Privacy Notice

Pivot (“Pivot,” “we,” “us”) provides an editorial financial-modelling workspace at this domain. For the purposes of the EU and UK General Data Protection Regulations, we act as the data controller for information about the people who sign in to use Pivot, and as a data processor for the financial model content those people create.

Controller

Pivot — operator of this workspace.

Contact

privacy@pivot.app

EU representative

Available on written request to the address above.

We keep the smallest set of personal data the workspace needs to work.

• Account data. When you sign in with Google we receive your name, email address, profile image URL, and the Google account identifier. We store these so we can authenticate you and show your identity to other workspace members.
• Workspace content. The financial models, accounts, scenarios, snapshots, and audit-log entries you create. This may include figures, narrative notes, and the email addresses of people you invite to a workspace.
• Operational data. Server logs (request paths, IP address, user agent, timestamps) generated by our hosting providers to keep the service running and detect abuse.
• Product analytics. If you accept analytics cookies, PostHog records page views, in-app events, and a randomly generated device identifier. See the Cookie Notice for the full list and how to withdraw consent.

We do not buy personal data, we do not sell it, and we do not use it for advertising — on this site or anywhere else.

Under GDPR Article 6, every use of personal data needs a lawful basis. Ours are:

• Contract (Art. 6(1)(b)). Account data and workspace content are processed to deliver the workspace you signed up for.
• Legitimate interests (Art. 6(1)(f)). Operational logs, security monitoring, abuse prevention, and the maintenance of the audit log are processed because we have a legitimate interest in keeping the workspace reliable and tamper-evident, and you would reasonably expect that.
• Consent (Art. 6(1)(a)). Optional product analytics and any non-essential cookies are processed only after you opt in, and you can withdraw at any time.
• Legal obligation (Art. 6(1)(c)). Where law requires us to retain or disclose specific records.

Account data and workspace content are kept for as long as your workspace is active, and for up to thirty days after deletion in encrypted backups before they age out. Operational logs are retained for up to ninety days. Audit-log entries inside a workspace are kept for the life of the workspace because they are part of its contents. Analytics records are retained for up to twelve months.

We rely on a small set of vetted sub-processors. Each is bound by a data-processing agreement and processes data only on our instructions.

• Convex. Database, authentication, and serverless functions. Hosts your account record and all workspace content.
• Google. Sign-in provider. Receives the OAuth handshake when you sign in.
• Vercel. Application hosting and request-level analytics (aggregated, no cookies).
• PostHog. Product analytics — only if you have accepted analytics cookies.

We will disclose personal data outside this list only when compelled by a binding legal request, and we will resist requests we consider overbroad.

Some of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), together with supplementary measures such as encryption in transit and at rest.

If you are in the EEA, the UK, or Switzerland, the GDPR gives you the rights below. We honour equivalent requests from people elsewhere as a matter of course.

• Access. Ask for a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure. Ask us to delete your account and the personal data we control.
• Restriction & objection. Ask us to pause certain processing, or object to processing based on legitimate interests.
• Portability. Receive your workspace content in a structured, machine-readable form.
• Withdraw consent. Withdraw any consent you have given — including analytics — without affecting the lawfulness of processing carried out before you withdrew it.
• Complain. Lodge a complaint with your local supervisory authority. We’d rather you came to us first, but this right is yours regardless.

Send requests to privacy@pivot.app. We respond within thirty days.

Workspace data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is limited to a small number of operators, is logged, and requires hardware-key two-factor authentication.

Pivot is a workspace for adults running businesses and is not directed at children under 16. We do not knowingly collect personal data from them.

When we change this notice, we update the effective date at the top. Material changes are notified inside the workspace before they take effect.