Platform
Explore
CapabilitiesPricingDownload
LoginCreate your space

Legal

AcknowledgementsFSL LicenseCookies PolicyPivot Platform LicensePrivacy PolicyTerms and Conditions of SaleTerms of Service
Back to legal

Oct 20, 2025

GDPR Compliance Statement

GDPR Compliance Statement

Table of Contents

Our CommitmentLegal Bases for ProcessingData Subject RightsInternational Data TransfersSecurity MeasuresData Deletion & RetentionQuestions or Requests

This page explains Pivot’s commitment to the General Data Protection Regulation (GDPR) (EU 2016/679) and related data protection laws. It is for informational purposes only and does not create contractual obligations beyond those in our Data Processing Addendum (DPA), Terms of Service, or other agreements.

Our Commitment

Pivot is committed to protecting the privacy and security of personal data. We process Customer Personal Data in accordance with the GDPR, the UK GDPR, the Swiss Federal Act on Data Protection (FADP), and other applicable privacy laws.

Pivot processes Customer Personal Data only where a legal basis applies under the GDPR, including:

  • Performance of a contract: To provide and operate the Services.
  • Consent: Where customers give consent (e.g., marketing communications).
  • Legitimate interests: To improve and secure the Services, provided such interests are not overridden by individual rights.
  • Legal obligation: To comply with applicable law.

Data Subject Rights

Under the GDPR, individuals have the following rights with respect to their personal data:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

Pivot provides tools and support to help Customers respond to Data Subject requests. When Pivot receives a request directly from a Data Subject, we forward it to the relevant Customer (the Controller) unless otherwise required by law.

International Data Transfers

  • Standard Contractual Clauses (SCCs): For transfers from the EEA and Switzerland, Pivot relies on the EU SCCs (2021/914/EU).
  • UK Addendum: For transfers from the UK, Pivot uses the UK International Data Transfer Addendum.
  • Supplementary measures: Pivot applies encryption, access controls, and regional hosting options to support lawful transfers.
  • Sub‑processors: All Sub‑processors are subject to DPAs with Pivot and must implement equivalent protections.

Security Measures

Pivot maintains technical and organizational measures (TOMs) designed to protect Customer Personal Data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES‑256 or equivalent).
  • Role‑based access controls and multi‑factor authentication.
  • Logging and monitoring of access and security‑relevant events.
  • Secure development practices and regular vulnerability testing.
  • Disaster recovery and incident response processes.

Details are described in Annex II of the Data Processing Addendum and our Security Overview.

Data Deletion & Retention

Pivot retains Customer Personal Data for as long as necessary to provide the Services or as required by law. Upon account termination, Customers may request deletion of their data in accordance with the Data Deletion & Retention Policy.

Questions or Requests

If you have questions about Pivot’s GDPR compliance or want to exercise your data protection rights, please contact:

  • Email: [email protected] (for Data Subject requests) or [email protected] (for legal/privacy inquiries)
  • Mail: Pivot Technologies Holdings Inc., 2219 Main St Unit #371, Santa Monica, CA 90405, United States