Privacy Policy

Introduction

Pivot Automation respects your privacy and is committed to protecting your personal data. This Data Privacy Statement (also known as our Privacy Policy) explains what information we collect when you use Pivot Meets (the "Service"), how we use and share that data, your rights regarding your data, and how we safeguard it. This Privacy Statement applies to all users of Pivot Meets and any associated services accessible through pivotmeets.com. By using the Service, you agree to the collection and use of information in accordance with this statement. If you do not agree with our practices, please do not use Pivot Meets.

We endeavor to comply with all applicable data protection laws, including South Africa's Protection of Personal Information Act, 2013 (POPIA) and international standards such as the EU General Data Protection Regulation (GDPR), for users in jurisdictions that provide these rights. In all cases, we aim to be transparent about how we handle your data.

1. Information We Collect

When you use Pivot Meets, we collect several types of information, which can include:

1.1 Personal Information You Provide:

• Account Registration Data: When you create an account, we collect information such as your name, email address, and password. We may also collect your organization name and contact details if you provide them. This is used to identify you, provide access to the Service, and communicate with you.
• Profile Information: If the Service allows you to add profile details or preferences (e.g., a profile picture, job title, time zone, language preferences), that data is stored in your account profile.
• Payment Information: If you purchase credits or make payments via Pivot Meets, you will provide payment details. Payment card information (credit card number, CVV, etc.) is not collected by us directly; it is handled by our payment processor, PayFast, on their secure checkout forms. We may receive limited payment information back from PayFast such as a confirmation of payment, your name or email as provided to PayFast, the amount of the transaction, transaction ID, and status. We retain records of your purchases and transaction history on our platform (e.g., number of credits bought, date, and reference) to manage your account and for financial record-keeping.
• Content You Upload: When you upload audio or video files for transcription, the files themselves may contain personal information (for example, voices of meeting participants, names mentioned, etc.). We treat these files and the transcripts generated as sensitive user content. They are collected and processed solely to provide you the Service (see "How We Use Data" below for details). Similarly, any notes or titles you input for meetings are collected.
• Communications: If you contact us for support or with inquiries (via email or through any contact form), we will collect the information you choose to give us (such as your contact info and the content of your message). We will also collect the correspondence history to better serve you.

1.2 Information We Collect Automatically:

When you use Pivot Meets, certain data is collected automatically by virtue of your interactions with our platform:

• Usage Data: We may collect information about how you interact with the Service. This includes timestamps of logins, pages or features you access, the files you upload (names, sizes, durations), and the outputs generated. We also may log actions like credit deductions, downloads of transcripts, or settings changes. This usage data helps us operate and improve the Service (e.g., to monitor performance, prevent fraud, or analyze usage trends).
• Device and Technical Data: We collect technical information from your device and browser. This may include your IP address, browser type and version, operating system, device type (e.g., desktop or mobile), network provider, and device identifiers. We also log information like the referring website or search query that led you to pivotmeets.com, and your usage patterns (e.g., how long you stay on a page). This data is generally used for security (e.g., monitoring login locations), compatibility (ensuring the Service works on common devices), and analytics.
• Cookies and Similar Technologies: We use cookies (small data files stored on your browser) and similar tracking technologies sparingly and primarily for functionality:
  • Session Cookies: These are temporary cookies that keep you logged in as you navigate the site and remember your preferences (like language or theme). They are typically erased when you log out or close your browser.
  • Security Cookies: We might use cookies or similar tokens to help prevent fraudulent logins (for example, by identifying multiple failed login attempts).
  • Analytics: We currently employ minimal analytics tracking. We may use a basic analytics tool or server logs to understand how the Service is used, but we do not use invasive tracking or personalized advertising cookies. If we use any third-party analytics (like Google Analytics), we will configure it in privacy-friendly mode (e.g., IP anonymization) if possible and disclose it here. As of the last update of this policy, Pivot Meets has minimal tracking, meaning we do not collect more data than necessary for Service functionality and basic insight. We do not use cookies for advertising or share cookie data with advertisers.
  • You can control cookies through your browser settings (e.g., to refuse some or all cookies or to delete them). However, note that if you disable cookies entirely, some features of Pivot Meets (like maintaining your login session) may not work properly.

