top of page

At Pilot Generative AI Ltd, privacy is not an afterthought—it’s a foundation. As part of the Pilot 2 Work initiative, we use the EddyAI FLOW framework to support young people transitioning into employment, education or training. Our goal is to provide smart, personalised guidance while keeping sensitive data secure, local, and under your control.

This page explains what data we collect, how it’s used and protected, and your rights under the UK General Data Protection Regulation (UK GDPR).

What We Collect

We only collect the data necessary to support our users effectively. This includes:

  • Account Information: Basic details such as name, email, and login information (if accounts are required).

  • Conversation Data: Interactions with our AI tools, including CV coaching, job-readiness support, and wellbeing check-ins.

  • Usage Metrics: Data on how learners use the system, like session times, feature use, and engagement trends.

  • Optional Inputs: Wellbeing information or background details learners may choose to share to receive more tailored support.

We do not intentionally collect sensitive personal data unless a user voluntarily provides it—and we always let you know when something is optional.

How We Use Your Data

Data collected via Pilot 2 Work is used to:

  • Deliver personalised support through the EddyAI FLOW system.

  • Monitor wellbeing trends and detect safeguarding concerns.

  • Provide schools, colleges, and providers with aggregated insights to help them intervene early—without ever sharing individual conversations without consent.

  • Improve system performance and ensure reliability through usage analytics.

Our legal basis for data processing includes legitimate interests (to deliver the service), consent (for optional wellbeing data), and contractual necessity (when Pilot 2 Work is part of a formal support programme).

Where Your Data Is Stored—and Why It Matters

A core feature of EddyAI systems is local data storage. Unlike many platforms, Pilot 2 Work stores information within your institution (e.g., on local servers or devices), which keeps personal data in a controlled environment and significantly reduces third-party exposure.

To ensure privacy, we apply robust security controls:

  • Encryption: All data is encrypted both at rest and during transmission.

  • Access Controls: Only authorised staff can access data through secure role-based permissions.

  • Anonymisation: Reports and analytics provided to schools or job coaches are aggregated and de-identified.

  • System Audits: We conduct regular security reviews and testing to maintain high standards.

  • Safeguarding Rails: AI conversations are governed by filters to prevent unsafe or inappropriate interactions.

Data Sharing and Transfers

Because data is stored locally, external sharing is kept to a minimum. We never sell your personal data.

If external services (e.g., web hosting or analytics) are used, they operate under strict data-processing agreements. Where necessary, data transfers outside the UK/EEA are protected by legal safeguards such as Standard Contractual Clauses.

Data Retention

We only keep personal data as long as it’s needed to deliver support or meet legal obligations. Conversation data and wellbeing logs stored locally are retained for a limited period (e.g., for review or quality assurance) before being anonymised or deleted. You can also request deletion at any time.

Your Rights Under UK GDPR

As a user, you have the right to:

  • Access the data we hold about you.

  • Correct inaccuracies or update your information.

  • Request Deletion of your data, unless legally required to retain it.

  • Restrict how your data is used.

  • Transfer your data to another provider.

  • Object to processing based on legitimate interests.

To exercise any of these rights, please contact us directly. We may ask you to verify your identity to protect your privacy.

Changes to This Notice

We may update this privacy notice to reflect changes in law or service. Major updates will be shared through the platform or email notifications.

Contact Us

If you have any questions about this notice, your data, or your rights, please reach out:

Data Protection Officer
Pilot Generative AI Ltd (Parent company of Pilot 2 Work)
📧 Email: data.protection@pilotgenerativeai.com

If you're unhappy with how we handle your data, you also have the right to contact the Information Commissioner’s Office (ICO) in the UK.

© 2025 Pilot 2 Work CIC

 

© 2025 by Pilot 2 Work CIC. Powered and secured by Wix

 

Ascend Coworking, Pentagon Centre, Chatham, Kent, ME4 4HY,

peter@pilot2work.org

bottom of page