing and, via Stripe Connect, for donor and sponsor payments routed directly to the receiving organization's connected Stripe account
  • Neon — Postgres database hosting where account, event, contact, and outreach data is stored
  • Google Cloud — application hosting, file storage (Google Cloud Storage), and secret management (Secret Manager) for credentials and API keys
  • Cloudinary — image and file storage for uploaded photos, logos, and brand assets
  • Resend — transactional email delivery (invitations, confirmations, notifications)
  • Anthropic and OpenAI — AI providers used to generate and refine event content
  • Google APIs — when you connect your Google account, as described in Section 3
• Your direction: When you share event links, invite pages, or sponsorship packets, the content you've created becomes accessible to the people you share it with.
• Legal requirements: We may disclose information if required by law or to protect the rights and safety of our users.

5. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure token storage, and access controls. OAuth tokens for connected services are stored encrypted in our database and are never exposed to other users.

6. Data Retention

We retain your account and event data for as long as your account is active. If you delete your account, we will remove your personal data from our systems within 30 days, except where:

• retention is required by law (for example, tax or financial record-keeping obligations);
• the data has been transmitted to a receiving organization's own systems (for example, donor records exported to a CRM you connected, or payment records held by the receiving organization's Stripe account), in which case the receiving organization controls deletion;
• we are required to maintain limited transaction records associated with payments processed through Stripe.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Disconnect any third-party integrations at any time
• Export your event data

8. Cookies

We use essential cookies and local storage to maintain your login session. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

brian@dreampilot.org