1.3 Information from Third Parties:

We may receive information about you from third-party sources in certain situations:

• Third-Party Login: If in the future we offer login via third-party OAuth (for instance, "Sign in with Microsoft" or "Sign in with Google"), we would receive basic profile information from that third-party (such as your name, email, and an authentication token). We would use that info to set up your account. (Currently, registration is via our own system, but we mention this for completeness if such features are added.)
• PayFast: As mentioned, we get transaction confirmations from PayFast. PayFast may also send us notifications about chargebacks or fraud related to your payments, which we would use to address payment issues.
• Email/Calendar Integration: If Pivot Meets integrates with external services you authorize (for example, if you connect your Microsoft 365 account to send emails or sync meeting invites), we would, with your permission, receive data from those services. This could include your email address on that service, meeting details from your calendar that you choose to import, or confirmation that an email was sent. We will explain at the point of integration what data is accessed and get your consent.
• Referrals and Partners: If you arrived at Pivot Meets via a referral or our partner (e.g., if your employer signed you up, or through a reseller), we might get basic enrollment information from those parties. In such cases, you will be informed and your data will still be treated according to this policy.

We do not buy or rent personal data from data brokers or marketing lists. All personal information we have about you is either provided by you, collected through your use of the Service, or from the limited sources above.

2. How We Use Your Information

We use the collected information for the following purposes, consistent with the basis allowed under data protection laws (such as performing our contract with you, pursuing our legitimate interests in running a safe and efficient service, complying with legal obligations, or on the basis of your consent where applicable):

2.1 Providing and Maintaining the Service:

We process your personal data to perform our contract with you – namely, to provide the Pivot Meets services you have requested. This includes:

• Using your login credentials to authenticate you and allow access to your account.
• Processing the audio/video files you upload to produce transcriptions and summaries. This may involve sending the file or derived data to our AI partners (like Deepgram, OpenAI, Anthropic) for analysis. We only use these partners to fulfill the service functionality.
• Displaying your transcripts, summaries, credit balance, and transaction history in your dashboard.
• Maintaining your account, such as saving your settings and preferences.

2.2 Communication:

We use your email and name to communicate with you about the Service. Examples include:

• Transactional Emails: We may send confirmation emails when you register, purchase credits, or if a significant process is completed (e.g., "Your meeting summary is ready for download"). We also might send notifications if your credit balance is low or if there are issues with your uploaded file.
• Administrative Messages: We might send notices about changes to the Service, important updates to the Terms or Privacy Policy, security alerts, or maintenance downtime notices.
• Support Responses: If you reach out with a support query, we will use your contact information to reply and will refer to your usage data or content as needed to assist you.
• We will not send you marketing or promotional emails unless you have explicitly opted in to such communications. Since Pivot Meets is primarily a B2B/business productivity tool, we currently focus on essential communications. If we ever introduce a newsletter or marketing updates, it will be optional and you can opt out at any time.

2.3 Processing Payments:

When you purchase credits, we use your information to facilitate the transaction. For example, we pass necessary identifiers and amount info to PayFast, and then record that transaction in our system. We may use your purchase history to manage any billing inquiries or provide refunds (if applicable under our Terms) or to detect fraudulent transactions. Payment data is also used for accounting, auditing, and compliance purposes (e.g., keeping records for tax and financial regulations).

2.4 Service Improvements and Analytics:

We continually strive to improve Pivot Meets. We use usage data and feedback to:

• Debug and fix issues. For instance, if an uploaded file consistently fails at a certain point, our team may inspect system logs or, with your permission, look at a snippet of the problematic transcript to diagnose the problem.
• Develop new features or enhance existing ones. Understanding which features are most used (e.g., how many users download the summary vs. the full transcript) helps us prioritize improvements.
• Analyze overall usage trends such as peak usage times, average length of files processed, etc. This helps in scaling the infrastructure efficiently.
• Improve accuracy: We might analyze transcripts in aggregate (and in an anonymized way whenever possible) to gauge how well the AI is performing (e.g., word error rates) and identify if we should switch providers or models. We do not use your specific content to train our own models for new AI functionality without your permission; any analysis is either automated or aggregated for quality metrics.

