Last Updated: 29 July 2025

Utogi Ltd (trading as Penguin Pilot) is committed to protecting your privacy and ensuring the security of personal information you provide when using our Service. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with the Penguin Pilot progressive web app and related services (collectively, the “Service”). It outlines your rights under applicable data protection and privacy laws worldwide. By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use the Service. This Policy should be read in conjunction with our Terms and Conditions, which define capitalized terms and govern your use of the Service.

1. Introduction

1.1 Who We Are: Utogi Ltd (“Company”, “we”, “us”, or “our”) operates the Penguin Pilot Service. Our business is based in New Zealand, and we comply with New Zealand data protection laws. As an online platform available globally, we also strive to comply with leading international data protection frameworks, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the UK, and relevant U.S. state privacy laws for U.S. residents. For personal information that we collect about users of our Service, we act as a “data controller.” For personal information that users input about others (such as clients) insofar as we process it on the user’s behalf, we act as a “data processor” (as those terms are defined under the GDPR and similar laws).  Agency/Client Portal Data Roles: Where Clients of Agencies access the Service through a branded client portal, the Agency remains the data controller of Client data inputted into the Service. The Company acts as a processor on behalf of the Agency, except where the Company processes personal data for its own purposes (including authentication, billing, security monitoring, and legal compliance).

1.2 Purpose of this Policy: This Privacy Policy explains:
- (a) what information we collect (and from whom);
- (b) how we use that information and the purposes of processing;
- (c) how we disclose or share information;
- (d) international data transfers;
- (e) data retention practices;
- (f) your rights regarding your personal information (access, correction, deletion, etc.); and
- (g) our measures for security and privacy.

1.3 Scope: This Policy covers personal information we collect through the Penguin Pilot web application, our related websites, and communications with users (such as support emails). It applies to all users of Penguin Pilot globally who may provide personal data about themselves or others. It does not cover information handled independently by third-party services that integrate with Penguin Pilot – those services have their own privacy policies.

If you are an individual whose data is input by a user (for example, a Client of an Agency using Penguin Pilot through a branded client portal), this Policy applies to the processing we perform. However, the Agency remains the data controller for that information and is responsible for its own use of your data. We act as a processor on the Agency’s behalf, except where we process your data for our own purposes (such as authentication, billing, or security).

2. Information We Collect

We may collect several types of information in the course of operating the Service. The categories of personal information we collect, and their sources, include:

3. How We Use Personal Information (Purposes and Legal Basis)

We use the collected information for the following purposes, in accordance with applicable data protection principles and legal bases. (For users in jurisdictions like the EU, we note the typical legal grounds in parentheses: Contractual Necessity, Legitimate Interests, Consent, Legal Obligation, etc.):

3.1 Providing the Service (Contractual Necessity): First and foremost, we use your information to operate, maintain, and provide you with the features and functionality of Penguin Pilot. This includes:
- Using your Account Information to create and manage your user account, authenticate you when you log in (including via third-party login if applicable), and provide you with customer support.
- Using Marketing Content and other user-provided data to run the AI marketing content assistant and generate the outputs you request. For example, if you input details for an ad campaign, our system will process that data (which may involve algorithmic analysis and use of AI models) and return content suggestions or other results to you.
- Remembering your settings and preferences (e.g. saved templates, notification choices) to personalize your experience and save you time.
- Processing transactions and managing subscriptions/credits, such as billing you, sending invoice receipts, notifying you of subscription status or credit usage, and enabling purchase of additional credits.

3.2 Service Improvement and Development (Legitimate Interests): We continually work to improve Penguin Pilot. We may use usage data, feedback, and aggregated insights from user behavior to:
- Identify usage trends and popular features, to inform our product development and enhance the Service.
- Debug and troubleshoot errors or issues you encounter. For example, we analyze error logs or crash reports to fix bugs and stability issues.
- Conduct research and development on our AI algorithms. Your inputs and usage patterns (in anonymized form when possible) help us train and refine our AI models. We do not use identifiable personal information from your content for any public or third-party AI training, but we might use anonymized or aggregated data internally to improve our algorithms’ accuracy and capabilities.
- Test new features or user interface changes (often using dummy data or volunteer users; if real usage data is used, it will be handled carefully).
- Measure the effectiveness of our communications or onboarding flows (for instance, we might analyze whether users who complete a tutorial have better outcomes).

Any research or analytics we perform is generally done on aggregated or de-identified data when feasible. If we derive Aggregated Data (as defined in our Terms) for analytical purposes, it will not identify you personally.

3.3 Communications with You (Legitimate Interests or Consent, as appropriate): We use your contact information to communicate, either as part of providing the service or marketing our service:
- Service and Transactional Messages (Legal basis: Contractual Necessity or Legitimate Interests): We will send you administrative and account-related communications. These include account verification emails, password reset emails, billing invoices and receipts, subscription or credit renewal reminders, free trial expiration notices, and important service notices (e.g. security alerts, critical updates to our policies or terms). These communications are necessary for running the Service and you cannot opt out of receiving them while you have an active account, except by closing your account.
- Support Responses (Contractual/Legitimate Interests): If you reach out to us with a question or issue, we will use your name and contact info to respond and help you. This could be via email, chat, or phone, depending on how you contacted us.
- Announcements and Updates (Legitimate Interests): We may occasionally send emails or in-app notifications to inform you of new features, maintenance downtime, or changes to the Service. For example, we might announce improvements to the platform or notify you of updates to this Privacy Policy or our Terms. These communications are considered part of our service.
- Feedback and Surveys (Legitimate Interests): We might send you requests for feedback or invite you to fill out user satisfaction surveys. Responding is entirely optional, and we use any feedback solely to improve the Service.
- Marketing Communications (Consent, or Legitimate Interests where permitted): With your permission (or as allowed by applicable law), we may send newsletters or promotional emails about Penguin Pilot or related services that might interest you. For example, this could include tips on using the platform, or offers for new features. Opt-Out: You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in the email or contacting us as described below. We will only send you marketing communications in accordance with anti-spam laws (e.g., the Unsolicited Electronic Messages Act in New Zealand, CAN-SPAM Act in the US, or if applicable, based on GDPR consent requirements). Unsubscribing from marketing will not affect your receipt of transactional/service messages described above.

3.4 Compliance and Legal Obligations (Legal Obligation & Legitimate Interests): We may use and retain personal information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or protect our rights. Examples include:
- Keeping records required by law or regulation (for instance, financial transaction records for tax and accounting purposes).
- Using data to investigate or prevent fraud, security breaches, or other misuse of our Service. We actively monitor for suspicious activity to protect our platform and users.
- Where required, cooperating with lawful requests from government authorities or regulators (e.g. responding to a court order or law enforcement inquiry in accordance with due process).
- Enforcing our Terms and investigating potential violations of our terms or policies. This may involve reviewing certain user data if we have reason to believe misuse or illegal behavior has occurred. (We will limit any access to user content to what is necessary and will handle it under strict confidentiality.)

