Pivotstring Privacy Policy

Pivotstring is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our SaaS-based application.

Information We Collect:

We may collect personal and non-personal information, including:

  • Personal Information:Name, email address, phone number, billing details, and account credentials.
  • Usage Data:IP address, browser type, operating system, and application usage patterns.
  • Cookies and Tracking Technologies:To enhance user experience and improve our Service.

How We Use Your Information

We use collected data to:

  • Provide, maintain, and improve our Service.
  • Process transactions and manage user accounts.
  • Communicate with users about updates and security alerts.
  • Enforce our terms and comply with legal obligations.

Sharing of Information

We do not sell or rent your personal information. We may share data with:

  • Service providers assisting in hosting, analytics, and payment processing.
  • Legal authorities when required by law.
  • Affiliates or partners for service integration (with user consent).

Data Security

We implement industry-standard security measures to protect your information from unauthorized access, loss, or misuse. For sensitive data, such as personal information (e.g., name, email address, phone number) and billing details, we employ the following specific data protection mechanisms:

  • Encryption: Sensitive data is encrypted during transmission using Transport Layer Security (TLS) version 1.3 with strong cipher suites. Data at rest is protected using Advanced Encryption Standard (AES) with 256-bit keys, ensuring robust confidentiality.
  • Access Controls: We implement strict role-based access controls (RBAC) to limit access to sensitive data to authorized personnel only. Multi-factor authentication (MFA) is required for all administrative access to systems handling sensitive data.
  • Data Minimization and Anonymization: We collect only the minimum necessary sensitive data and, where feasible, anonymize or pseudonymize data used for analytics to prevent identification of individuals.
  • Secure Storage: Sensitive data is stored in secure, access-controlled databases hosted on encrypted servers. We use intrusion detection and prevention systems (IDPS) to monitor and protect against unauthorized access attempts.
  • Regular Security Audits and Compliance: We conduct quarterly security audits, including vulnerability assessments and penetration testing, to identify and remediate potential risks. Our practices align with industry standards such as ISO 27001 and GDPR for handling sensitive data.
  • Data Retention and Deletion: Sensitive data is retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon request or account termination, sensitive data is securely deleted using industry-standard secure erasure methods.

User Rights

You have the right to:

  • Access, update, or delete your personal data.
  • Opt-out of marketing communications.
  • Disable cookies through browser settings.

Changes to This Policy

We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time. If a revision is material, we will provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.