Privacy Policy

Last updated: May 4, 2026

Data Controller

RegexPilot is the data controller for the processing of your personal data. We are committed to compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

Contact: privacy@regexpilot.com

Legal Basis for Processing (Article 6 GDPR)

We process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): When you sign up for our mailing list or opt into marketing communications, you give explicit consent for us to process your email address and use case information.
  • Legitimate Interests (Article 6(1)(f)): We may process a hashed IP address for security and rate limiting purposes, which is in our legitimate interest of preventing abuse.

You have the right to withdraw consent at any time by contacting us at privacy@regexpilot.com.

Information We Collect

Email Signup: When you sign up for our mailing list, we collect:

  • Email address (required)
  • Use case description (optional)
  • Consent timestamp
  • IP address (hashed for rate limiting, not stored as-is)

Usage Data: Our desktop application does not collect any usage statistics, telemetry, or analytics. There is no back-end the app reports to. AI requests, when you choose to make them, go directly from your machine to the AI provider whose key you supplied — they never pass through our servers.

License Validation: When you activate a paid license, RegexPilot contacts Lemon Squeezy (our payment provider) to register your activation against the license key and to periodically re-verify it. The data exchanged is your license key plus a SHA-256 hash of your machine's hardware identifier — never the raw identifier itself, and never any usage data. This is the only outbound network call the application makes on its own. You can review Lemon Squeezy's privacy practices at lemonsqueezy.com/privacy.

Local Data: The desktop application stores your patterns, settings, and preferences locally on your device. This data remains under your control and is never transmitted to our servers.

International Data Transfers

If you are located in the European Economic Area (EEA), please note that your data may be transferred outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Storage and Security

Personal data collected through our email signup is stored securely with industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Data retention periods: Email addresses are retained for 2 years from the date of signup, or until you withdraw consent and request deletion, whichever is sooner.

AI and Third-Party Services

Local AI: If you use local AI features with LM Studio or similar tools, your regex patterns are processed entirely on your local machine. We never receive or store this data.

External AI APIs: If you choose to use your own API keys with AI providers, your data is subject to those providers' privacy policies. We recommend reviewing their terms before use.

Cookies

Our website uses minimal essential browser storage only:

  • Theme preference: Stores your light/dark mode preference in your browser's localStorage until you clear site data

We do not use tracking, analytics, or advertising cookies. This local theme preference exists only to render the site in your chosen mode and does not require a separate consent banner.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Obtain a copy of your personal data and information about how it is processed.
  • Right to Rectification (Article 16): Correct inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Article 18): Request limitation of processing in certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Article 21): Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@regexpilot.com. We will respond within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your GDPR rights have been violated. In the EU, you can contact your national data protection authority. You can find contact details for EU authorities at EDPB website.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your GDPR rights, or need to submit a data deletion request, please contact us at:
privacy@regexpilot.com