3.5 Analytics and AI Processing (Legitimate Interests / Contractual Necessity): As noted, we use analytics tools to understand how the Service is used. For example, we use Google Analytics and similar tools which process usage data (like your interactions and device information) to help us with performance monitoring and improving user experience. These third-party analytics services may use cookies and similar tech; however, they generally provide us only aggregate statistics (and we have configured Google Analytics to anonymize IP addresses where applicable). You can opt out of Google Analytics by using Google’s opt-out browser add-on, though this may affect our ability to understand and improve our Service.

Separately, we perform AI processing on the data you input in order to generate results – this is a core function of Penguin Pilot. In some cases, our AI processing might involve sending data to a secure third-party AI engine or service provider. For instance, if we utilize an AI platform or language model from a third party to power our marketing assistant, the content of your query and relevant context might be sent to that AI service, and a generated result returned to us. We ensure that any such third-party AI providers are under appropriate confidentiality and data protection obligations (see Section 4 on disclosures to third parties). This AI processing is generally automated. Importantly, we do not use AI to make any final decisions that produce legal or significant effects on you – the AI outputs are suggestions for you to consider in your marketing work, not binding decisions about you or any individual. You maintain control over how to use the AI-generated content.

3.6 Aggregated Insights (Legitimate Interests): We may use information across many users to produce aggregate statistics or insights that do not identify any individual. For example, we might calculate and share metrics like “X% of Penguin Pilot users generated content for social media campaigns” or “The most requested marketing content type this quarter was blog posts.” These insights help us understand usage trends and may be useful to the community or for our marketing. Any published or shared aggregated data will be stripped of personal identifiers – it will not identify you or any specific user.

3.7 Duration of Use / Retention Principle: We will use personal information only for as long as necessary to fulfill the purposes described above, or as required by law (see Section 6 on Data Retention for more details). We will not use personal information for additional purposes that are incompatible with those listed above without obtaining your consent, or unless required or permitted by law.

4. Disclosure of Personal Information

We understand the importance of keeping your personal and professional data confidential. We do not sell your personal information to third-party marketers. However, we do share certain information with others in the following circumstances, to operate the Service and as otherwise described here:

4.1 Within Your Organization (if applicable): If your Penguin Pilot account is part of an organization or team (for example, your agency or company has multiple authorized users on Penguin Pilot), some data may be shared among the authorized users within that organization:
- Team Collaboration: The Service may offer collaboration features (such as shared workspaces, content templates, or brand profiles that multiple team members can access). In such cases, the content and related personal data you input into a shared area will be visible to your other team members by design. For example, if you and a colleague are both users under the same organization account and you create a marketing content draft or client profile, your colleague with appropriate permissions will be able to see that information within the Service.
- We do not disclose your personal information to any other Penguin Pilot users outside of your organization without your direction or consent. Each organization’s data is segregated and access-controlled. Any sharing within the platform is initiated by you (e.g., if you invite a team member or share a draft for feedback).
-If you are a Client accessing the Service through an Agency, we may share certain data with that Agency (for example, your usage history, billing status, or content generated) so they can manage their services to you. The Agency is responsible for how it uses that information.

4.2 Service Providers (Processors): We use trusted third-party companies to help us provide and improve the Service. These third parties perform services on our behalf and may need access to personal information to do so. Categories of service providers include:
- Cloud Hosting and Infrastructure Providers: We host data (including your personal information and user-provided content) on cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure. These providers store and process data under our instructions and implement strong security measures. Data may be stored on servers in various locations (see Section 5 on International Transfers).
- AI and Data Processing Services: We may integrate third-party AI engines or natural language processing services to power Penguin Pilot’s features. If we do, some of your queries or content data might be sent securely to such a service for processing and then returned with results. For instance, if we use an AI API hosted by a provider in another country, the text of your marketing prompt and relevant context could be transmitted to that provider’s servers and the response returned to us. We ensure any such provider is contractually bound to only use the data for the purposes of providing the service to us (i.e., generating the output) and not for their own purposes, and that appropriate data protection safeguards are in place (such as encryption and compliance with privacy standards).
- Analytics Providers: As noted, we use third-party analytics tools (like Google Analytics) that collect usage data. These providers may set cookies or collect information such as your IP address and activity on our site/app. They provide us with insights about our Service usage. We ensure any analytics data shared does not include direct identifiers whenever possible, and we honor privacy options like “Do Not Track” where applicable.
- Email and Communication Tools: We utilize services to help us send emails, in-app messages, or provide customer support. For example, an email delivery service to send out account notifications and newsletters, or a customer support ticketing and chat system to manage help inquiries. These tools process contact information (like your email) and the content of messages as needed to perform their function.
- Payment Processors: If you make purchases, our payment processing partners (e.g., Stripe, PayPal, or banking services) will process your payment information. They receive the necessary billing details and payment credentials through secure forms. We share the minimum required information with these processors (such as your customer ID, the amount to charge, and confirmation of payment) and in return they inform us of the payment status. These processors are PCI-DSS compliant and handle sensitive financial data directly so that we don’t have to store it.
- Backup and Storage Services: We might use secure backup storage or document storage solutions to create backups of our databases and to store files (for reliability and disaster recovery purposes). Any personal information in backups is protected and only used for restoration if needed.
- Professional Advisors: We may need to disclose information to our auditors, attorneys, accountants, or insurers on a confidential basis. This would occur for specific purposes such as obtaining legal advice, conducting financial audits, or handling insurance matters. These professionals are bound by confidentiality obligations.

All our service providers are contractually required to protect personal information and to use it only for the purposes of performing services for us (not for their own purposes). When applicable, we sign Data Processing Agreements (DPAs) with them to ensure they meet GDPR and other privacy law requirements as “processors.” We take steps to ensure our providers maintain safeguards equivalent to those we commit to in this Policy. They are given only the information necessary to perform their functions, and we monitor their compliance with these obligations.

4.3 Legal Requirements and Safety: We may disclose personal information outside our company if we believe in good faith that such action is necessary to:

• Comply with the law or legal process: If we receive a court order, subpoena, or other lawful request from authorities, we may be required to disclose certain information. We will only do so after evaluating the request and ensuring it’s legally valid and necessary.

• Enforce our Terms and agreements: If we need to investigate or address violations of our Terms of Service or other agreements, or to detect and prevent fraud or security issues, we may use and disclose relevant personal data. For example, if a user is reported for abuse or illegal behavior, we might review their content and share details with law enforcement if appropriate.

• Protect rights, property, and safety: We may disclose information to protect the rights, property, or safety of Utogi Ltd, our users, or the public as required or permitted by law. For instance, disclosing information to authorities in cases of threats to safety, or exchanging information with other companies and organizations for cybersecurity protection and fraud prevention.

