Platform
Explore
CapabilitiesPricingDownload
LoginCreate your space

Legal

Acceptable Use Policy (AUP)AcknowledgementsAI Security & Privacy OverviewAudit Logging OverviewBusiness Associate Agreement (BAA)CCPA / LGPD / Privacy Frameworks StatementCookies PolicyData Backup Retention & Recovery PolicyData Deletion & Retention PolicyData Processing Addendum (DPA)EU-U.S. Data Privacy Framework StatementFSL LicenseGDPR Compliance StatementHIPAA ReadinessIncident Response & Breach Notification PolicyLegal HoldsPen-testing & Vulnerability ManagementPivot Platform LicensePrivacy PolicySIEM & DLP IntegrationsSub-processor ListTerms and Conditions of SaleTerms of ServiceUptime & TransparencyVulnerability Disclosure Policy
Back to legal

Nov 13, 2025

Pen-testing & Vulnerability Management

Pen-testing & Vulnerability Management

Table of Contents

Data Residency

Pivot engages independent third-party security firms to conduct penetration testing on our platform at least annually. These assessments cover application, infrastructure, and cloud environments.

  • Scope: core application features, APIs, authentication/authorization flows, and infrastructure configurations.
  • Process: findings are triaged by severity, remediated according to defined SLAs, and re-tested as needed.
  • Internal reviews: in addition to annual pen tests, Pivot performs ongoing automated vulnerability scanning and dependency monitoring.
  • Transparency: summaries of recent penetration tests or security reviews may be made available to enterprise customers under NDA. Pivot is committed to continuously improving our security posture by tracking remediation through completion and incorporating lessons learned into our development lifecycle.

Data Residency

Pivot currently hosts customer data in the United States using leading cloud providers with strong security and compliance certifications.

  • Primary location: United States (default for all customers).
  • Data transfers: Managed in compliance with GDPR, CCPA, LGPD, and other applicable frameworks. Standard Contractual Clauses (SCCs) and the UK Addendum are incorporated into our DPA to support lawful transfers.
  • Private cloud & enterprise options: We support all regions on the Enterprise plan using our Private Cloud Deployment option. For details on retention and deletion, see our Data Deletion & Retention Policy.