Pen-testing & Vulnerability Management
Pen-testing & Vulnerability Management
Pivot engages independent third-party security firms to conduct penetration testing on our platform at least annually. These assessments cover application, infrastructure, and cloud environments.
- Scope: core application features, APIs, authentication/authorization flows, and infrastructure configurations.
- Process: findings are triaged by severity, remediated according to defined SLAs, and re-tested as needed.
- Internal reviews: in addition to annual pen tests, Pivot performs ongoing automated vulnerability scanning and dependency monitoring.
- Transparency: summaries of recent penetration tests or security reviews may be made available to enterprise customers under NDA.
Pivot is committed to continuously improving our security posture by tracking remediation through completion and incorporating lessons learned into our development lifecycle.
Data Residency
Pivot currently hosts customer data in the United States using leading cloud providers with strong security and compliance certifications.
- Primary location: United States (default for all customers).
- Data transfers: Managed in compliance with GDPR, CCPA, LGPD, and other applicable frameworks. Standard Contractual Clauses (SCCs) and the UK Addendum are incorporated into our DPA to support lawful transfers.
- Private cloud & enterprise options: We support all regions on the Enterprise plan using our Private Cloud Deployment option.
For details on retention and deletion, see our Data Deletion & Retention Policy.