If you are a Client accessing the Service through an Agency-branded portal, we may share certain data with that Agency (for example, your usage history, billing status, or content generated) so they can manage their services to you. The Agency is responsible for how it uses that information.

If we are compelled to disclose your data to a third party (for example, in response to a legal demand), we will make a reasonable effort to notify you in advance (e.g., via email to the address on file) unless we are legally prohibited from doing so or the situation is urgent or life-threatening. We will only share the minimum information necessary in such cases.

4.4 Business Transfers: If the Company is involved in a merger, acquisition, financing due diligence, reorganization, receivership, or sale of all or a portion of our assets, your personal information may be transferred to a successor or affiliate as part of that transaction. For example, if another company acquires Penguin Pilot or Utogi Ltd, user data would typically be one of the assets transferred. In such an event:
- We will ensure that the new owner has privacy and security measures at least as protective as those described in this Policy, and that they are contractually obligated to honor all the commitments we have made to you.
- We will provide notice on our website (and/or directly to registered users, if feasible) about the change in ownership and any impact on the Privacy Policy or terms. You will be informed of any choices you may have, which might include the ability to delete your account before transfer.
- If you have an active account at the time of a transfer, and you do not agree with the new data handling practices, you will have the opportunity to discontinue the Service and request deletion of your data. (If you continue using the Service after a transfer, your data will be subject to the new owner’s privacy policy, which we expect to remain consistent with ours as noted.)

4.5 Aggregated or De-Identified Data: We may share aggregated, anonymized information that cannot reasonably identify you or any individual. For instance, we might publish reports or share with partners statistics like “X% of users created content for social media campaigns this year” or “The average time to generate a blog post was Y minutes.” This data does not contain personal information and is used for purposes such as industry analysis, research, and improving the Service. Sharing such anonymized insights poses no privacy risk to you.

4.6 Cross-Context Behavioral Advertising: We do not share or sell personal information to third parties for their own marketing or advertising purposes. In other words, we do not provide your personal data to unrelated companies to use for targeted advertising outside of our own campaigns. Any advertising-related data usage (such as using Facebook Pixel data for retargeting Penguin Pilot ads to you) is done by us for our marketing and is not a “sale” of data to others. We also offer you the ability to opt out of targeted advertising as described in Section 2.4 above. (See Section 8 for additional disclosures required by certain U.S. state laws regarding “sale” and “sharing” of data.)

4.7 Third-Party Integrations and Social Networks: The Service may enable you to connect to, or share data with, third-party platforms (such as social media networks and other applications) at your direction. If you choose to integrate Penguin Pilot with third-party services, or to publish/export content to a third-party platform, we will transmit your data to those third parties as needed.

Important points to note:
- When you connect your Penguin Pilot account with a third-party service (for example, linking a social network like Facebook to publish content, or importing data from another app via our API), you are authorizing us to share certain information with that service and/or to receive information from them as described at the time of integration. We will only make these connections with your explicit action (e.g., you click “Connect” and authenticate with the third party).
- Once your data is transmitted to a third-party platform at your request, that data is no longer under our control. The third party’s own terms of service and privacy policy will govern their use of the data. For example, if you use Penguin Pilot to post a marketing message directly to Facebook or Instagram, that content (and any personal data within it) falls under Facebook’s terms and Privacy Policy on their site. Similarly, if you export content or data from Penguin Pilot to another service (like Google Drive, or an email marketing tool), the handling of that exported data by the other service is subject to that service’s policies.
- We are not responsible for the privacy practices of third-party services that you choose to interact with through our Service. We encourage you to review the privacy policies of any third-party platforms you connect to your Penguin Pilot account or use in conjunction with Penguin Pilot.
- That said, we attempt to facilitate integrations only with third parties that respect user privacy. We will not knowingly send your data to a third party in a manner inconsistent with this Policy without your consent. If a third-party integration requires us to share more data than you’re comfortable with, you have the choice not to enable that integration.
- If we receive personal information about you from a third-party platform as part of an integration (for example, receiving your name and email when you use Facebook Login, or retrieving client data from another app you connected), we will handle that information in line with this Privacy Policy. In cases of social login, we use the information from the third party solely to log you in and create your account (we will not post anything to your social profile without permission). In cases of data import, we use the data only to provide the intended functionality.

(In summary, when you connect or share via other apps, Penguin Pilot acts as a conduit – after we pass along the data as instructed, the third party receives it and you should refer to that party’s privacy commitments for what happens next. We will assist you if possible with any issues – for instance, if you inadvertently sent data to a third party and want it deleted, we can help relay that request – but we cannot enforce another company’s privacy rules.)

Except as described above in this Section 4, we do not disclose your personal information to third parties unless you have consented to the disclosure or the disclosure is permitted by law.

5. International Data Transfers

Given the global nature of cloud services, the personal information we collect may be stored or processed in countries other than your own. This section explains how we handle international data transfers and the safeguards we use:

5.1 Data Storage Locations: We primarily store and process personal data on secure servers located in New Zealand and other jurisdictions where we or our service providers operate. Specifically, our current infrastructure uses:
- Amazon Web Services (AWS) data centers in the Australia region (which physically may include Australia-based servers) for our main application hosting and database storage. AWS is a widely used cloud provider with robust security controls.
- Clerk (Authentication/Management Service): We utilize Clerk, a third-party service based in the United States, for certain operational features (such as user authentication and account management). This means some personal data related to authentication and user management is processed and stored in the USA via Clerk’s systems.
- Other Third-Party Services: Additionally, as noted in Section 4.2, we use various third-party services (e.g., email delivery providers, analytics, AI processing tools) that might be located in or access data from other countries (common locations include the United States, countries in the European Union, and Australia/New Zealand).

We select service providers that are reputable and have strong privacy and security practices. We maintain an updated internal list of where key data is stored and will provide additional details upon request.

5.2 Risks of Overseas Storage: When personal information is stored or processed outside of your home jurisdiction, it becomes subject to the laws of the country in which it resides. For example, information stored in the United States could, in rare cases, be accessed by U.S. government or law enforcement under U.S. laws; information in Europe could be subject to EU law, etc. There is a possibility that foreign governments or courts may request access to data for lawful purposes. However, regardless of where your data is located, we will ensure that your information is handled as described in this Policy. We only transfer data to jurisdictions or service providers that meet our standards for data protection. If a local law conflict requires disclosure, we will, to the extent allowed, inform you and only comply if legally obligated (see also Section 4.3 regarding legal requests).