Any analytics data we use for improvement is typically in an aggregated or pseudonymized form. For example, we might look at "total minutes transcribed per week" or "percentage of meetings that involve more than 2 speakers". If we publish any aggregate statistics (like in marketing material), it will not contain personal data.

2.5 Security and Abuse Prevention:

We use data to keep the Service and our users safe. This includes:

• Monitoring login patterns to detect suspicious logins (e.g., if an account is accessed from two countries in short succession, we might flag or challenge it).
• Using IP addresses and cookies to mitigate abuse such as rate-limiting potential scrapers or blocking malicious actors.
• Checking uploaded files for viruses or malware. (We have the right to scan content to ensure it does not harm our systems.)
• Enforcing our Terms of Service: if we suspect prohibited use, we might investigate logs or user content. For example, if content is reported as illegal, we may review the relevant data.
• Fraud prevention: Information from PayFast about a fraudulent payment or a chargeback might be used to suspend an account or request additional verification from a user.

2.6 Legal Compliance:

We may process and retain personal data to comply with our legal obligations. For example:

• Financial laws may require us to keep records of transactions and customer info for a certain period (in South Africa, for instance, financial transaction data might be kept for 5 years for audit/tax purposes).
• If we receive a lawful subpoena or court order, we may need to provide certain data to authorities (after verifying the legality of the request).
• We might use your data to exercise our legal rights or defend against legal claims (e.g., using logs to demonstrate compliance with user requests or to resolve a dispute).
• POPIA and GDPR compliance: If you exercise your data subject rights (like requesting a copy of your data or deletion), we will use your information to verify your identity and fulfill the request as required by law.

2.7 Other Purposes with Consent:

If we ever want to use your personal data for a purpose that is not compatible with the ones listed above, we will seek your consent. For instance, if we wanted to feature a user's success story on our website, we would ask for permission to use their name or photo. Or if we consider sending user testimonials to prospective customers, we'll obtain consent. You have the right to refuse or withdraw consent at any time for such uses.

We do not sell your personal information to third parties for their marketing or any other purposes. We also do not use your data for automated decision-making or profiling that produce legal or similarly significant effects on you, as defined under GDPR. Any AI processing we do is at your direct request (transcribing your meeting) and not used to profile you as an individual beyond delivering the features of the Service.

3. How We Share Your Information

We treat your personal data and content as confidential. However, there are situations where we need to share data with third parties, either to provide our Service or to comply with legal obligations. The categories of recipients of data include:

3.1 Service Providers (Processors):

We use reputable third-party companies to facilitate or enhance our Service. These providers process data on our behalf and are bound by contracts to protect your data and use it only for our specified purposes. Key service providers and what they do include:

