PaintPilotBack to home
Legal

GDPR Privacy Notice

LAST UPDATED · MAY 29, 2026

This notice supplements our Privacy Policy and applies to individuals in the European Union, European Economic Area, and United Kingdom (“EU/EEA/UK”). It is provided in accordance with the EU General Data Protection Regulation (GDPR) (EU) 2016/679 and, where applicable, the UK GDPR.

Paint Pilot's services are primarily offered to residents of the United States. If you are accessing the platform from the EU/EEA/UK, this notice describes how we handle your personal data and your associated rights.

Data Controller

The data controller responsible for your personal data is:

Paint Pilot, LLC
1680 Fruitville Rd
Sarasota, FL 34236
United States
[email protected]

We do not currently have a designated EU/UK representative or a Data Protection Officer, as we do not engage in large-scale processing of EU/UK personal data as a core business activity. If you have privacy-related questions, contact us directly at the address above.

Legal Bases for Processing

We process personal data only where we have a lawful basis to do so. The bases we rely on are:

  • Performance of a contract (Article 6(1)(b)). Processing necessary to provide you with the services you have requested — creating your account, processing project requests, distributing leads to painters, and facilitating payment.
  • Legitimate interests (Article 6(1)(f)). Processing necessary for our legitimate interests, including fraud prevention, platform security, improving our services, and maintaining records of transactions, provided those interests are not overridden by your rights and freedoms.
  • Legal obligation (Article 6(1)(c)). Processing required to comply with applicable laws, such as retaining financial records for tax purposes.
  • Consent (Article 6(1)(a)). Where we rely on consent (e.g., optional analytics cookies), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Personal Data We Collect

See our Privacy Policy — Section 1 for a full description of the categories of personal data we collect and the sources.

In summary, we may collect:

  • Identity data (name, email address)
  • Contact data (phone number)
  • Technical data (IP address, browser/device information)
  • Usage data (page visits, clicks, session activity)
  • Project data (painting scope, property details, photos)
  • Transaction data (lead purchase records, payment confirmations)
  • Communications (support correspondence)

International Transfers

Paint Pilot is based in the United States. If you are in the EU/EEA/UK, your personal data will be transferred to and processed in the United States, which the European Commission has not deemed to provide an adequate level of data protection.

We take steps to protect transferred data by using service providers that provide appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, where required. You may request a copy of the safeguards in place by contacting us at [email protected].

Data Retention

We retain personal data for no longer than necessary for the purposes for which it was collected. Retention periods:

  • Homeowner project data: 3 years from request submission.
  • Painter account data: Duration of account plus 2 years after closure.
  • Financial/transaction records: 7 years, as required by applicable tax law.
  • Communication logs: 2 years from the date of correspondence.

Your Rights Under the GDPR

As a data subject in the EU/EEA/UK you have the following rights. To exercise any of them, contact us at [email protected] with the subject line “GDPR Data Request.” We will respond within one calendar month (and may extend by a further two months for complex requests, with notice).

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process personal data about you and, if so, to receive a copy of that data along with information about how it is used.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed without undue delay.

Right to Erasure / “Right to Be Forgotten” (Article 17)

You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, you withdraw consent (where consent was the lawful basis), or you object to processing and there are no overriding legitimate grounds. This right is subject to exceptions (e.g., where retention is required by law).

Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you contest.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.

Rights Related to Automated Decision-Making (Article 22)

We do not make decisions about you that are based solely on automated processing (including profiling) that produce legal or similarly significant effects. Our lead-pricing logic is automated but does not produce decisions that significantly affect users as individuals.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority. If you are in the EU, this is the data protection authority (“DPA”) in your member state. If you are in the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. We would appreciate the opportunity to address your concerns directly before you approach a supervisory authority.

Cookies

We use technically necessary cookies for authentication. We may use analytics cookies to understand how users interact with our platform. We do not use advertising or cross-site tracking cookies. Where required by law, we obtain your consent before setting non-essential cookies.

You may withdraw consent or manage cookie preferences through your browser settings at any time.

Contact

For all GDPR-related enquiries:
Paint Pilot, LLC
1680 Fruitville Rd
Sarasota, FL 34236
United States
[email protected]