5.3 Adequacy and Safeguards: Whenever we transfer personal information internationally, we take steps to ensure an adequate level of protection for that data, comparable to the protection in your country:
- For transfers from jurisdictions with strict data protection laws (like the EEA/UK) to countries not deemed “adequate” by those jurisdictions, we rely on appropriate safeguards. This often means implementing standard contractual clauses (SCCs) approved by regulators, which contractually bind the recipient to protect the data. We may also rely on certifications (e.g., frameworks like the EU-US Data Privacy Framework if applicable) or obtain your consent for certain transfers if required.
- We consider whether the destination country has been officially recognized as providing adequate protection for personal data (for example, New Zealand is recognized by the EU as an adequate country; Canada, UK, and others have adequacy decisions; the U.S. has partial schemes for certified entities). Where such adequacy exists, we transfer data based on that assumption of protection.
- We ensure our contracts with service providers include data transfer and security provisions that meet the requirements of laws like the GDPR. If needed, we supplement contractual clauses with additional technical measures (such as encryption in transit and at rest, which we employ widely) to further protect the data.

5.4 Your Consent to International Transfer: By using the Service, you acknowledge that your personal information may be transferred to and stored in countries other than your own. We primarily operate in New Zealand, but the nature of a cloud service means data will cross borders as described. We will take all reasonably necessary steps to ensure your data is treated securely and in accordance with this Policy regardless of location. If you have concerns about a particular transfer or require more details on cross-border data arrangements, please contact us (see Section 11) and we will be happy to provide information or work with you on a solution. In certain cases, if no adequate protection is in place, we will seek your consent for the transfer or refrain from the transfer as required by law.

5.5 Example – AWS and Clerk: To give concrete examples: Our use of AWS in Australia means data is held in a jurisdiction with strong privacy laws (Australia) and AWS is contractually bound to our instructions and to maintain appropriate safeguards (AWS also offers SCCs and has ISO certifications). Clerk, based in the U.S., is subject to U.S. data protection laws; we have an agreement with Clerk including standard clauses to ensure it protects data to GDPR-equivalent standards. We encrypt sensitive data handled by Clerk and limit what data is sent there (mostly login credentials and user identifiers).

5.6 Remote Access: Regardless of where data is physically stored, it may be accessed remotely by our authorized personnel in New Zealand or potentially other countries where our team is located. Such access is done over secure channels and only by staff who need it for their job duties.  All our staff are bound by confidentiality and our internal data protection policies, so an engineer in New Zealand or an authorized contractor in another country accessing the database is held to the same high standards of privacy and security.

In summary, we recognize that international transfers carry additional considerations, and we are committed to handling your data in compliance with applicable cross-border data rules (like Chapter V of the GDPR). We will update this Policy if we significantly change our transfer practices or add new major providers in new regions.

6. Data Retention and Deletion

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or to satisfy legal and business requirements. This section outlines how long different types of data are kept and how deletion works:

6.1 Retention Periods by Category:
- Account Data: We keep your account registration information (such as your name, email, account credentials, and profile info) for as long as your account is active. If you deactivate or close your account, we will delete or anonymize this information within a reasonable period after closure, except where we need to keep it for legitimate reasons (see “Legal Hold” below). Typically, basic account data is deleted from live systems within 30 days of account closure.
-Client Data on Agency Termination: If an Agency account terminates, we may retain associated Client data for a transition period. During this time, we may, at our discretion, offer Clients the option to continue with a direct account with us, subject to these Terms and this Privacy Policy.
- Marketing Content / User-Provided Content: Data that you have entered into the Service (e.g. your saved content drafts, brand profiles, notes, uploaded media) is retained while your account is active so you can access your materials. If you delete specific items within the app (for example, you delete a draft or remove a client’s profile), we remove that item from the active database promptly, though some residual information may remain in system logs or backups temporarily. If you delete your account entirely (or your subscription lapses and you do not renew), we will generally retain your content for a short grace period (e.g. 30–60 days) in case you reactivate or need a copy of your data. After that period, we will begin the process of permanently deleting or anonymizing your user-provided content from our systems.
- Communication Data: Emails or support tickets you’ve sent us might be retained longer than other data. Even if you delete your account, we may keep support correspondence records to document how we assisted you or to improve our support processes. These communications could be stored in our email archives or support systems and are typically retained as long as necessary for our business (which could be several years) but are kept secure and only accessible on a need-to-know basis.
- Analytics Data: Aggregated analytics data (which does not identify individuals) may be kept indefinitely to allow long-term performance analysis of our Service. Raw usage logs that contain personal data (like IP addresses in server logs) are usually kept only for a short period — often a few weeks or months — and then either deleted or anonymized. For example, web server logs might be retained for 90 days for security analysis and then purged or stripped of IP information.
- Financial/Billing Records: We retain billing and payment records as required for accounting and tax obligations. In New Zealand, for instance, financial transaction records may need to be kept for at least 7 years. These records include information like invoices, payment dates, subscription history, and the billing contact (which may be your name and company). Note that these records contain minimal personal data beyond business contact info. We do not store full credit card numbers, so that sensitive info is not part of our retained records.
- Backup Data: Our system performs regular backups of critical data to ensure resilience. Backup files are encrypted and stored securely. These backups are retained for a limited time (commonly 30-90 days rolling) before they are overwritten or deleted. Therefore, even after data is deleted from our live database, it might persist in offsite backups for a short period until those backups expire. We have procedures to purge or destroy old backups in line with our retention schedule.

6.2 Legal Hold and Exceptions: There may be situations where we need to retain data for longer than our standard retention periods, due to legal obligations or disputes:
- If we are involved in a legal dispute or investigation (for example, if you or someone else has filed a lawsuit or complaint, or if an authority is investigating a matter involving data), we will retain relevant information until the issue is resolved, even if that extends beyond normal retention times. This is often referred to as a “legal hold.”
- If we receive a preservation order or subpoena requiring us to keep data (for example, from law enforcement or a court), we will preserve the specified data as required by law.
- Some data may need to be retained to comply with laws (for instance, certain transaction data for financial regulations, or records of consents for GDPR compliance). In such cases, we retain the data as long as the law stipulates.
- If you have interacted with us in a way that could implicate our legal rights (e.g., violation of Terms, or if we reasonably anticipate a potential claim), we may retain relevant data to defend or exercise our legal rights.

In all such scenarios, we will securely store the data and isolate it from routine use, using it only for the intended legal purposes.

6.3 Secure Deletion Practices: When personal information is no longer needed, we take steps to securely delete or destroy it. Electronic data is deleted in such a way that it cannot be easily recovered (for example, by deleting entries from databases and letting overwritten backups age out). For any physical records (if any ever exist), we would shred or incinerate them. We also ensure that third-party processors delete data from their systems when they no longer need it, in line with our agreements.  If an Agency account terminates, we may retain associated Client data for a transition period. During this time, we may, at our discretion, offer Clients the option to continue with a direct account with us, subject to this Privacy Policy and our Terms of Service.