• PayFast (Payment Processor): As described, when you purchase credits, your payment details go to PayFast. PayFast will process your payment and may store your transaction data as required for their operations and legal obligations (often payment providers keep records for several years for anti-money laundering law compliance, e.g., up to 5 or 7 years). We share with PayFast the minimum necessary data for payment (transaction amount, order info, and perhaps your name/email). PayFast's use of your data is governed by their privacy policy. Pivot Automation does not control PayFast's retention of data, but PayFast has its own retention and data protection commitments.
• Deepgram or Speech-to-Text API: If we use Deepgram (or a similar speech-to-text service) to transcribe audio, the audio file (or segments of it) and maybe some metadata are sent to that service. Deepgram will return a text transcript. We require by contract or API terms that such providers do not use your audio or transcripts for any purpose other than providing the transcription to us. For instance, many AI API providers offer "no data retention beyond processing" or an option to opt-out of data being used to improve their services. We opt out of data sharing for improvement whenever possible. (Deepgram's policy at the time of writing is that they don't store or use submitted audio for training without permission, but we will confirm and abide by the latest terms.)
• Anthropic and OpenAI (AI Processing): These are our AI model providers for analyzing text and generating summaries. We send the transcribed text (or portions of it, possibly with prompts) to these AI services and receive a generated summary or document. We instruct these providers not to use your data for training their models. Notably, OpenAI's policy for API use is that it will not use data submitted via the API to train or improve models by default, and retains API data for only 30 days for abuse monitoring. Anthropic's Claude API likewise does not use conversation data to train by default and retains data for a limited period (Anthropic retains inputs/outputs for up to 30 days for trust & safety purposes). We have chosen these providers in part due to their privacy commitments. They act as processors for the content to generate the output and are not supposed to store or use it beyond the processing window. However, some minimal retention by them is possible (e.g., up to 30 days) for monitoring abuse or improving safety filters, as per their policies. We do not send more personal data than necessary to these AI APIs – usually just the meeting content needed to get the result, and an anonymized identifier. We do not send your account name or unrelated info to them.
• Email Service (SMTP or API): To send you emails (notifications, password resets, summaries etc.), we either use a third-party email delivery service or an integration like Microsoft Graph if you authorize it. For example, we might use an SMTP relay or an email API (SendGrid, Mailgun, or similar) which will process your email address and the content of the email. We ensure any such provider is reputable and secures the emails in transit. If we integrate with Microsoft's API to send mail from your address, then Microsoft will obviously see the content as it is sending on your behalf, but that is under your control and consent.
• Cloud Hosting and Storage (e.g., Azure): Pivot Meets is hosted on cloud servers, possibly Microsoft Azure or a similar provider. All our databases and file storage are on those servers. The cloud provider technically has the ability to access stored data, but they operate under strict security standards and generally will not access customer content except for legal compliance or to fix service issues. We rely on their infrastructure to store data securely (Azure complies with stringent security certifications). The data may be stored in a data center in [the region we configure – we aim to use South African data centers if available for compliance with POPIA's cross-border restrictions, but it could be in other regions depending on service availability]. In any case, we ensure there are proper safeguards for stored data.
• Analytics/Monitoring Tools: If we use any third-party analytics (like Google Analytics, as mentioned) or error tracking services (like Sentry, etc.), those services may incidentally receive some data like your IP or device info or error logs. We limit what is sent – for example, error logs might include metadata about a request but we try to avoid logging personal content in third-party systems. If an error tracking service captures a snippet of data to diagnose an issue, it is used solely for that purpose.

We have Data Processing Agreements (DPAs) or equivalent terms in place with our processors as required by law, obligating them to protect your data. They cannot use your data for their own purposes or share it further without authorization.

3.2 Within Pivot Automation:

Within our own company and any affiliates, your information will be accessed only by those who need to know it to perform their duties – for example, customer support staff to handle inquiries, developers to fix issues, or finance staff to manage billing. All personnel are bound by confidentiality obligations.

3.3 Business Transfers:

If Pivot Automation is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your data may be transferred as part of that transaction. We would ensure the new owner or successor continues to handle your personal data in line with this Privacy Statement (or you would be given notice and a chance to opt-out if the policies change). Your privacy will remain a priority in any such change.

3.4 Legal and Compliance:

We may disclose your personal information to third parties (such as courts, law enforcement or government agencies, or opposing counsel) if and only if such disclosure is required by law or strictly necessary to:

• Comply with a legal obligation or valid legal process (e.g., a subpoena, court order, or search warrant) that we determine mandates disclosure.
• Enforce our Terms and other agreements, or investigate potential violations thereof.
• Detect, prevent, or address fraud, security, or technical issues.
• Protect the rights, property, or safety of Pivot Automation, our users, or the public, as required or permitted by law. This could include exchanging information with other companies and organizations for the purposes of fraud protection or credit risk reduction.

