1. Overview
Daily Pilot Pty Ltd ("Daily Pilot", "we", "us", "our") operates an AI-powered life assistant delivered via WhatsApp and SMS. This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use our service, visit our website at dailypilot.com.au, or communicate with us.
This policy is designed to meet and exceed the requirements of the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs), while also aligning with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Meta's WhatsApp Business Policy. Where Australian law and international standards differ, we apply whichever standard affords you greater protection.
Our core privacy commitments
- We never sell your personal data to third parties — ever.
- We collect only what is necessary to deliver the service.
- You can request deletion of all your data at any time.
- We will notify you within 72 hours of any data breach affecting you.
- AI processing of your messages is used solely to provide responses — not for advertising profiling.
2. Who We Are
Data Controller / Business Operator: Daily Pilot Pty Ltd, Melbourne, Victoria, Australia.
For the purposes of GDPR, Daily Pilot Pty Ltd acts as the data controller for personal data collected through our service. For the purposes of the Australian Privacy Act, we are an APP entity.
| Detail | Information |
|---|---|
| Company name | Daily Pilot Pty Ltd |
| Registered location | Melbourne, Victoria, Australia |
| Privacy contact | [email protected] |
| Postal address | Daily Pilot Pty Ltd, Melbourne, Victoria, Australia |
| Website | dailypilot.com.au |
3. Information We Collect
We collect information in three ways: information you provide directly, information generated through your use of the service, and information received from third-party platforms (such as WhatsApp or your email provider, where you grant access).
3.1 Information you provide directly
| Category | Examples | Required? |
|---|---|---|
| Identity | First name, family name | Yes |
| Location | Suburb, postcode | Yes — for weather and local context |
| Family profile | Number and ages of children | Optional — improves recommendations |
| Dietary information | Allergies, dietary restrictions, cuisine preferences | Optional — improves meal suggestions |
| Contact details | Mobile phone number, WhatsApp number | Yes — required to use the service |
| Household tasks | Grocery lists, reminders, calendar events | Yes — core service data |
| Financial information | Bill amounts, due dates (Unlimited plan only) | Optional |
3.2 Information generated automatically
When you interact with Daily Pilot via WhatsApp or SMS, we record the content of those messages to provide responses and maintain conversation context. We also collect metadata including message timestamps, delivery status, and session identifiers. We do not collect your device information, IP address, or browser fingerprint unless you visit our website.
3.3 Information from third parties
If you connect an email inbox (school newsletter processing feature), we access only the emails you explicitly authorise. We do not store the full content of emails — we extract structured data (dates, events, action items) and discard the raw email content within 24 hours of processing. We do not access any other folders, contacts, or account data beyond what you explicitly grant.
3.4 Information we do NOT collect
We do not collect government identifiers (Tax File Numbers, Medicare numbers, passport numbers), financial account credentials, biometric data, or sensitive health information beyond dietary preferences you voluntarily provide. We do not collect information about your racial or ethnic origin, political opinions, religious beliefs, or sexual orientation.
4. How We Use Your Information
| Purpose | Data used | Can you opt out? |
|---|---|---|
| Delivering the AI assistant service | All profile and conversation data | No — core service function |
| Personalising meal and task recommendations | Dietary preferences, cuisine preferences, family profile | Yes — delete preferences at any time |
| Sending your daily morning briefing | Schedule, reminders, weather (suburb) | Yes — reply STOP BRIEFING |
| Processing school inbox emails | Email content (discarded within 24h) | Yes — disconnect at any time |
| Improving AI response quality | Anonymised, aggregated conversation patterns | Yes — see Section 8 |
| Sending service notifications and updates | Phone number | Yes — reply STOP |
| Billing and subscription management | Name, contact details, payment method | No — required for paid plans |
| Fraud prevention and security | Usage patterns, account activity | No — legal obligation |
| Responding to support requests | Any data relevant to your query | No — required to assist you |
| Complying with legal obligations | As required by law | No — legal obligation |
We do not use your personal information for targeted advertising, do not build advertising profiles, and do not share your data with advertising networks or data brokers under any circumstances.