6.4 Your Deletion Requests: Section 7.3 (below) outlines your “Right to Erasure.” When you request deletion of your personal data, we will honor that request to the fullest extent required. Upon a verified deletion request, we will remove your personal data from our active systems (and request the same of our processors) unless retention is permitted or required as explained. We will also inform you once we have completed your request, or if certain data had to be retained (and why). Please note that if the data you request to delete is essential for us to provide the Service (for example, your account credentials or necessary contact info) and you wish to continue using the Service, we may not be able to delete that data without closing your account. We’ll discuss options with you in such cases.

6.5 Residual Data: Even after we delete personal data from active use, there can be residual traces in system logs, audit trails, or backup files. However, this residual data is typically disassociated from direct identifiers or stored in forms not easily accessible. We maintain these only for the time necessary for system integrity and then purge or anonymize them. For example, an audit log might record that User X performed a deletion on a certain date, which we might keep for security history but it wouldn’t contain the content that was deleted.

6.6 Summary of Retention: In plain terms, we do not keep your personal data longer than we legitimately need to. We have internal policies that define retention periods for different data types, balancing business needs with privacy. If you have specific questions about how long a particular type of data is retained, feel free to contact us (see Section 11) and we can provide details relevant to your query.

7. Your Rights and Choices

As a user of Penguin Pilot, you have certain rights regarding your personal information. We have designed our practices to facilitate these rights, which may derive from privacy laws like the GDPR (for EU users), the New Zealand Privacy Act, or various U.S. state laws. The availability of some rights can depend on your residency and the applicable law, but we extend many rights universally as a matter of good practice. Below is an overview of common data subject rights and how you can exercise them:

7.1 Right to Access: You have the right to request confirmation of whether we are processing your personal information, and to obtain a copy of the personal information we hold about you (often called a “data access request”). This allows you to understand what data we have about you and to verify that we are processing it in accordance with the law.
- How to Request Access: To exercise this right, you can contact us using the information in Section 11 (Contact Us). Please clearly state that you are requesting access to your personal data. It helps to specify the scope of your request (e.g., “I would like a copy of all my personal data in your systems” or “Please provide the information related to my account profile and usage logs”). We may need to verify your identity before releasing data, to ensure that we do not give out personal information to the wrong person. Typically, we will verify by confirming information that only the real user would know, or by using your existing account credentials.
- Our Response Time: We will respond to your access request as soon as reasonably possible, and in any event within any timeframe required by law (for example, GDPR requires response within 1 month, which can be extended to 3 months in complex cases). If we anticipate needing longer than the standard timeframe, we will inform you of the reason and extension.
- Format: Once verified, we will provide your data in a structured, commonly used electronic format (often this will be a PDF or CSV file, or via a secure dashboard). If you need the data in a specific format for portability reasons, let us know and we will try to accommodate.
- Exceptions: In some cases, we might not be able to provide certain information if doing so would infringe on the rights of others or if an exemption applies. For example, if your data includes personal data of another person (and they have not consented), or if a particular record is protected by legal privilege or relates to internal management planning, we might redact those portions. If we refuse any part of your request, we will explain the reasons (unless prohibited by law) and inform you about any recourse you have.

7.2 Right to Rectification: You have the right to request that we correct or update any of your personal information that you believe is inaccurate or incomplete. We want to have accurate data, and we encourage you to keep your information up-to-date.
- Scope: This right applies to factual information about you. For instance, if you find that your name is misspelled in our records, or your contact email is outdated, you can ask us to fix it. You can also add information if something relevant is missing (as long as it’s related to the purposes of processing).
- How to Request Correction: The easiest way to correct most of your information is by logging into your account and editing your profile or settings (if such self-service features are available). For example, you can usually change your email, password, or profile details directly. If you cannot correct the information yourself, you can contact us with the details of what needs to be corrected.
- Our Response: Upon receiving a verified rectification request, we will either make the correction or, if we believe the current data is correct, we will let you know why we did not change it. If we decline to change something, you have the right to append a statement to your record indicating that you dispute its accuracy. We will also inform you when we have updated the data as you requested.

7.3 Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal information in certain circumstances. This right is not absolute, but we will honor it when applicable. Situations where you may invoke this right include: (a) the data is no longer needed for the purposes it was collected or processed; (b) you initially consented to use of the data and have now withdrawn consent, and we have no other legal basis to keep it; (c) you object to processing (see the Right to Object below) and we have no overriding legitimate grounds to continue; (d) we processed your data unlawfully; or (e) we have a legal obligation to erase the data.
- How to Request Deletion: You may request deletion by contacting us (Section 11). For example, you can send an email with the subject “Delete My Account/Data” from the email address associated with your account so we can verify it’s you. Important: You can also delete your account via the Service interface (if that functionality exists) – doing so will trigger the deletion process for your data as described in this Policy.
- Processing Your Request: When we receive a legitimate deletion request, we will first verify your identity and then proceed to remove your personal data from our active systems and archives (subject to the exceptions below). This generally includes deleting your account information, personal identifiers, and any content or records that can be linked to you. We will also instruct our service providers to delete the personal data they hold on our behalf.
- Exceptions & Retention of Minimal Data: We may retain certain information if we have a valid reason to do so. For example, we might retain some record of your request and our response (to demonstrate compliance), or keep transaction records for accounting purposes, even if other data is erased. We will not keep more data than necessary. If any data is retained, it will be for the reasons such as: compliance with a legal obligation, exercise or defense of legal claims, completing a transaction you initiated (e.g., if you requested deletion after making a purchase, we still must deliver the product or keep the invoice), or other exceptions allowed by law. We will inform you if any such exceptions apply.
- Result: Upon deletion, your account will be closed and personal data removed from our live databases. Backup copies will be deleted in the normal rotation of backups as described earlier. We will confirm to you once we have deleted the data or otherwise fulfilled your request. If we could not delete certain data, we’ll let you know what and why.
- Service Impact: Please note that if you request deletion of data necessary for us to provide the Service to you, you will likely need to discontinue use of the Service (e.g., deleting your account). We do not discriminate (in terms of service) against users who exercise deletion rights, but deletion of key data inevitably means we cannot provide you the same service. We will inform you of consequences if any, so you can make an informed decision.

7.4 Right to Restrict Processing: In certain circumstances, you have the right to ask us to limit the processing of your personal information. This can apply, for example, if you contest the accuracy of your data (you can request restriction while we verify and correct it), or if you object to processing based on our legitimate interests (you can request restriction while we consider your objection). It can also apply if processing is unlawful but you prefer we suppress the data rather than delete it, or if we no longer need the data but you need us to keep it for a legal claim. When processing is restricted, we will continue to store your data but will not use it or share it until the restriction is lifted (unless for legal reasons). If you want to request restriction, please contact us with the details, and we will let you know if it’s applicable. We will also inform you when we lift a restriction.