We will carefully review any request to ensure it has a lawful basis and is limited to the data required. Where a request originates from a foreign jurisdiction (outside South Africa), we will only comply if we are convinced it is valid under applicable laws (for example, via a mutual legal assistance treaty or as required under GDPR for EU data subjects, etc.). When permitted, we may attempt to redirect the request to the user or at least notify you of it (unless legally prohibited from doing so).

3.5 Aggregated or De-Identified Data:

We may share data that has been aggregated or de-identified such that it cannot reasonably be used to identify an individual. For instance, we could publish stats like "Total minutes transcribed by Pivot Meets in 2025" or "Average number of meetings per user per month." This information will not contain personal details. If we partner with researchers or improve our AI, we might share anonymized transcripts with no identifying info (only with equivalent privacy safeguards and typically only if users have consented or if allowed by law as not personal data). But by default, we do not do this; any such program would be communicated and likely opt-in.

3.6 No Selling of Personal Data:

We do not sell or rent your personal data to advertisers or third parties. We also do not share it with third parties for their direct marketing purposes. Any sharing is only as outlined above and primarily for providing the Service or legal reasons.

4. Data Security Measures

We take the security of your data seriously and implement a variety of technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction:

• Encryption: All communications between your browser and Pivot Meets are encrypted using HTTPS/TLS protocols. This protects data in transit from eavesdropping. Additionally, sensitive data at rest in our databases (such as passwords and certain personal fields) is encrypted. Passwords are stored as salted one-way hashes (we never store plaintext passwords). Where possible, we also encrypt sensitive files or data in storage (leveraging cloud encryption at rest).
• Access Controls: Internally, we restrict access to personal data to employees and contractors who need that information to operate or develop our Service. Access to databases and decryption keys is limited to authorized personnel. We enforce the principle of least privilege and regularly review access rights. All staff with such access are subject to confidentiality obligations.
• Authentication Security: We encourage strong passwords and may enforce password strength requirements.
• Network & Infrastructure Security: Our servers are hosted in secure facilities with measures like firewalls, intrusion detection systems, and continuous monitoring. Cloud providers like Azure are ISO 27001 and PCI-DSS compliant. We keep our software and dependencies up to date with security patches. Regular backups are taken to ensure data durability (backups are encrypted as well).
• Testing and Audits: We periodically test our Service for vulnerabilities, including engaging in internal code reviews and possibly third-party security audits or bug bounty programs. If any vulnerabilities are found, we address them promptly. We also ensure our third-party processors uphold strong security standards (e.g., requiring they have certifications or audits like SOC 2, ISO 27001, etc., as PayFast and our cloud providers do).
• Physical Security: To the extent any personal data is stored or accessible in physical locations (like an office or on employee devices), we have measures to secure those (locked offices, device encryption, etc.). However, most data resides in the cloud environment.

Despite all these precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. However, we commit to making reasonable and appropriate efforts to protect your information. In the unfortunate event of a data breach that affects your personal data, we will follow applicable laws in notifying you and authorities as required (POPIA and GDPR both mandate breach notifications in certain cases, which we will adhere to).

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Statement, and to comply with legal or business requirements. The retention periods for different categories of data are:

