Platform
Explore
CapabilitiesPricingDownload
LoginCreate your space

Legal

Acceptable Use Policy (AUP)AcknowledgementsAI Security & Privacy OverviewAudit Logging OverviewBusiness Associate Agreement (BAA)CCPA / LGPD / Privacy Frameworks StatementCookies PolicyData Deletion & Retention PolicyData Processing Addendum (DPA)EU-U.S. Data Privacy Framework StatementFSL LicenseGDPR Compliance StatementHIPAA ReadinessLegal HoldsPen-testing & Vulnerability ManagementPivot Platform LicensePrivacy PolicySIEM & DLP IntegrationsSub-processor ListTerms and Conditions of SaleTerms of ServiceUptime & TransparencyVulnerability Disclosure Policy
Back to legal

Nov 13, 2025

AI Security & Privacy Overview

AI Security & Privacy Overview

Table of Contents

Model Providers & Data HandlingAdmin ControlsHigh-Risk / Regulated DataSecurity & Privacy BaselineOngoing Review

AI in Pivot accelerates work without compromising privacy. This page explains how AI features handle customer data and the controls available to admins.

Model Providers & Data Handling

  • Minimum necessary context. AI calls send only the prompt/context required to fulfill the request.
  • No training on your data. At Pivot, we never train models on customer data. Third-party model providers are contractually restricted from training on, or retaining, your prompts/responses.
  • Tenant isolation. Requests are processed in a way that does not mix one customer’s data with another’s. Users can only use AI on data they have access to.

Admin Controls

  • Enable/disable AI features org-wide.
  • Export and review AI-related events via Audit Logs.

High-Risk / Regulated Data

  • Using AI with PHI or similar regulated data requires HIPAA-eligible deployment and a signed BAA.
  • Customers are responsible for data classification and for configuring least-privilege access, SSO/MFA, and retention per policy.

Security & Privacy Baseline

Pivot applies the same TOMs described in the DPA to AI flows: encryption in transit and at rest, access controls, logging, and vendor due-diligence.

Ongoing Review

New/updated model providers undergo security, privacy, and data-processing reviews. If a provider changes terms that affect data handling, we will update this page and our sub-processor list