7.5 Right to Data Portability: For data that you have provided to us and that we process by automated means on the basis of your consent or a contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller (or have us do so, where technically feasible). In simpler terms, this applies typically to profile data or content you gave us, and allows you to reuse it elsewhere. We support data portability by offering tools for you to download your content (where available) or by fulfilling direct requests for export. Contact us if you need assistance porting your data, and we will do our best to help, provided it doesn’t adversely affect others’ rights (for instance, we won’t include other users’ personal data in the portable output without their consent).

7.6 Right to Object: You have the right to object to our processing of your personal information in certain situations. If we are processing your data based on legitimate interests, you can object if you feel our legitimate interests are overridden by your interests or fundamental rights (we will then reconsider our justifications). If we are processing your data for direct marketing purposes, you can object at any time and we will stop using your data for that purpose immediately. For example, you can object to receiving further marketing emails (which is effectively an unsubscribe request – see 7.8 below). If you object to other processing, please explain your reasons so we can assess the situation. We will either cease processing or, if we believe we have compelling legitimate grounds to continue (and those grounds outweigh your rights), we will inform you of those grounds. In any event, personal data will not be processed for marketing if you object.

7.7 Withdrawal of Consent: In cases where we rely on your consent for processing (for instance, if you agreed to optional data uses or signed up for marketing newsletters), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal. If you withdraw consent for something, we will stop the processing that was based on consent. For example, if you consented to let us use your testimonial on our website and later change your mind, we will remove it. To withdraw consent, you can adjust the settings in your account (if applicable) or contact us. One easy way is for marketing emails: use the “unsubscribe” link provided. For other consents, just reach out to us and we will assist.

7.8 Opt-Out of Communications and Tracking:
- Marketing Emails: As noted, you can opt out of marketing or promotional emails at any time by clicking the unsubscribe link in the email or by contacting us requesting removal. Once you opt out, we will stop sending you marketing communications. Please note that even if you opt out of marketing, we may still send you essential service communications (as described in 3.3) such as billing notices or security alerts.
- In-App or Push Notifications: If our progressive web app (PWA) or any mobile app version sends you push notifications or in-app notifications (for example, alerts that a content generation is complete or reminders), you can typically control these through your device or browser settings. You have the choice to enable or disable such notifications. We will honor your setting preferences.
- Cookies and Online Tracking: We discussed cookies in Section 2.4. You have controls via your browser to manage cookies – you can refuse new cookies, delete existing cookies, or be notified when cookies are set. If you disable cookies, note that some features of the Service (especially authentication-related) might not function properly. For analytics tracking (like Google Analytics), you can also use the provided opt-outs as mentioned. For advertising trackers like the Facebook Pixel, you can use browser extensions or ad-blockers to block them, and/or adjust your preferences on Facebook to limit targeted ads. We respect any legally required “Do Not Sell/Share” signals (for California users who use the Global Privacy Control, for instance) and treat them as opt-outs of sale/sharing.
- Third-Party Opt-Outs: If you have linked Penguin Pilot with third-party accounts (e.g. Facebook), you can manage data sharing via those accounts as well. For example, you can revoke Penguin Pilot’s access to your Facebook data through your Facebook account settings. We honor such revocations and will no longer have access to data from that account once disconnected.

7.9 Non-Discrimination: We will not discriminate against you for exercising any of these privacy rights. That means we won’t deny you the Service, charge you different prices, or provide a different level of quality just because you exercised a right under a privacy law. The Service we offer to you remains the same, except to the extent that fulfilling your request inherently changes the availability of certain data. (For example, if you ask us to delete all your data, we can’t continue to provide the Service because it relies on your data – that consequence is a natural result of the choice, not a punitive action from us.)

7.10 Complaints: We take your privacy rights seriously. If you believe we have not fulfilled your request or have handled your personal information in violation of this Privacy Policy or applicable law, you have the right to complain. We encourage you to contact us first so we can attempt to resolve the issue directly. We will investigate and respond to any complaints. If you are not satisfied with our response, or you reside in a region where you can complain directly to an authority, you can lodge a complaint with the relevant data protection regulator. For example: in New Zealand, that is the Office of the Privacy Commissioner; in the EU, it could be your country’s Data Protection Authority; in the UK, the Information Commissioner’s Office (ICO); in Canada, the Office of the Privacy Commissioner of Canada; in California, the CA Privacy Protection Agency, etc. We will cooperate fully with official inquiries from such authorities.

7.11 Requests on Others’ Behalf / Agent Requests: If you are using Penguin Pilot as an end-client of one of our direct customers (for instance, your marketing agency uses Penguin Pilot and input some of your data into it), generally that customer is the data controller responsible for your data. In such scenarios, if you come to us directly with a request (say, you found out a marketing agency put your personal info into our platform and you want it deleted), we may need to coordinate with our customer (the agency) because they control that data in their account. We will facilitate and support your rights in line with our role as a processor. Practically, this means we might ask you to contact the agency to ensure they are aware and approve deletion (since deleting it might impact their service), or we might reach out to them ourselves while handling your request. We pledge to do what we can to assist. Similarly, if you want to exercise rights via an authorized agent (like you hired a firm to make requests for you, as allowed under some laws), we will need proof that the agent has authority to act on your behalf and we may also require you to verify your identity with us directly. This is to prevent fraud.

7.12 Additional Rights for Specific Regions: If you are a resident of certain U.S. states (like California, Virginia, Colorado, Utah, or Connecticut), additional rights and definitions may apply to you. We provide a separate disclosure in Section 8 addressing those. Generally, the rights overlap with what we’ve described (access, deletion, correction, etc.), with some additions like the right to opt out of sale/sharing or profiling. We comply with those laws and any request you make will be handled in accordance with the highest applicable standard. Please see Section 8 for more on U.S. state privacy rights.

8. U.S. State Privacy Law Disclosures

This section provides additional information for residents of certain U.S. states that have comprehensive privacy laws, including but not limited to: California (California Consumer Privacy Act as amended by the CPRA), Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Utah (Utah Consumer Privacy Act), and Connecticut (Connecticut Data Privacy Act). If you are a resident of one of these states, the following disclosures and rights apply in addition to the rest of this Privacy Policy. We intend to comply with each of these state laws and give individuals consistent control over their data.

8.1 Categories of Personal Information Collected: Under these state laws, we need to disclose the categories of personal information we collect, the sources, purposes, and whether we share or sell it. The categories of personal information we collect (which have been described in Section 2 above in detail) typically include: identifiers (name, email, etc.), commercial information (transaction history), internet or electronic activity (usage data, IP, device info), professional information (job title, business), and potentially sensitive information if you provide it (though we don’t seek to collect sensitive data). We collect these from you directly, from your use of the Service, and from authorized third parties (integrations). The purposes are as described in Section 3 (to provide and improve our Service, etc.). We do not sell personal data, and we only “share” it for the purpose of serving you our own ads as described (which we address below). Please refer back to earlier sections for a fuller picture.