• Account Information: Your registration details (name, email, etc.) and profile information are kept for as long as you have an account with us. If you delete your account or it becomes inactive for an extended period, we will delete or anonymize this information, except to the extent we need to retain it for legal reasons (e.g., proof of consent or transaction records).
• Uploaded Files: Audio and video files that you upload are stored temporarily for processing. Typically, once the transcription and analysis are completed and your output is delivered, the original files are deleted from our servers. In many cases, this deletion happens automatically within a short time after processing (for example, within a few hours or a day). We may retain the files a bit longer in a secure temporary cache in case you need to reprocess due to an error or want to verify the output, but generally we aim to purge user-uploaded media promptly to reduce risk.
• Transcripts and Outputs: The text transcripts, summaries, and other documents generated from your files are stored in our database so that you can access and download them. These outputs will be retained until you delete them or delete your account. You have control via your dashboard to delete individual session data (transcript/summary) if you no longer want it stored. If you delete specific meeting records, they will be permanently removed from our primary database (though they might remain in secure backups for a limited time until those backups cycle out). If you delete your entire account, all transcripts and associated data will be deleted as well, following the account deletion process (typically, we strive to purge personal data within 30 days of account deletion, barring data we must retain longer as noted below). Text transcripts, summaries, and other documents generated from your uploaded files are not permanently stored in our database. These outputs are temporarily retained only until you download them or have them sent to you via email. Once successfully downloaded or delivered by email, the generated outputs are permanently deleted from our systems. We do not maintain copies of these transcripts or outputs beyond this delivery point.
• AI Providers' Retention: Content that is sent to our AI partners (Anthropic, OpenAI, etc.) is subject to their retention practices. OpenAI retains API data for up to 30 days for abuse monitoring and then deletes it. Anthropic retains data for up to 30 days as well for similar purposes. We do not send them data outside of processing your request, and we rely on their policies to auto-delete it. They do not keep your data longer or use it for model training unless explicitly allowed (which we do not permit).
• Operational and Usage Data: Logs and audit trails (which may contain IP addresses, login history, actions taken in the app) are generally kept for a shorter period for performance tuning and security (often 90 days to 1 year, depending on the type). Some security logs might be kept longer if needed for investigations.
• Payment and Transaction Records: Financial regulations often require that we keep transaction records for a certain minimum period. We will retain records of your purchases, invoices, and related personal info for at least five (5) years or as required by tax and accounting laws. This is both for our internal accounting and in compliance with regulations (e.g., SARS requirements in South Africa, anti-fraud laws, etc.). Note that PayFast as a financial institution may keep data for up to 5-7 years on their end, independent of our copies. We keep only what we need (usually your name, email, date of transaction, amount, and method—no card numbers).
• Communications: If you correspond with us, we may retain those communications for a period to ensure we have a history of support interactions. Emails may be retained for a couple of years, unless you request deletion and we have no overriding reason to keep them.
• Backups: Our system backups might contain fragments of your data even after deletion from the primary system. However, our backup cycle ensures old backups are overwritten or deleted over time. Typically, complete backup turnover is within 30-90 days. We do not restore archived data except for disaster recovery purposes. If we do restore a backup, we will re-delete any data that you had previously deleted, to the best of our ability.

When we no longer have a legitimate need to retain your personal information, we will either delete it or anonymize it. If deletion is not immediately feasible (for example, if your data is stored in archives), we will securely store it and isolate it from any further use until deletion is possible.

6. International Data Transfers

Pivot Meets is offered by Pivot Automation, which is based in South Africa. However, the nature of cloud services and the third-party integrations we use means that your data may be transferred to and stored in countries other than your own. Notably:

• Our main servers may be located in data centers outside South Africa (depending on our hosting provider's offerings). For example, if using Microsoft Azure and South African regions are used, data stays local, but if not, data might reside in Europe or the United States.
• Many of our service providers are global companies. For instance, PayFast is primarily South African (with international parent company), but OpenAI and Anthropic's servers are likely in the United States. If you are using Pivot Meets from the EU or UK, this means your personal data (like the content of your meetings) could be transferred out of the EU to these providers to process.
• Email delivery or support tools might route data globally (for example, if we use a US-based email service).

We are committed to ensuring that international transfers are done in compliance with applicable data protection laws:

• South Africa (POPIA): POPIA generally requires that personal information leaving South Africa is only sent to countries with adequate data protection laws or that other safeguards are in place. We will take such measures – for example, if data goes to the US or EU, those jurisdictions either have robust privacy frameworks (GDPR in EU is deemed adequate in many respects), or we'll ensure the recipient is bound by contracts (like standard data protection clauses) that ensure POPIA principles are upheld.

By using Pivot Meets, you acknowledge that your information may be transferred to our facilities and those third parties as described, even if they are in other countries. We will take all reasonable measures to protect your data during such transfers, including through the use of encryption in transit and carefully selecting vendors with strong privacy and security track records.

