Platform
Explore
CapabilitiesPricingDownload
LoginCreate your space

Legal

Acceptable Use Policy (AUP)AcknowledgementsAI Security & Privacy OverviewAudit Logging OverviewBusiness Associate Agreement (BAA)CCPA / LGPD / Privacy Frameworks StatementCookies PolicyData Backup Retention & Recovery PolicyData Deletion & Retention PolicyData Processing Addendum (DPA)EU-U.S. Data Privacy Framework StatementFSL LicenseGDPR Compliance StatementHIPAA ReadinessIncident Response & Breach Notification PolicyLegal HoldsPen-testing & Vulnerability ManagementPivot Platform LicensePrivacy PolicySIEM & DLP IntegrationsSub-processor ListTerms and Conditions of SaleTerms of ServiceUptime & TransparencyVulnerability Disclosure Policy
Back to legal

Nov 13, 2025

EU-U.S. Data Privacy Framework Statement

EU-U.S. Data Privacy Framework Statement

Table of Contents

1. Status of Participation2. Scope of Data and Role3. Application of the DPF Principles4. Relationship to Other Transfer Mechanisms5. Questions, Complaints, and Contact Details6. Changes to This Statement

This page explains how Pivot Technologies Holdings Inc. ("Pivot", "we", "us") approaches the EU-U.S. Data Privacy Framework and related transfer mechanisms. It is for informational purposes only and should be read together with our Privacy Policy, Data Processing Addendum (DPA), and GDPR Compliance Statement.

1. Status of Participation

Pivot is committed to using appropriate transfer mechanisms for personal data sent from the European Economic Area (EEA), the United Kingdom, and Switzerland to the United States.

  • Current status (before self-certification). At present, Pivot relies primarily on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and similar instruments for international transfers, as described in our DPA.

  • Planned participation in the DPF. Pivot intends to self-certify to the EU-U.S. Data Privacy Framework, as well as the UK Extension and Swiss-U.S. Framework, with the U.S. Department of Commerce. Once certified, Pivot will commit to the DPF Principles for all covered transfers of personal data from the EU, UK, and Switzerland. When our certification is complete, we will update this page with:

  • Our official listing name on the Data Privacy Framework List, and

  • Direct instructions on how to verify our status on https://www.dataprivacyframework.gov. Until then, this statement describes how our existing practices align with the DPF Principles.

2. Scope of Data and Role

Where our customers act as controllers and Pivot acts as a processor, the DPF will apply to Customer Personal Data transferred from the EU, UK, or Switzerland to the United States in connection with the Pivot Services, as described in Annex I of our DPA.

This may include:

  • Account and profile information
  • Workspace and organization metadata
  • Content created in spaces, rooms, posts, or files
  • Usage and analytics data
  • Support communications and technical logs The exact categories depend on how each customer uses Pivot.

3. Application of the DPF Principles

Once Pivot is self-certified, we will handle covered personal data in line with the DPF Principles:

  1. Notice We provide individuals and customers with clear information about the categories of personal data we process, the purposes of processing, the types of third parties with whom we share data, and how to contact us. These details are set out in our Privacy Policy, DPA, and this Statement.
  2. Choice Where the DPF requires it, Pivot will offer individuals a choice regarding the use and disclosure of their personal data, including for certain types of onward transfers or direct marketing. In most cases, Pivot acts as a processor and will follow the controller’s instructions regarding choice mechanisms.
  3. Accountability for Onward Transfer Pivot may share personal data with third-party sub-processors that support the Services. We enter into written agreements with each sub-processor that require DPF-consistent protection and limit processing to specified purposes. Our current list of sub-processors is available HERE.
  4. Security Pivot maintains appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures are described in Annex II of the DPA and in our Security Overview.
  5. Data Integrity and Purpose Limitation We limit personal data to what is relevant for the purposes for which it is processed and take reasonable steps to ensure that data is reliable, accurate, complete, and current. We retain data only for as long as necessary to provide the Services or as required by law, in line with our Data Deletion and Retention Policy.
  6. Access When Pivot acts as a processor, we help our customers respond to data subject requests to access, correct, or delete personal data. Where the DPF requires Pivot to respond directly, individuals may contact us using the details below.
  7. Recourse, Enforcement, and Liability Pivot will maintain mechanisms for investigating and resolving complaints about DPF compliance and will cooperate with the relevant authorities as required. We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Once certified, we will identify:
  • An independent dispute resolution mechanism available at no cost to individuals, and
  • The process for binding arbitration for residual claims, where applicable under the DPF.
  1. We remain responsible under the DPF if a sub-processor processes personal data in a manner inconsistent with the DPF, unless we prove that we are not responsible for the event giving rise to the damage.

4. Relationship to Other Transfer Mechanisms

Even after Pivot self-certifies under the DPF, we expect to continue using Standard Contractual Clauses and the UK Addendum where appropriate, for example if a customer prefers to rely on those instruments or for transfers not covered by the DPF.

In the event of any conflict between:

  • This Statement and the DPF Principles, the DPF Principles will govern for covered transfers.
  • This Statement and our DPA, the DPA will govern the relationship between Pivot and the customer, except to the extent otherwise required by the DPF.

5. Questions, Complaints, and Contact Details

If you have questions about this Statement or our data protection practices, or if you wish to raise a privacy concern, please contact:

  • Privacy and data protection: [email protected]
  • Legal and compliance: [email protected]
  • Mail: Pivot Technologies Holdings Inc., 2219 Main St Unit #371, Santa Monica, CA 90405, United States Once Pivot’s DPF certification is active, this page will include additional details about our independent dispute resolution mechanism and how to contact EU, UK, or Swiss supervisory authorities regarding unresolved complaints.

6. Changes to This Statement

We may update this Statement to reflect changes in law, regulatory guidance, or our Services. When we make material changes, we will update the "Last updated" date above and may notify customers through the Services or by email. Continued use of the Services after such updates constitutes acknowledgment of the revised Statement.