8.2 Your Rights under State Laws: Depending on your state of residence, you may have some or all of the following rights, which largely overlap with the rights described in Section 7:
- Right to Know/Access: The right to know the specific pieces of personal information we have collected about you, and to obtain a free copy (similar to the right of access). Also, the right to know about the categories of personal information collected, the categories of sources, the business or commercial purposes for collection, the categories of third parties to whom we disclose it, and the specific pieces of information collected (this information is provided in this Privacy Policy and via request).
- Right to Correct: The right to request correction of inaccurate personal information we maintain about you.
- Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sale or Sharing: The right to opt out of the “sale” of personal information or the “sharing” of personal information for cross-context behavioral advertising. Explanation: We do not sell personal data for money. We do not share personal data for third parties’ behavioral advertising either. However, if we use tools like cookies for our own advertising (as described, e.g., Facebook Pixel), California law might define that as “sharing” (disclosure for cross-context ads). We treat such usage as something you can opt out of (and we have provided opt-out methods in Section 2.4 and 7.8). By default, we don’t share data in a way that is considered a sale or cross-context share under these laws.
- Right to Limit Use of Sensitive Information (CA): If we collect “sensitive personal information” (as defined by law) about you, California allows you to limit its use to only what’s necessary. We do not use or disclose sensitive info except for providing our services (or as otherwise permitted by law), so this right is not specifically applicable because we already limit such data usage.
- Right to Opt-Out of Targeted Advertising (VA, CO, CT): Similar to the above, these states give you the right to opt out of processing of personal data for targeted advertising. We provide that opt-out to all users (see Section 2.4 on how to opt out of targeted ads).
- Right to Opt-Out of Profiling (automated decisions) (CO, CT): The right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such profiling. Our AI outputs do not make decisions about you; they assist with content generation. So there is no decision-making profiling to opt out of in our context.

8.3 Submitting Requests (for U.S. residents): To exercise your rights to know, access, correct, or delete under these state laws, you (or an authorized agent) can submit a request to us by using the contact information in Section 11. Please indicate that you are a [State] resident making a privacy rights request (e.g., “I am a California resident and would like to request…”). We will need to verify your identity to a reasonable degree of certainty, which may involve matching information you provide with our records or asking you for additional info. For an access request, we may require a higher level of verification (especially if asking for specific pieces of data) to ensure we protect your privacy. If you use an agent, we may ask for proof of their authority and also verify your identity directly. We will respond within the timeframe required by law (generally, 45 days, with a possibility of an extension). If we need an extension or cannot comply, we will inform you and explain why. We will deliver the requested information free of charge, up to the allowed limits.

8.4 No Discrimination (CCPA): We will not discriminate against you for exercising any of your rights (as already stated in 7.9). That means, unless permitted by law, we will not deny you service, charge different prices, or provide a different quality of service because you exercised your privacy rights.

8.5 Notice of Collection and Use: In the preceding 12 months, we have collected the categories of personal information from individuals as described in Section 2. We collect these categories from the sources and for the purposes described in Sections 2 and 3. We disclose these categories of personal information to service providers and other processors as described in Section 4 (service providers, etc.). We do not sell personal information. We do not share personal information except for the limited advertising-related scenario described (and even that can be opted out of and is only used for our own marketing).

8.6 Shine the Light (California): Separate from CCPA, California’s “Shine the Light” law allows users to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without consent. Therefore, we believe we have no disclosures to report under that law. If you have questions, you can contact us.

8.7 Employment/Applying: (Note: If any California residents interact with us in an employment context or as business contacts, those categories of data would be covered under separate notices outside this Privacy Policy. This Policy is focused on users of Penguin Pilot in a consumer/user context.)

In summary, we strive to uphold the privacy rights of all our users, and these state-specific disclosures are intended to ensure compliance and transparency. If you have any questions or would like to know more about how we handle data in relation to a specific law, please contact us.

9. Data Security

We take the security of your personal information very seriously. We implement a variety of technical and organizational measures to safeguard data against unauthorized access, alteration, loss, or disclosure. While no service can guarantee absolute security, we follow industry best practices to protect your data. Here’s an overview of our security framework:

9.1 Infrastructure Security:
- Our servers are hosted in secure facilities (as noted, AWS and similar providers) with 24/7 monitoring, biometric access controls, and other advanced physical security.
- We isolate our production environment and limit network access via firewalls and VPNs. Only required network ports are open, minimizing exposure.

9.2 Encryption:
- In Transit: All communications between your device and our servers are encrypted using TLS/SSL (HTTPS). This means that data you send to us (or we send to you) is encrypted while traveling over the internet, protecting it from eavesdropping. For example, when you log in or upload content, that traffic is encrypted.
- At Rest: We encrypt sensitive personal data at rest in our databases and storage. For instance, passwords are stored using secure one-way hashing (we never store passwords in plain text). Any sensitive fields (like access tokens or secrets) are encrypted in the database. Our backup files are also encrypted. This ensures that even if someone were to get the raw database files, they could not read sensitive information without the encryption keys (which are stored separately).

9.3 Access Controls:
- Internal Access Limitation: Only a limited number of authorized personnel at Utogi Ltd have access to personal data, and then only on a “need-to-know” basis. For example, a customer support agent may have access to your account profile to assist you, but not to the contents of your marketing data unless needed for troubleshooting with your permission. Developers might have access to systems that contain data, but they use test accounts for most work and would only access live data to resolve specific issues.
- Authentication: All our internal systems that handle personal data require strong authentication for access. We enforce measures like two-factor authentication (2FA) for administrator accounts and access to servers. Password policies and identity management are in place to prevent unauthorized internal access.
- Principle of Least Privilege: Each staff member or service is given the minimum access rights required to perform their job. For example, our billing team can see billing info but not your content; our engineers can deploy code but can’t arbitrarily read user data without going through approvals.
- Third-Party Access: Where we use contractors or service providers that might have access to systems or data, they are subject to stringent contractual obligations (including NDAs and security requirements). We audit their activities and ensure they, too, follow least privilege principles.

9.4 Network and Application Security:
- We keep our software and infrastructure updated with the latest security patches. Our servers and devices run updated operating systems and we promptly apply security updates for any known vulnerabilities in the software stack.
- We employ network security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and continuous monitoring for unusual activities. Suspicious access patterns trigger alerts for our security team.
- Our application undergoes routine security testing. This includes automated vulnerability scans and periodic penetration testing by reputable third-party security experts. They test for things like SQL injection, XSS, CSRF, and other web vulnerabilities. We promptly fix any issues identified.
- We follow secure coding practices. Our engineering team is trained on common security pitfalls and how to avoid them. Code changes are reviewed by peers, which helps catch security issues early.
- We also utilize cloud security features (for example, AWS’s security groups, encryption services, and logging) to enhance protection.