5. Legal Basis for Processing
For users in jurisdictions covered by GDPR (including the UK and EU), we rely on the following legal bases for processing your personal data:
| Processing activity | Legal basis (GDPR Art.) | Australian APP equivalent |
|---|---|---|
| Delivering the core service | Contract (Art. 6(1)(b)) | APP 3 — collection for primary purpose |
| Morning briefings and reminders | Contract (Art. 6(1)(b)) | APP 3 — collection for primary purpose |
| Personalisation (dietary, cuisine) | Consent (Art. 6(1)(a)) | APP 3 — consent-based collection |
| AI model improvement (anonymised) | Legitimate interests (Art. 6(1)(f)) | APP 3 — secondary purpose, reasonably expected |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | APP 3 — required or authorised by law |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | APP 11 — security obligation |
You may withdraw consent for any consent-based processing at any time without affecting the lawfulness of processing prior to withdrawal. Withdrawing consent for personalisation features will not affect your access to the core service.
7. WhatsApp & SMS Messaging
Daily Pilot communicates with you primarily via WhatsApp (using the Meta WhatsApp Business API) and SMS (via Twilio). By providing your phone number and initiating a conversation with Daily Pilot, you consent to receive messages from us on that number.
7.1 Message content and storage
All messages sent to and received from Daily Pilot are stored securely in our database to maintain conversation context and provide a coherent service. Message content is encrypted at rest and in transit. We retain message history for the duration of your account plus 30 days following account deletion (to allow for dispute resolution), after which it is permanently deleted.
7.2 Opting out of messages
You may opt out of specific message types at any time by replying with the relevant command. Replying STOP will unsubscribe you from all non-essential messages. Replying STOP BRIEFING will stop daily morning briefings only. Replying DELETE MY DATA will initiate full account and data deletion within 30 days. Standard message and data rates from your carrier may apply.
7.3 WhatsApp's own data practices
When you communicate with Daily Pilot via WhatsApp, Meta's own privacy policy also applies to the transmission of those messages. We encourage you to review Meta's Privacy Policy at whatsapp.com/legal/privacy-policy. Daily Pilot does not control Meta's data practices and is not responsible for them.
8. AI & Automated Processing
Daily Pilot uses large language model (LLM) AI technology, currently provided by Anthropic (Claude), to understand your messages and generate responses. This section explains how that works and what it means for your data.
8.1 How AI processes your messages
When you send a message to Daily Pilot, that message — along with relevant context from your profile (name, dietary preferences, family details) and recent conversation history — is sent to Anthropic's API to generate a response. Anthropic processes this data solely to generate the response and does not use it to train their models. We have a Data Processing Agreement with Anthropic to this effect.
8.2 Automated decision-making
Daily Pilot does not make any automated decisions that produce legal or similarly significant effects on you. All AI outputs are informational suggestions (meal ideas, task reminders, schedule summaries) and do not constitute binding decisions. You are always free to disregard any AI suggestion.
8.3 AI model improvement
We may use anonymised, aggregated patterns from conversations (with all personal identifiers removed) to improve our service. This analysis never involves reviewing identifiable message content. You may opt out of this use by emailing [email protected] with the subject line "Opt out of analytics." Opting out will not affect your access to the service.
9. Data Retention
We retain your personal information only for as long as necessary to provide the service and meet our legal obligations. The table below summarises our retention periods.
| Data type | Retention period | Reason |
|---|---|---|
| Account profile data | Duration of account + 30 days | Service delivery; dispute resolution |
| Message history | Duration of account + 30 days | Conversation context; dispute resolution |
| Grocery lists and task data | Duration of account + 30 days | Service delivery |
| Billing records | 7 years from transaction | Australian tax law (ITAA 1997) |
| Security logs | 12 months | Fraud prevention and incident response |
| Anonymised analytics | Up to 3 years | Service improvement |
| Deleted account data | Permanently deleted within 30 days of deletion request | Privacy obligation |
When retention periods expire, data is securely deleted using industry-standard methods. Backups containing your data are purged within 90 days of the primary data deletion.
