Privacy Policy

Who we are

FieldPilot is a product of NexStride LLC ("we," "us," "our"). This policy explains, in plain language, what data we collect, how we use it, who we share it with, and the controls you have. If anything here is unclear, email us at jide@getfieldpilot.com and we'll explain.

The short version

• We collect the data you give us (account, calendar, CRM, trip notes) and a small amount we generate (logs, AI usage telemetry).
• We use Anthropic's Claude to power the planning, chat, capture, and discovery features. Anthropic does not train on your data.
• We do not sell your data. We share it only with the service providers we need to operate the product.
• You can disconnect any integration, export your data, or delete your account by emailing support.

Information we collect

Account information

Name, email, company, role, home base address, and territory — provided when you sign up or complete onboarding. Authentication is handled by Supabase Auth (email/password, Google, or Microsoft sign-in).

Calendar data

Event titles, times, locations, and attendees from calendars you connect — Google Calendar via OAuth, Microsoft Outlook via OAuth, or ICS calendar links you provide. We use this to detect schedule gaps and to write planned stops back to your calendar when you ask us to. Calendar data is stored in our database and refreshed when you sync.

CRM data (Salesforce or HubSpot)

When you connect Salesforce or HubSpot, we read Accounts, Contacts, Leads, Activities, and Opportunities (or the HubSpot equivalents) using your personal OAuth credentials. We only see what your CRM permissions allow. We also write back to your CRM after a visit — Salesforce gets a Task, HubSpot gets a Meeting engagement — so the visit you logged in FieldPilot shows up in your CRM record. You can disconnect at any time.

Trip plans and visit notes

Trips you build (dates, schedules, anchor stops, generated itineraries), plus the post-visit notes you capture (what happened, who you met, sentiment, follow-ups promised, deal stage). Visit notes are the heart of the product — they feed future recommendations and, if you have a CRM connected, get written back as activities.

Account notes and chat history

Freeform notes you write about a company, and your conversation history with Marshall (the in-app chat assistant). Both are stored in our database, scoped to your account, and used to keep context across sessions.

Prospect data we discover for you

When you ask the Discovery Agent to find prospects in your territory, we query Google Places and run Claude-powered web searches against public business directories. The companies we find (name, address, website, NAICS code, signals, source URL) are cached in our database so future trips load fast. This cache is shared across users — only the company information itself, not your activity, is shared.

Location data

We geocode addresses via Google Maps to determine coordinates and use Google Routes to compute driving time and distance. Coordinates are cached after the first geocode. We do not collect real-time GPS location and we do not track where you drive. Coordinates are excluded from internal telemetry logs.

Usage and AI telemetry

Page views, feature interactions, and per-call AI telemetry (model used, tokens consumed, latency, cost, success or failure) are stored in our database, scoped to your account. Sensitive fields (coordinates, addresses, prospect search queries) are stripped before logging. Google Analytics collects anonymized page views and conversion events for landing pages and signup funnels.

Push notification subscriptions

If you opt in to web push notifications, your browser's push subscription endpoint is stored so we can send notifications (follow-ups due, briefings, insights). You can revoke this in your browser or device settings.

Payment data

Billing is processed by Stripe. We store your Stripe customer ID, subscription status, plan tier, and seat count. We never see or store payment card numbers — Stripe handles all card data directly.

Free-trip funnel

You can request a sample trip plan without creating an account by submitting your email, home base, and target industry on a public landing page. We store this submission and the generated plan so you can return to it via a magic link. If you never sign up, this data is retained but not used for anything other than serving your sample plan.

How we use AI

FieldPilot uses Anthropic's Claude models to power most of its features. Whenever you do something AI-driven, the relevant data leaves our database, goes to Anthropic's API, gets processed, and the result is returned and stored. Below is the full list of where AI is used and what data is sent.

• Trip planning. When you build a trip, we send your home base, trip dates and preferences, your selected accounts (names, cities, states, coordinates), your industry/NAICS profile, and the prospect candidates from your Discovery cache. Claude returns a day-by-day itinerary.
• Marshall chat. Every message you send to Marshall is sent to Claude (once for intent classification, once for the reply). Recent chat history is included so Marshall has context.
• Post-visit capture. The notes you record after a visit (typed or dictated) are sent to Claude to extract structured outcomes — who you met, sentiment, deal stage, follow-ups promised. The structured result is saved to your account and, if a CRM is connected, written back as an activity.
• Morning briefings, pre-visit prep, end-of-day summaries, and mid-trip disruption. Your trip plan, recent visits, and account context are sent to Claude to generate the briefing or recovery options.
• Prospect discovery. Your industry profile and territory are used to query Google Places and to drive Claude's web search and web fetch tools against public business directories. Claude reads public web pages on our behalf and returns structured company data with source URLs.
• Onboarding assists. Your company website is scraped and summarized; your free-text industry description is parsed into structured criteria; your free-text territory description is parsed into states or regions.
• Weekly insights. Once per week, Claude reviews your aggregated pipeline, visit, and trip data and surfaces 0–4 findings as in-app notifications.
• Persona generation. A short text description of your selling style is generated once from your profile and stored on your account.