9.5 Operational Security Measures:
- Employee Training & Policies: All team members at Utogi Ltd are trained on privacy and security protocols. We conduct training at onboarding and periodically thereafter to keep security awareness high (covering topics like phishing, safe data handling, incident response, etc.). Every team member is required to adhere to our internal security policy, and violating it can result in disciplinary action.
- Confidentiality Obligations: Each employee and contractor must sign a confidentiality agreement, committing them to protect user data. We also ensure any service providers with potential access commit to confidentiality and data protection via contract.
- Vendor Risk Management: We assess the security posture of our critical service providers (like hosting, payment, analytics). We review their security certifications (e.g. ISO 27001, SOC 2 reports) and ensure they meet our standards. We avoid using providers who don’t take security seriously.
- Backups and Recovery: We maintain regular backups as mentioned, and those backups are stored securely (with encryption and restricted access). We also have a disaster recovery plan in place. This means we have procedures to quickly restore functionality in case of a major outage or data loss event. We periodically test our backups and recovery process to ensure we can actually restore data if needed.
- Logging and Monitoring: We log administrative access and important actions on our systems. Logs are kept securely and monitored so we can detect anomalies. If someone tries to access data they shouldn’t, chances are it will be logged and flagged.

9.6 User Responsibilities: Despite our best efforts, no security measures are perfect. We also advise you to take steps to secure your own data and account:
- Account Credentials: Keep your Penguin Pilot username and password confidential. Do not share your password with others. Use a strong, unique password for this Service (and ideally, use a reputable password manager to generate and store passwords). If you suspect any unauthorized access to your account, change your password immediately and notify us.
- Two-Factor Authentication: If we offer two-factor authentication (2FA) or multi-factor authentication for your account, we strongly encourage you to enable it. This adds an extra layer of security by requiring a code from your device in addition to your password.
- Phishing and Scams: Be cautious of emails or messages asking for your account information. We will never ask you for your password via email, nor ask you to download unsolicited attachments or software. If you receive communication that appears to be from us but seems suspicious, contact us directly to verify. Always log in to Penguin Pilot through our official website or app, not through a link sent to you (unless you’re certain it’s legitimate, like a password reset you requested).
- Device Security: Use antivirus software and keep your devices updated with the latest security patches to reduce the risk of malware that could steal your data. Lock your devices when not in use, especially if logged into Penguin Pilot. If you use a public computer, ensure you log out of the Service completely when finished.
- Sensitive Data: As mentioned, try to avoid uploading sensitive personal information to the Service unless absolutely necessary. While we protect all data, minimizing sensitive data reduces risk. For example, if you’re creating marketing content, you likely don’t need to include someone’s passport number or other highly sensitive info — so it’s best to exclude that.

9.7 Data Breach Response: We have a documented Incident Response Plan for handling security incidents. In the unlikely event of a data breach (where personal information is accessed by unauthorized parties), we will act promptly:
- We will immediately work to contain the breach (stop the intrusion, secure our systems, prevent further unauthorized access).
- We will investigate the scope and nature of the incident — what happened, what data was affected, which individuals might be impacted. We’ll fix the root cause to prevent a recurrence (e.g., patching a vulnerability).
- If the breach is likely to result in significant harm or risk to you, we will notify you and any relevant authorities in accordance with applicable laws. For example, under GDPR, if a breach is serious we notify the supervisory authority within 72 hours and affected individuals without undue delay. Under New Zealand law, we notify the Privacy Commissioner and affected individuals if the breach causes serious harm. Our notification will include details of what happened, the data involved, and steps we are taking. We’ll also provide guidance on what you can do to protect yourself (such as changing passwords if credentials were leaked, etc.).
- We will assist any users who have questions or need help in the aftermath of a breach.
- Post-incident, we will further harden our systems and update our policies to address any lessons learned. We view every incident as an opportunity to improve.

9.8 No Absolute Guarantee: While we are committed to the above measures and more, it’s important to understand that no method of transmission over the internet, and no method of electronic storage, is 100% secure. We cannot guarantee absolute security of your data. There is always some residual risk in any data handling. However, we continually update and refine our security practices to mitigate risks as much as possible. If you have reason to believe that your data has been compromised or have any security-related concerns, please contact us immediately (see Section 11). We appreciate feedback from users – if you discover a vulnerability or security issue, let us know and we will take it seriously.

10. Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our business, changes in technology, legal requirements, or for other legitimate reasons. We encourage you to review this Policy periodically to stay informed about how we protect your information.

10.1 Notification of Changes: If we make material changes to this Policy (meaning changes that significantly affect how your personal data is handled), we will notify users in an appropriate manner. We may do this by:
- Posting a prominent notice on our website or within the app (for example, a banner or pop-up notification) outlining that the Privacy Policy has been updated and possibly summarizing the changes.
- For significant changes, we might also send an email to the address associated with your account, or an in-app message, to directly inform you.

The notification will direct you to the updated Policy. We will also update the “Last Updated” date at the top of the Policy to indicate the date of the latest revision.

10.2 Your Acceptance of Changes: By continuing to use the Service after a new version of the Privacy Policy takes effect, you will be deemed to have accepted the updated terms, to the extent allowed by law. If the law requires explicit consent for a change (for example, if we were to start collecting a new type of sensitive data and needed your consent), we will obtain that consent. However, generally, your continued use after the effective date of the changes constitutes your acceptance of the changes. If you do not agree to any updated terms, you should stop using the Service and may request that your account and data be deleted (as per Section 7).

10.3 Version History: For transparency, we keep prior versions of this Privacy Policy. If you wish to see an older version to understand how terms have changed, you can contact us and we’ll provide a copy if available. We may also maintain an archive on our website of previous versions (especially when required by law).

10.4 Material Changes Examples: Just as an example, a “material” change might include: changing how we use personal data in a way that users wouldn’t expect, launching a new feature that collects additional personal info not covered by the old policy, or changing how third parties are involved. Minor edits, like clarifications or typographical corrections, while important, may not be flagged as prominently. Rest assured, we will always handle your information in accordance with the prevailing Privacy Policy at the time.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, please contact us. We are here to help and strive to respond promptly to all legitimate inquiries.

Contact Information for Privacy Inquiries:

Utogi Ltd (Penguin Pilot) – Privacy Officer/Team
Email: legal@penguinpilot.ai

When contacting us about your personal data, please include any relevant details that will help us assist you. For example, if you are requesting access to data, specifying your account email and the nature of your request helps. If you are not the account holder but, say, a client of one of our users, please mention the context so we can process appropriately.

We may need to verify your identity for certain requests (for your protection). This might involve asking you to contact us from the email associated with your account or other verification steps as described in Section 7.

Language: You can contact us in English (or any other major language you are comfortable with – we will do our best to accommodate or translate if needed).

We appreciate your trust in Penguin Pilot. Protecting your privacy and data is of paramount importance to us. If you have any feedback or suggestions regarding privacy, we would love to hear them. Thank you for reading our Privacy Policy and for using Penguin Pilot!