Effective date: 17 November 2017

Autopilot committed to data privacy and, as a processor of personal data, have taken all necessary steps to become GDPR compliant. We:

  • Undertake regular Data Protection Impact Assessment and GDPR readiness assessment.

  • Maintain a record of all personal data processing activities.

  • Maintain and document a legal basis for each processing activity that we carry out.

  • Regularly review and update our processor and sub-processor agreements.

  • Verify the GDPR compliance of our 3rd party vendors and making sure they are compliant.

  • Have an honour a document procedure to notify third parties when customer data needs to be deleted.

  • Have a backup retainment timeframe to 29 days, in line with GDPR requirements.

  • Maintain policies and procedures to respond to data rights requests.

  • Have appointed and employ a Data Protection Officer.

  • Ensure that all personally identifiable data is encrypted at rest and in flight.

  • Enable you to define how you handle cookies through Autopilot’s tracking script, including a built in widget to control the customer's acceptance of cookies on your own website.

  • Work closely with Vanta to ensure that we uphold the utmost security and privacy standards, on the way to SOC2 compliance.

If you would like to contact our Data Protection Officer, request access to your data, request removal of your data, or sign our DPA (Data Processing Agreement) please email

ortto footer brand
© Ortto 2022