10. Security
We take the security of your personal information seriously and implement technical and organisational measures appropriate to the risk, including:
| Measure | Detail |
|---|---|
| Encryption at rest | AES-256 encryption for all stored data |
| Encryption in transit | TLS 1.3 for all data transmission |
| Access controls | Role-based access; principle of least privilege; MFA required for all staff |
| Infrastructure | Hosted on AWS ap-southeast-2 (Sydney); ISO 27001 certified |
| Penetration testing | Annual third-party penetration testing |
| Incident response | 72-hour breach notification to affected users and OAIC |
| Staff training | Annual privacy and security training for all personnel with data access |
| Vendor assessment | Annual review of all sub-processors |
Despite these measures, no system is completely secure. If you believe your account has been compromised, please contact us immediately at [email protected].
In the event of a data breach that is likely to result in serious harm to you, we will notify you directly via SMS within 72 hours of becoming aware of the breach, and notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.
11. Your Rights
You have significant rights over your personal information. These rights apply under Australian law and, where applicable, under GDPR. We will respond to all rights requests within 30 days (or within the timeframe required by applicable law).
| Right | What it means | How to exercise |
|---|---|---|
| Access | Receive a copy of all personal data we hold about you | Email [email protected] with subject "Data Access Request" |
| Correction | Correct inaccurate or incomplete data | Reply to any Daily Pilot message with the correction, or email us |
| Deletion | Have all your data permanently deleted | Reply DELETE MY DATA or email [email protected] |
| Portability | Receive your data in a structured, machine-readable format (JSON/CSV) | Email [email protected] with subject "Data Portability Request" |
| Restriction | Restrict processing of your data while a dispute is resolved | Email [email protected] |
| Objection | Object to processing based on legitimate interests | Email [email protected] |
| Withdraw consent | Withdraw consent for consent-based processing at any time | Reply STOP or email us |
| Complaint | Lodge a complaint with the OAIC or relevant supervisory authority | See Section 16 |
We will never charge a fee for exercising your privacy rights. We may ask you to verify your identity before processing a request to protect your security. If we are unable to fulfil a request (for example, due to a legal obligation to retain data), we will explain why.
12. Children's Privacy
Daily Pilot is designed for adults aged 18 and over. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete that information promptly.
Where users provide information about their children (such as children's names, ages, or school details) as part of the family profile feature, this information is used solely to personalise the service for the account holder (the adult) and is treated with the same protections as all other personal data. We do not create profiles for children and do not use children's information for any purpose other than delivering the service to the account holder.
13. International Data Transfers
Daily Pilot is an Australian company and stores primary data in Australia (AWS ap-southeast-2, Sydney). However, some of our service providers — including Anthropic (AI processing), Twilio (messaging), and Stripe (payments) — are based in the United States.
When your data is transferred internationally, we ensure appropriate safeguards are in place, including Data Processing Agreements, Standard Contractual Clauses (SCCs) for transfers to non-adequate countries under GDPR, and contractual requirements that overseas recipients handle your data in accordance with the Australian Privacy Principles (APP 8).
By using Daily Pilot, you acknowledge that your data may be transferred to and processed in countries other than Australia. We take all reasonable steps to ensure that such transfers are made securely and that your data receives an equivalent level of protection to that provided under Australian law.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you via SMS at least 14 days before the changes take effect, and update the "Last updated" date at the top of this policy.
If you disagree with any changes to this policy, you may delete your account before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
Previous versions of this policy are available on request by emailing [email protected].
16. Contact & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:
Daily Pilot Privacy Officer
Email: [email protected]
Address: Daily Pilot Pty Ltd, Melbourne, Victoria, Australia
Response time: We aim to respond to all privacy enquiries within 5 business days.
Complaints to the OAIC
If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
For users in the EU or UK, you also have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
This Privacy Policy was last reviewed on 10 April 2026. Daily Pilot Pty Ltd is committed to maintaining the highest standards of privacy protection for our users. This policy meets the requirements of the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, the EU General Data Protection Regulation (GDPR), and Meta's WhatsApp Business Platform policies.