Important: Anthropic does not use API inputs or outputs to train its models. Data is processed for the duration of the API request and is subject to Anthropic's API data usage policy, which provides for limited retention for trust and safety purposes.

AI output is advisory, not authoritative. Claude can be wrong about addresses, phone numbers, drive times, company facts, and pipeline interpretations. Verify before you act.

How we use your information (non-AI)

• Route calculation. Addresses and coordinates are sent to Google Routes for driving time and distance.
• Service operation. Account info, usage data, and error logs are used to operate, debug, and improve the product.
• Billing. Subscription and entitlement data determine your access level and feature availability.
• Team and manager features. If you are part of an organization, your manager can see your active trip, recent visits, captures from the last seven days, and pipeline values for the accounts assigned to you. Managers can set a team-wide focus that influences trip suggestions. Managers cannot read your private chat with Marshall.
• Communications. We use your email to send service-related messages (magic links, invitations, billing receipts, in-app notifications) via Resend. We do not send marketing email without consent.

Service providers (sub-processors)

We do not sell your data. We share data only with the providers listed below, each under their own data processing terms, and when required by law.

Data retention

• Account, trips, visits, notes, and chat history: Retained while your account is active.
• CRM-sourced records: Retained while your account is active. Archived (hidden, not deleted) when you disconnect a CRM. Restored on reconnect.
• OAuth tokens: Stored encrypted while the integration is connected. Deleted when you disconnect.
• AI processing: Inputs and outputs are stored on your account. Anthropic does not retain them beyond the API request, subject to their trust and safety retention policy.
• Discovery prospect cache: Retained indefinitely so future trips load fast. Cached company data is shared across users but not tied to who searched for it.
• Free-trip submissions: Retained so you can return to a saved plan via magic link. You may request deletion at any time.
• Account closure: Data is deleted after a reasonable retention period unless a legal obligation requires otherwise. Email support to request immediate deletion.

Data security

• All external API calls use HTTPS.
• OAuth tokens for CRM and calendar integrations are encrypted at rest using PostgreSQL pgcrypto. Database column permissions block direct read access even from authenticated sessions.
• Database row-level security enforces per-user and per-organization isolation on every table.
• Authentication is handled by Supabase Auth (email/password, Google, or Microsoft sign-in).
• API keys are stored in server-side environment variables, never exposed to the browser.
• Stripe webhook signatures are verified before processing.
• Calendar imports from external URLs are restricted to an allowlist of hosts to prevent server-side request forgery.
• Coordinates and search queries are stripped from internal telemetry before logging.

No system is fully secure. We use reasonable administrative, technical, and physical safeguards but cannot guarantee absolute security.

Anonymized and aggregated data

We may use anonymized, aggregated usage data to improve the product (for example, tuning the planner's defaults). No personally identifiable information, individual visit notes, or organization-specific records are shared between customers.

Your rights

Regardless of where you live, you can:

• Access your data by viewing your account, accounts list, trip plans, and visit notes inside the app.
• Export a copy of your data by emailing support.
• Correct any inaccurate information by editing it in the app or emailing support.
• Delete your data by closing your account or emailing support.
• Revoke integrations in Settings or directly at the provider (Google, Microsoft, Salesforce, HubSpot). CRM-sourced records are archived and restored on reconnect.
• Opt out of push notifications in your browser or device settings.

If you are a California, EU, or UK resident, you have additional statutory rights (right to know, right to delete, right to non-discrimination, right to data portability). To exercise any of them, email jide@getfieldpilot.com.

Children

FieldPilot is a B2B sales tool intended for adults. It is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

International users

FieldPilot is operated from the United States. If you use the service from outside the US, your data will be transferred to and processed in the US (and in any region used by our service providers). By using FieldPilot you consent to this transfer.

Changes to this policy

We may update this policy from time to time. If a change is material, we will email the address on your account before it takes effect. Continued use after the change takes effect means you accept the updated policy.

Contact

NexStride LLC — jide@getfieldpilot.com