LanderPilotLanderPilot
  • Features
  • Pricing
LanderPilotLanderPilot

Launch your own site in 10 minutes. Just one Cloudflare, one AI, one domain.

Product
  • Features
  • Pricing
  • FAQ
Company
  • About
  • Contact
Legal
  • Cookie Policy
  • Privacy Policy
  • Terms of Service
© 2026 LanderPilot. All Rights Reserved.

Privacy Policy

How LanderPilot handles account, integration, deployment, and Google API data

2026/06/06

Last updated: June 6, 2026

Introduction

LanderPilot helps users create, deploy, and manage websites through a local or desktop AI agent, a LanderPilot account, and user-authorized integrations such as Cloudflare and Google.

This Privacy Policy explains what information we collect, what we do not collect, how we use information, and how users can control connected integrations.

Information We Collect

We collect only the information needed to operate LanderPilot, secure accounts, process payments, and perform actions requested by users.

  • Account information: name, email address, avatar, login provider, email verification status, account role, and account status.
  • Authentication and security information: sessions, API keys created by the user, IP address, user agent, timestamps, and security-related logs.
  • Billing information: plan, price, payment status, subscription period, customer identifier, order/session/invoice identifiers, and credit balance or credit transaction records. Payment card or wallet details are handled by the payment provider and are not stored by LanderPilot.
  • Support and communication information: messages submitted through the contact form, support requests, and email delivery records needed to send transactional emails.
  • Newsletter information: email subscription status if you subscribe or are subscribed during registration, and unsubscribe status if you opt out.
  • Integration credentials and metadata: encrypted Cloudflare API tokens, encrypted Google OAuth tokens for SEO integrations, connected account email, scopes granted, connection status, last verification time, and minimal provider metadata required to operate the integration.
  • Site and deployment metadata: site name, local site id, domain, framework, deployment surface, Cloudflare project/resource identifiers, deployment status, production/preview URLs, resource configuration, and SEO integration state.
  • Temporary deployment artifacts: files uploaded by your local agent for deployment may be staged temporarily so LanderPilot can verify and deploy them. These artifacts are not intended to be a permanent source repository.
  • MCP tool audit logs: tool name, provider, redacted input arguments, status, error messages, duration, API key id, and timestamp. Secret values such as tokens are redacted before audit logging.

Information We Do Not Store

LanderPilot is designed so your website, domain, Cloudflare account, Google account, and analytics properties remain under your control.

We do not intentionally store:

  • Google Search Console performance reports or query data.
  • Google Analytics event-level data, visitor identities, reports, or audience data.
  • Website visitor data from the sites you deploy, unless you separately build a site feature that sends such data to infrastructure you control.
  • Google product content unrelated to the permissions you grant.
  • AI chat transcripts or prompts from your local AI client, except for the specific MCP tool arguments needed to perform an action, which are redacted in audit logs.
  • Plaintext Cloudflare or Google credentials.

Google API Data

LanderPilot uses Google in two separate ways:

  • Google sign-in lets you authenticate to LanderPilot. For sign-in, we receive the identity information needed to create or access your LanderPilot account, such as your email address and profile information made available by Google.
  • Google SEO integration is a separate authorization flow used only when you connect Google from the integrations settings page. It requests permission to help configure Search Console and GA4 for sites you manage.

For the Google SEO integration, LanderPilot may request these permissions:

  • openid and email: identify the connected Google account and show which account is connected.
  • https://www.googleapis.com/auth/siteverification: request and complete site ownership verification for user-managed domains.
  • https://www.googleapis.com/auth/webmasters: add verified domains to Google Search Console and submit sitemaps.
  • https://www.googleapis.com/auth/analytics.edit: create or configure GA4 properties and web data streams, and return a measurement ID for the user's site.

We use Google API access only to provide the SEO and analytics setup actions requested by the user. We do not store Google Search Console reports, GA4 analytics reports, GA4 event data, or Google user content. We store only the encrypted OAuth tokens and minimal integration metadata required to keep the connection working, refresh access when authorized, show connection status, and revoke the connection when requested.

LanderPilot does not sell Google user data, use Google user data for advertising, or use Google user data to train general AI or machine learning models.

LanderPilot's use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.

We transfer Google API data only as necessary to provide or secure the user-requested integration, comply with law, or as otherwise allowed by the Google API Services User Data Policy. We do not transfer Google API data to advertising platforms, data brokers, or information resellers.

You can disconnect Google from LanderPilot at any time in Settings. When you disconnect, we revoke the stored Google credential where possible and delete the stored Google OAuth tokens from LanderPilot. You can also revoke LanderPilot's access from your Google Account permissions page.

How We Use Information

We use information to:

  • Provide, operate, secure, and improve LanderPilot.
  • Create and manage user accounts, sessions, API keys, subscriptions, and credits.
  • Let your agent call LanderPilot MCP tools on your behalf.
  • Connect to third-party services you authorize, including Cloudflare and Google.
  • Create, deploy, inspect, and troubleshoot your sites.
  • Stage and verify deployment artifacts.
  • Send transactional emails, support responses, product updates, and newsletter messages when applicable.
  • Detect abuse, debug failures, enforce limits, and maintain auditability for actions performed on your behalf.
  • Comply with legal, tax, accounting, and security obligations.

How We Share Information

We do not sell personal information.

We may share information only in these limited situations:

  • Service providers that help operate LanderPilot, such as hosting, database, object storage, email delivery, payment processing, security, logging, and customer support providers.
  • Connected third-party services when you ask LanderPilot to perform an action, such as creating a Cloudflare deployment or configuring Google Search Console or GA4.
  • Legal and safety reasons when required by law, legal process, security investigations, or to protect the rights, safety, and integrity of LanderPilot, users, or third parties.
  • Business transfers if LanderPilot is involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to reasonable confidentiality protections.

For Google API data, the stricter Google API Data section above controls.

Security

We use technical and organizational safeguards appropriate for the type of information we process. Provider credentials are encrypted at rest using AES-256-GCM before they are stored. Upload grants and template download tokens are short-lived bearer tokens, and only token hashes are stored for template downloads. Audit logs redact secret-like fields.

No internet service can be guaranteed to be completely secure. You are responsible for protecting your LanderPilot account, API keys, connected provider accounts, and local development environment.

Retention

We keep information only for as long as reasonably necessary for the purposes described in this Policy.

  • Account records are kept while your account is active, unless deletion is required or permitted sooner.
  • Encrypted Cloudflare and Google credentials are kept until you disconnect the integration, delete your account, or the credential is otherwise revoked or removed.
  • Deployment artifacts are staged temporarily for deployment and verification.
  • Audit, payment, security, and accounting records may be retained for a reasonable period as required for security, fraud prevention, tax, accounting, dispute resolution, and legal compliance.

Your Choices

You can:

  • Update your profile information in account settings.
  • Delete your account if account deletion is enabled for your account.
  • Create, disable, or delete API keys.
  • Disconnect Cloudflare or Google integrations from Settings.
  • Revoke LanderPilot access directly from your Cloudflare or Google account.
  • Unsubscribe from newsletter communications.
  • Contact us to request access, correction, deletion, or export of personal information, subject to applicable law and security verification.

International Processing

LanderPilot may process information in countries or regions where we, our infrastructure providers, or service providers operate. We take reasonable steps to protect information according to this Policy and applicable law.

Children's Privacy

LanderPilot is not intended for children under the age required by applicable law to use online services without parental consent. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy on this page and update the date above.

Contact Us

If you have questions about this Privacy Policy or LanderPilot's data practices, contact us at support@landerpilot.com or through the contact page.