If you have questions about international data transfers or want more details about the safeguards we use (such as a copy of applicable contractual protections), you can contact us at support@pivotautomation.co.za.

7. Your Rights and Choices

Depending on where you are located and which laws apply, you have certain rights regarding your personal data. We are committed to upholding these rights as applicable:

• Access and Portability: You have the right to request a copy of the personal data we hold about you. We will provide this in a readable format, and for data that we process by automated means on the basis of contract or consent, we can provide it in a structured, commonly used, machine-readable format (data portability). For example, you can request a copy of your account info, your transcripts, etc. (Note: transcripts themselves you can already download anytime from the dashboard).
• Rectification: If any personal data we have is incorrect or outdated, you have the right to ask us to correct it. For instance, if your name is misspelled in our records or you changed your email, you can update it in your profile or ask us to fix it.
• Deletion (Right to be Forgotten): You can request that we delete your personal data. By deleting your account via the app, you are essentially making this request and we will remove your data as described. Even outside of that, you can ask us to remove specific information. We will honor deletion requests to the extent we are not required to keep the data. If we have to retain certain data (e.g., transactions for compliance), we'll inform you. We will also instruct our processors to delete your data from their systems where applicable.
• Restriction of Processing: You can ask us to restrict or pause processing of your data in certain circumstances – for example, if you contest the accuracy of data and we are verifying it, or if you object to processing and we are considering that request.
• Objection to Processing: If we ever process data based on our legitimate interests or for direct marketing, you have the right to object to that processing. For example, if you are an EU user and you believe our analytics or improvement processing has a legal basis of legitimate interest, you can object, and we will consider your objection and whether the processing should cease (unless we have compelling grounds or it's needed for legal reasons).
• Withdraw Consent: In cases where we rely on your consent (e.g., if you opted into marketing emails or gave consent for a particular integration), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing done before withdrawal.
• Data Subject Participation (POPIA): POPIA specifically gives South Africans the right to request correction or deletion of their personal information that is inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, obtained unlawfully, or if we are no longer authorized to keep it. We honor those rights which overlap with the above.
• Complaint: You have the right to lodge a complaint with a data protection authority. For South Africa, that is the Information Regulator (IR) (you can find details on their website). For EU users, you can complain to the supervisory authority in your country (like the ICO in the UK, or CNIL in France, etc.) if you believe we have infringed your privacy rights.

To exercise any of these rights, please contact us at support@pivotautomation.co.za. We may need to verify your identity before fulfilling the request (to ensure, for example, that someone else isn't trying to steal your data). This could involve asking you to provide information that matches our records or other verification methods. We will respond to your request within a reasonable time frame as required by law (usually within 30 days for access requests, extendable if necessary).

Please note:

• These rights are not absolute. There are exceptions; for instance, we might refuse a request to delete data if we need it to comply with a legal obligation or if it is essential for the service (you can't use Pivot Meets without us processing your email, for example). We will explain any refusal or limitation of a request.
• If your request is excessive or unfounded (especially if repetitive), we may charge a reasonable fee or refuse to act on it, as permitted by law.
• For deletion, if you just want to stop receiving certain emails, you don't have to delete all data; you can unsubscribe from marketing or ask to suppress your email for non-essential communications.
• If you request data portability, we will provide the data that you have provided to us or that is directly generated by your use (not the internally derived analytics, etc., which is not in scope of portability typically).

Additionally, you have choices in how you use the Service:

• Profile Settings: You can review and modify certain personal details by logging into your account and editing your profile or account settings (for example, change your display name or email if allowed).
• Marketing Preferences: If we send marketing emails and you're subscribed, you can opt-out via the unsubscribe link in those emails or by contacting us. (Again, we currently send minimal to no marketing, but if that changes, we will provide this option).
• Cookies: As mentioned earlier, you can set your browser to refuse cookies. You can also use browser extensions to manage scripts and trackers. Doing so won't block any essential features except maybe convenience of staying logged in.
• Do Not Track: Some browsers offer a "Do Not Track" signal. There is no standard interpretation of DNT signals yet, and our Service does not currently change its behavior in response to DNT. Given our minimal tracking, this is not particularly impactful. If a standard emerges, we will revisit our policy.

