Platform
Explore
CapabilitiesPricingDownload
LoginCreate your space

Legal

Acceptable Use Policy (AUP)AcknowledgementsAI Security & Privacy OverviewAudit Logging OverviewBusiness Associate Agreement (BAA)CCPA / LGPD / Privacy Frameworks StatementCookies PolicyData Backup Retention & Recovery PolicyData Deletion & Retention PolicyData Processing Addendum (DPA)EU-U.S. Data Privacy Framework StatementFSL LicenseGDPR Compliance StatementHIPAA ReadinessIncident Response & Breach Notification PolicyLegal HoldsPen-testing & Vulnerability ManagementPivot Platform LicensePrivacy PolicySIEM & DLP IntegrationsSub-processor ListTerms and Conditions of SaleTerms of ServiceUptime & TransparencyVulnerability Disclosure Policy
Back to legal

Oct 20, 2025

CCPA / LGPD / Privacy Frameworks Statement

CCPA / LGPD / Privacy Frameworks Statement

Table of Contents

Our CommitmentCalifornia Consumer Privacy Act (CCPA)Brazil’s Lei Geral de Proteção de Dados (LGPD)Other FrameworksExercising Rights

This page explains Pivot’s approach to major privacy frameworks beyond the GDPR, including the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, LGPD), and other regional or industry frameworks. It is for informational purposes only and does not create contractual obligations beyond those in our Data Processing Addendum (DPA), Terms of Service, or other agreements.

Our Commitment

Pivot is committed to global privacy compliance. We design our Services and practices to meet the requirements of leading privacy frameworks, including CCPA, LGPD, and the EU‑U.S. Data Privacy Framework (DPF), and to give customers transparency and control over their data.

California Consumer Privacy Act (CCPA)

Under the CCPA (as amended by CPRA), California residents have the following rights:

  • Right to know what personal information is collected, used, or disclosed.

  • Right to delete personal information, subject to exceptions.

  • Right to opt out of the sale or sharing of personal information.

  • Right to non‑discrimination for exercising these rights. Pivot’s approach:

  • Pivot does not sell personal information.

  • Pivot honors requests to access, delete, or opt out of processing personal information as required by CCPA.

  • Requests can be submitted to [email protected].

Brazil’s Lei Geral de Proteção de Dados (LGPD)

Under the LGPD, Brazilian data subjects have rights similar to those in the GDPR, including:

  • Confirmation of the existence of processing.

  • Access to personal data.

  • Correction of incomplete, inaccurate, or outdated data.

  • Anonymization, blocking, or deletion of unnecessary or excessive data.

  • Data portability.

  • Revocation of consent. Pivot’s approach:

  • Pivot processes data in Brazil under lawful bases including consent, contractual necessity, and legal obligations.

  • Data subject requests can be directed to [email protected].

  • Pivot applies technical and organizational measures consistent with LGPD requirements.

Other Frameworks

Pivot monitors and aligns with other major frameworks, including:

  • EU‑U.S. Data Privacy Framework (DPF): Pivot intends to self‑certify under the DPF to facilitate lawful transfers of personal data from the EU/UK/Switzerland to the United States.
  • Industry‑specific obligations: Pivot evaluates applicable frameworks in education, healthcare, and financial services where customers operate.
  • Local laws: Pivot adapts retention, deletion, and data rights processes to meet regional requirements.

Exercising Rights

Individuals wishing to exercise their rights under CCPA, LGPD, or other frameworks may:

  1. Submit a request by email to [email protected].
  2. Provide sufficient detail to verify identity and the nature of the request. Pivot will respond without undue delay and within timelines required by law (e.g., 45 days under CCPA; 15 days under LGPD).