Legal

Privacy Policy

Effective Date: June 10, 2026 · PivotPoint Ideas, LLC

This Privacy Policy describes how PivotPoint Ideas, LLC (“PivotPoint,” “we,” “us,” or “our”) collects, uses, stores, and shares information in connection with the Security Device Analyzer, the Intelligence Dashboard, and related services (collectively, the “Platform”).

1. Scope of This Policy

This Policy applies to information collected through the Platform, including account information, uploaded device inventory files, scan results, generated reports, and usage data. It applies to all users of the Platform, including Corporate Admins, Sales Users, Dealers, and End Users invited under an Organization’s subscription (collectively, “Authorized Users”).

This Policy should be read together with our Terms of Service, which governs use of the Platform generally.

2. Information We Collect

2.1 Account Information

When an Organization or Authorized User creates an account, we collect information such as name, email address, company name, role, and password (stored in hashed form).

2.2 Device Inventory and Scan Data

When a user runs a scan or uploads a device inventory file (Excel or HTML export from a video management system), we collect the contents of that file, including device manufacturer, model, part number, device type, location labels, and any other fields contained in the uploaded file. Generated reports, inventory exports, and risk assessments derived from this data are stored on our behalf in our database and cloud storage provider (Supabase).

2.3 Usage Data

We collect information about how the Platform is used, including login activity, scan history, device counts against subscription limits, project status, and feature usage, in order to operate the Platform, enforce subscription limits, and provide the Intelligence Dashboard.

2.4 Communications

If an Authorized User contacts us through the contact form, email, or otherwise, we collect the content of that communication and the contact information provided.

3. How We Use Information

We use the information described above to:

3.1 Research Use of Anonymized Data

PivotPoint may use aggregated and anonymized data derived from device inventories and scan results — for example, industry-wide trends in device manufacturer distribution, end-of-life device prevalence, or common risk flags — for research, product improvement, industry benchmarking, and marketing purposes (such as the statistic that a majority of security directors report a visibility gap in their device fleets).

Data used for this purpose is aggregated and stripped of information that identifies a specific Organization, site, or individual before use. We do not publish or share research data in a form that identifies a specific customer, site name, or individual without separate consent.

3.2 Opt-Out of Research Use

An Organization may opt out of having its anonymized data included in aggregate research and benchmarking by emailing stevek@pivotpointideas.com with the subject line “Research Opt-Out.” Opting out does not affect the Organization’s ability to use the Platform or its access to its own reports and data.

4. How We Share Information

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

These providers are contractually obligated to protect the information and use it only to provide services to PivotPoint.

4.2 Within the Organization’s Account (Multi-Tenant Role Structure)

The Platform operates a multi-tier access model. Corporate Admins can view data across all Authorized Users under their subscription. Sales Users can view data for the dealers they invited. Dealers can view data for the end users they invited. This hierarchy is a deliberate feature of the Platform and is disclosed at account creation. The Organization is responsible for understanding and accepting this structure when it invites Authorized Users to its account, and for ensuring those users are aware that their scan data may be visible to others within the same account hierarchy.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our legal rights, prevent fraud or harm, or protect the safety of any person.

4.4 Business Transfers

If PivotPoint is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

4.5 No Sale of Personal Information

PivotPoint does not sell Authorized Users’ personal information to third parties for monetary consideration.

5. Sensitive Data — Subscriber and User Responsibility

5.1 What the Platform Needs vs. What It Does Not Need

The Security Device Analyzer requires only device inventory attributes — manufacturer, model, part number, device type, and location labels — to perform its analysis. It does not need, and should never receive, network access credentials or live security configuration data.

5.2 Data Sanitization Recommendation

Before any Authorized User submits a file to the Platform, that user — and the Organization responsible for them — should ensure the file does not contain:

PivotPoint strongly recommends removing the items above before uploading any file to the Platform.

5.3 Subscriber Responsibility for All Authorized Users

The Organization is responsible for ensuring that all Authorized Users under its account — including sales users, dealers, and end users — are aware of and follow the data sanitization recommendation in Section 5.2 before submitting files. PivotPoint processes files as submitted and has no automated mechanism to detect or strip sensitive network credentials or configuration data from uploaded files.

5.4 Limitation of Liability for Submitted Data

PivotPoint is not liable for any harm, loss, or security incident arising from sensitive data that any Authorized User chooses to include in a submitted file, including but not limited to unauthorized network access, data breaches, or compromise of the Organization’s security infrastructure resulting from exposure of IP addresses, credentials, or access configuration data. Liability for such submissions rests solely with the submitting Authorized User and the Organization, as further described in our Terms of Service.

6. Data Retention and Security

6.1 Retention

We retain account information, scan history, and generated reports for as long as the Organization’s subscription is active, and for a reasonable period afterward to comply with legal, accounting, or recordkeeping obligations, or to resolve disputes. An Organization may request deletion of its data by contacting stevek@pivotpointideas.com, subject to any retention periods required by law or necessary for legitimate business purposes (such as billing records).

6.2 Security Measures

We use industry-standard measures to protect information stored on the Platform, including encrypted storage (Supabase), HTTPS/TLS encryption in transit, access controls, and password hashing. No method of transmission or storage is completely secure, and we cannot guarantee absolute security of any information.

7. Your Rights and Choices

Depending on the Authorized User’s location, applicable privacy laws may provide rights such as the right to access, correct, or request deletion of personal information. Requests can be directed to stevek@pivotpointideas.com. Because the Platform is operated on a multi-tenant basis, requests relating to data within an Organization’s account (such as scan results submitted by an end user) will generally be coordinated with that Organization’s Corporate Admin.

8. Children’s Privacy

The Platform is intended for business use by adults and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the Organization’s account contact and/or posted on the Platform with an updated effective date. Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.

10. Contact Us

Questions about this Privacy Policy may be directed to:

PivotPoint Ideas, LLC

Email: stevek@pivotpointideas.com

Web: pivotpointideas.com

← Back