This Privacy Policy describes how PivotPoint Ideas, LLC (“PivotPoint,” “we,” “us,” or “our”) collects, uses, stores, and shares information in connection with the Security Device Analyzer, the Intelligence Dashboard, and related services (collectively, the “Platform”).
1. Scope of This Policy
This Policy applies to information collected through the Platform, including account information, uploaded device inventory files, scan results, generated reports, and usage data. It applies to all users of the Platform, including Corporate Admins, Sales Users, Dealers, and End Users invited under an Organization’s subscription (collectively, “Authorized Users”).
This Policy should be read together with our Terms of Service, which governs use of the Platform generally.
2. Information We Collect
2.1 Account Information
When an Organization or Authorized User creates an account, we collect information such as name, email address, company name, role, and password (stored in hashed form).
2.2 Device Inventory and Scan Data
When a user runs a scan or uploads a device inventory file (Excel or HTML export from a video management system), we collect the contents of that file, including device manufacturer, model, part number, device type, location labels, and any other fields contained in the uploaded file. Generated reports, inventory exports, and risk assessments derived from this data are stored on our behalf in our database and cloud storage provider (Supabase).
2.3 Usage Data
We collect information about how the Platform is used, including login activity, scan history, device counts against subscription limits, project status, and feature usage, in order to operate the Platform, enforce subscription limits, and provide the Intelligence Dashboard.
2.4 Communications
If an Authorized User contacts us through the contact form, email, or otherwise, we collect the content of that communication and the contact information provided.
3. How We Use Information
We use the information described above to:
- Provide, operate, and maintain the Platform, including generating scan reports and dashboards;
- Enforce subscription device limits and billing;
- Communicate with Authorized Users about their account, scans, and support requests;
- Send transactional emails (e.g., scan link invitations, welcome emails, limit alerts, password resets) via our email provider, SendGrid;
- Maintain and improve the security, reliability, and performance of the Platform;
- Detect, prevent, and address fraud, abuse, or violations of our Terms of Service.
3.1 Research Use of Anonymized Data
PivotPoint may use aggregated and anonymized data derived from device inventories and scan results — for example, industry-wide trends in device manufacturer distribution, end-of-life device prevalence, or common risk flags — for research, product improvement, industry benchmarking, and marketing purposes (such as the statistic that a majority of security directors report a visibility gap in their device fleets).
Data used for this purpose is aggregated and stripped of information that identifies a specific Organization, site, or individual before use. We do not publish or share research data in a form that identifies a specific customer, site name, or individual without separate consent.
3.2 Opt-Out of Research Use
An Organization may opt out of having its anonymized data included in aggregate research and benchmarking by emailing stevek@pivotpointideas.com with the subject line “Research Opt-Out.” Opting out does not affect the Organization’s ability to use the Platform or its access to its own reports and data.
4. How We Share Information
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Supabase — database and file storage for reports, inventories, and account data;
- SendGrid — transactional email delivery;
- Our hosting infrastructure provider — for running the Platform's servers.
These providers are contractually obligated to protect the information and use it only to provide services to PivotPoint.
4.2 Within the Organization’s Account (Multi-Tenant Role Structure)
The Platform operates a multi-tier access model. Corporate Admins can view data across all Authorized Users under their subscription. Sales Users can view data for the dealers they invited. Dealers can view data for the end users they invited. This hierarchy is a deliberate feature of the Platform and is disclosed at account creation. The Organization is responsible for understanding and accepting this structure when it invites Authorized Users to its account, and for ensuring those users are aware that their scan data may be visible to others within the same account hierarchy.
4.3 Legal Requirements
We may disclose information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our legal rights, prevent fraud or harm, or protect the safety of any person.
4.4 Business Transfers
If PivotPoint is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.
4.5 No Sale of Personal Information
PivotPoint does not sell Authorized Users’ personal information to third parties for monetary consideration.
5. Sensitive Data — Subscriber and User Responsibility
5.1 What the Platform Needs vs. What It Does Not Need
The Security Device Analyzer requires only device inventory attributes — manufacturer, model, part number, device type, and location labels — to perform its analysis. It does not need, and should never receive, network access credentials or live security configuration data.
5.2 Data Sanitization Recommendation
Before any Authorized User submits a file to the Platform, that user — and the Organization responsible for them — should ensure the file does not contain:
- IP addresses (static or dynamic)
- MAC addresses
- Network subnet configurations and VLAN assignments
- Device usernames and passwords
- VPN or remote access credentials
- Camera stream URLs or RTSP addresses
- Door access codes or reader programming data
- Any other data that would allow unauthorized access to the Organization’s security systems
PivotPoint strongly recommends removing the items above before uploading any file to the Platform.
5.3 Subscriber Responsibility for All Authorized Users
The Organization is responsible for ensuring that all Authorized Users under its account — including sales users, dealers, and end users — are aware of and follow the data sanitization recommendation in Section 5.2 before submitting files. PivotPoint processes files as submitted and has no automated mechanism to detect or strip sensitive network credentials or configuration data from uploaded files.
5.4 Limitation of Liability for Submitted Data
PivotPoint is not liable for any harm, loss, or security incident arising from sensitive data that any Authorized User chooses to include in a submitted file, including but not limited to unauthorized network access, data breaches, or compromise of the Organization’s security infrastructure resulting from exposure of IP addresses, credentials, or access configuration data. Liability for such submissions rests solely with the submitting Authorized User and the Organization, as further described in our Terms of Service.
6. Data Retention and Security
6.1 Retention
We retain account information, scan history, and generated reports for as long as the Organization’s subscription is active, and for a reasonable period afterward to comply with legal, accounting, or recordkeeping obligations, or to resolve disputes. An Organization may request deletion of its data by contacting stevek@pivotpointideas.com, subject to any retention periods required by law or necessary for legitimate business purposes (such as billing records).
6.2 Security Measures
We use industry-standard measures to protect information stored on the Platform, including encrypted storage (Supabase), HTTPS/TLS encryption in transit, access controls, and password hashing. No method of transmission or storage is completely secure, and we cannot guarantee absolute security of any information.
7. Your Rights and Choices
Depending on the Authorized User’s location, applicable privacy laws may provide rights such as the right to access, correct, or request deletion of personal information. Requests can be directed to stevek@pivotpointideas.com. Because the Platform is operated on a multi-tenant basis, requests relating to data within an Organization’s account (such as scan results submitted by an end user) will generally be coordinated with that Organization’s Corporate Admin.
8. Children’s Privacy
The Platform is intended for business use by adults and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to the Organization’s account contact and/or posted on the Platform with an updated effective date. Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.
10. Contact Us
Questions about this Privacy Policy may be directed to:
PivotPoint Ideas, LLC
Email: stevek@pivotpointideas.com
Web: pivotpointideas.com
← Back