8. Cookies and Tracking Technologies

(This section reiterates some points from earlier in more detail, focusing on cookies and tracking.)

What Cookies We Use:

• Essential Cookies: These are necessary for the Service to function. For instance, when you log in, we set a session cookie so you don't have to re-enter your credentials on each page. This cookie (often called a session ID) is tied to your account but contains no personal info in itself beyond a random ID. It expires after you log out or a set time of inactivity.
• Preference Cookies: If applicable, we might use cookies to remember choices you've made, like if you dismissed a one-time tutorial or selected a language. This improves your experience.
• Analytics Cookies: If we use Google Analytics or similar, those services may set their own cookies to identify your browser and analyze usage. We have configured any analytics in a privacy-friendly way. For example, if using Google Analytics, we use IP anonymization so that it truncates your IP address. We do not allow Google to use the data for their own purposes beyond providing us the analytics. We currently do not have third-party advertising cookies.
• Third-Party Integrations: If any third-party content is loaded on our site (for example, a YouTube video in help pages or a social media share button), those third parties might set cookies. We try to minimize this. PayFast's payment widget might use cookies to remember your session with them – that's within their site domain and control, just during checkout.

Managing Cookies: You can usually remove or reject cookies via your browser settings. However, keep in mind that doing so might disrupt some functionality:

• If you reject essential cookies, the site might not let you log in or stay logged in.
• We do not have an internal mechanism to tie your usage to an "opt-out" of analytics except via cookie control. But again, our analytics are minimal and not personally identifying beyond IP which is anonymized.

Other Tracking: We do not use other common tracking like pixel tags or fingerprinting beyond what's stated. We might use server logs and device info as described, but that's not across third-party sites, just within our domain.

We do not respond specifically to "Do Not Track" signals by altering cookie behavior, as mentioned, because our tracking is minimal and there's no consensus standard. If in the future we engage in any new tracking practices, we will update this policy and seek appropriate consent.

9. Children's Privacy

Pivot Meets is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, you must have permission from a parent or guardian to use this Service, and the account should be created by or with supervision of an adult. In any case, our target user base is professionals and businesses, and the Service content is not oriented towards minors.

If we become aware that we have unknowingly collected personal data from a child under 18 without parental consent, we will take steps to delete that information as soon as possible. If you are a parent or guardian and you believe your child under 18 has provided personal information to us without your consent, please contact us at support@pivotautomation.co.za so we can investigate and take appropriate action.

Note: For users in certain jurisdictions, the age threshold for a "child" may be different (for example, under 13 in the US for COPPA, under 16 in some EU countries unless lower by law). We intend to treat any such lower age limits accordingly. Essentially, no part of our Service is designed to attract anyone under the age of consent for data processing, and we restrict access as stated in our Terms of Service (18+ requirement).

10. Changes to this Privacy Policy

We may update or revise this Data Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

• Post the updated policy on pivotmeets.com with a new "Last Updated" date.
• If the changes are material (significantly affecting how your data is used or your rights), we will provide a more prominent notice. This could be via email notification to the address on your account or a notice within the app. For example, if we were to start collecting additional categories of data or share data in new ways, we'd alert you in advance.
• We may also log a notice in update/release notes if applicable.

Please review this Privacy Statement periodically to stay informed about how we are protecting your information. Your continued use of Pivot Meets after any changes to this Statement constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with the changes, you should stop using the Service and may delete your account.

11. Contact Us

If you have any questions, concerns, or requests regarding this Data Privacy Statement or our data practices, please contact us:

• Email: support@pivotautomation.co.za

We will do our best to address and resolve any inquiries or issues you have. If you are not satisfied with our response, and applicable law grants you the right, you can lodge a complaint with the relevant data protection authority as mentioned above.

Thank you for trusting Pivot Automation with your meeting data. We are committed to protecting your privacy and using your information responsibly and transparently.

Last Updated: 24 July 2025