Pillar

Privacy Policy

Forgewell, LLC d/b/a Pillar (“Pillar,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using getpillar.com (the “Site”) and our apps, features, and services (collectively, the “Service”), you agree to this Privacy Policy and our Terms of Use.

Quick summary: We collect only what we need to run Pillar (accounts, flows, uploaded files, and activity), we don't sell your data, and we don't run targeted ads.

Controller: Forgewell, LLC, 56 Broad Street, Suite 14266, Boston, Massachusetts 02109 USA

Privacy Contact: privacy@getpillar.com

Last Updated: December 7, 2025

I. Information We Collect

We collect Personal Information (identifies or can identify you) and Non-Personal Information (does not identify you on its own).

1) Information you provide

  • Account & profile: email, password (hashed), display name, and optional profile details.
  • Flows and content: prompts, flow configurations, and files you upload for analysis.
  • Email submissions: emails sent to flow-specific addresses, including sender address and attachments.
  • Support & feedback: messages and attachments you send to us.

2) Information collected automatically

When you use the Service, we and our service providers collect:

  • Usage & device data: pages viewed, features used, session duration, links clicked, approximate location (derived from IP), device type/OS, browser, app version, timestamps, referring/exit pages.
  • Log & diagnostic data: error reports and crash data to help us troubleshoot problems.
  • Cookies/local storage: to keep you signed in and remember preferences; analytics cookies to understand how the Service is used.

We use both session and persistent cookies/local storage. For example, we store a persistent value to keep you signed in between visits. You can control cookies in your browser, but some features may not work without them.

II. How We Use Information

We use information to:

  • Provide and maintain the Service (accounts, authentication, flows, analysis reports)
  • Process email submissions and deliver analysis results
  • Communicate with you (service emails, feature updates, security alerts)
  • Analyze and improve performance and usability
  • Comply with law and enforce our Terms

Legal bases (EEA/UK): performance of a contract (providing the Service), legitimate interests (service improvement, security), consent (where required, e.g., certain cookies).

We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising.

III. How We Share Information

We share Personal Information only with:

  • Service providers (processors):
    • Supabase (authentication, database, storage)
    • OpenAI (AI-powered analysis features)
    • Postmark (email delivery and receiving)
    • Vercel (site and API hosting)
    • Stripe (payment processing, if applicable)
  • Legal and safety: if required by law, to protect users, our rights, or the security of the Service, or to prevent fraud/abuse.
  • Business transfers: if we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to this Policy.

We require service providers to use your information only to provide services to us and to protect it per this Policy.

IV. AI-Powered Features

Pillar uses generative artificial intelligence (“AI”) to analyze documents and generate reports based on your prompts. When you use these features, we process the inputs you provide (such as documents, emails, and prompts), the outputs generated, and limited technical data (timestamps, feature name) to operate the feature, improve quality and safety, and prevent abuse.

  • Providers & role: We use vetted AI service providers acting as our processors to run these features. They may temporarily process your inputs/outputs only to provide the service to us and must protect them under our instructions.
  • Training: We do not allow our AI providers to use your inputs or outputs to train their public models. We also do not use your content to train models for anyone else's benefit.
  • Automated decisions: AI outputs are assistance for analysis; we do not make decisions with legal or similarly significant effects solely by automated means.
  • Retention: We retain AI inputs/outputs only as needed to provide the feature, ensure safety, comply with law, and maintain audit logs. If you request deletion of related content, we will delete or de-identify associated AI records unless we must retain them for legal/security reasons.

V. Your Choices & Rights

  • Email preferences: You can unsubscribe from marketing emails via the link in the email. We may still send transactional messages (e.g., password resets, service notices).
  • Access, correction, deletion: You can delete your account and all associated data at any time through your account settings or by contacting us.
  • EEA/UK/California: You may have additional rights (data portability, restriction, objection; CPRA access/deletion/opt-out). We do not “sell” Personal Information and do not “share” it for cross-context behavioral advertising under California law.

California Notice at Collection (summary): We collect identifiers (e.g., email), internet/activity data (usage, device, IP), and user content for the purposes described above. Retention is as described below. We do not sell or share for cross-context behavioral advertising.

VI. Data Retention

We retain Personal Information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When you request deletion, we delete or de-identify data within a reasonable period, except where retention is required by law or legitimate business needs (e.g., security logs, payment records).

VII. Security

We use reasonable administrative, technical, and organizational measures to protect information, including encryption in transit (TLS), access controls, and secure hosting. No method of transmission or storage is 100% secure; you are responsible for safeguarding your password and account credentials.

VIII. International Transfers

We are based in the United States, and your data may be processed in the U.S. and other countries where our service providers operate. Where required, we use appropriate safeguards for cross-border transfers (e.g., Standard Contractual Clauses).

IX. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in and remember preferences
  • Measure usage to improve features
  • Diagnose and fix errors

Manage cookies in your browser settings. Essential cookies are required for the Service to function.

X. Third-Party Links

The Service may link to third-party sites or apps. Their privacy practices are governed by their own policies. We are not responsible for those sites.

XI. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will notify you (e.g., by email or a prominent notice on the Site) at least 30 days before they take effect. The “Last Updated” date will reflect the latest version.

XII. Contact Us

Questions or requests about privacy: privacy@getpillar.com

Mail: Forgewell, LLC — Attn: Privacy, 56 Broad Street, Suite 14266, Boston, Massachusetts 02109 USA