Perfcopilot
Get started
Privacy

What we collect, what we don't.

Last updated: 2026-05-07. This is a plain-language summary; see Terms for the legal version.

What we collect

Account data (name, work email, organization). Signal metadata pulled from connected integrations — pull request titles, ticket statuses, channel activity counts, email headers. We never read message bodies, email contents, or document text.

What we don't collect

Message bodies, document contents, your inbox. We don't fingerprint, we don't sell data, we don't use your data to train models.

OAuth tokens

Stored encrypted at rest using Fernet symmetric encryption. The encryption key lives only on the application server. Tokens are decrypted in memory at request time and never logged.

AI processing

Performance review drafts are generated by Anthropic Claude. Anthropic's terms preclude training on customer data sent via the API. Each request sends only the signals relevant to the active review — no historical context, no cross-tenant data.

Customer-facing call analysis (opt-in)

For roles where the conversation IS the work — financial advisors, property managers, customer-success, sales reps, demo / discovery calls — your organization can optionally enable analysis of customer-facing call transcripts. We never record calls. We only consume transcripts your phone or meeting provider has already produced for compliance / training reasons. Supported providers: Aircall (phone), Microsoft Teams, and Zoom (video meetings).

Internal team meetings are never recorded or analyzed. For Teams and Zoom, we automatically detect and skip any meeting where every attendee shares your organization's email domain — only meetings with at least one external attendee (a client, prospect, or other outside party) are eligible. Aircall calls are intrinsically external. Enabling requires an explicit consent attestation by an org admin and can be turned off at any time. Per-call recordings can be deleted from the admin console.

Where the data lives

Application servers are hosted in Europe. Email delivery uses Resend (US). Backups are encrypted and rotated every 30 days.

Cookies & analytics

The marketing site uses PostHog for first-party analytics — page views and CTA clicks. No cross-site tracking. You can opt out via your browser's Do Not Track signal, which we respect.

Data deletion

Email privacy@perfcopilot.com from your account email and we'll permanently delete your organization's data within 30 days. Backups containing deleted data expire on their normal rotation schedule.

Contact

Questions? Get in touch or email privacy@perfcopilot.com.

This document is provided in good faith but is not legal advice. We recommend lawyer review before relying on it for compliance decisions.