LogoPivot

Privacy Policy

Last Updated: February 27, 2026

Pivot Online LLC ("Pivot," "we," "us," or "our"), headquartered in Orlando, Florida, operates the Pivot platform ("Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service. By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your first name, last name, and email address.
  • Profile Information: Content you add to your Profile(s), including profile handles, photos, page content, links, and social media URLs.
  • Payment Information: When you subscribe to a paid plan, payment details (credit card number, expiration date, billing address) are collected and processed directly by our payment processor, Stripe, Inc. Pivot does not store your full credit card details on our servers.
  • Communications: Information you provide when contacting us for support or other inquiries.
  • Third-Party Integration Data: If you connect a third-party account (such as Gumroad or Patreon) via OAuth, we receive and store an access token and, where applicable, a refresh token to retrieve data from that service on your behalf. We also cache data retrieved from these services, such as product listings, pricing, campaign details, and membership tiers, to display on your Profile.
  • Custom Domain Information: If you connect a custom domain to your Profile, we store the domain name you provide and verify domain ownership through DNS record checks.

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
  • Device and Browser Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Cookies: We use cookies to maintain your session, store authentication state, and remember your preferences. See Section 6 for details.
  • Analytics Data: We use Umami, a privacy-focused, self-hosted analytics tool, to collect aggregated, anonymous data about site traffic such as page views, referral sources, and visitor counts. Umami does not use cookies, does not collect personal data, and does not track individual users across sites.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To create and manage your account, display your Profile(s), deliver the features you use, and facilitate third-party integrations (such as displaying your Gumroad products or Patreon campaigns).
  • Payment Processing: To process subscription payments, manage billing, and handle refund requests through Stripe.
  • Communications: To send transactional emails including account confirmations, subscription notifications, payment receipts, and service announcements.
  • Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the quality and performance of the Service.
  • Security: To detect, prevent, and respond to fraud, abuse, security threats, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party service providers who assist us in operating the Service, including:
    • Stripe, Inc. — Payment processing. Stripe processes your payment information in accordance with PCI-DSS standards. See Stripe's Privacy Policy.
    • Umami (self-hosted) — Privacy-focused website analytics. Umami is self-hosted on our infrastructure, does not use cookies, does not collect personal data, and is fully GDPR-compliant. See Umami's Privacy Policy.
    • Zoho Corporation — Email delivery (SMTP) for transactional communications.
    • Gumroad, Inc. — If you connect your Gumroad account, Pivot retrieves product and store data from Gumroad's API to display on your Profile. Pivot stores an OAuth access token to facilitate this connection. See Gumroad's Privacy Policy.
    • Patreon, Inc. — If you connect your Patreon account, Pivot retrieves campaign and membership tier data from Patreon's API to display on your Profile. Pivot stores OAuth access and refresh tokens to facilitate this connection. See Patreon's Privacy Policy.
  • Legal Requirements: We may disclose your information if required to do so by law, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

4. Public Profile Information

Your Profile content (including your profile handle, profile photo, pages, links, and social media links) is publicly accessible by design. Any information you add to your Profile can be viewed by anyone who visits your Profile URL. If you connect a custom domain, your Profile will also be accessible at that domain. Do not include sensitive personal information in your Profile that you do not wish to make public.

If you connect third-party accounts (such as Gumroad or Patreon) to your Profile, data retrieved from those services (such as product names, descriptions, pricing, campaign details, and membership tiers) will also be publicly displayed on your Profile.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes, enforcing our Terms, or complying with legal obligations).

Payment transaction records are retained as required by applicable tax and financial regulations.

6. Cookies

Pivot uses the following cookies:

Cookie NamePurposeType
pivot_userStores your user session information (email, user ID) to keep you logged inEssential
pivot_authStores encrypted authentication credentials for API accessEssential
pivot_profilesStores your profile data for account navigationEssential
pivot_csrfCSRF protection token to secure form submissionsEssential

Pivot only uses the essential cookies listed above. We do not set any analytics, advertising, or tracking cookies. Disabling essential cookies via your browser settings may prevent you from using certain features of the Service.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted authentication tokens, secure cookie policies (SameSite=strict), and secure payment processing through Stripe's PCI-DSS compliant infrastructure.

However, no method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals and relevant authorities in accordance with applicable laws, including the Florida Information Protection Act (FIPA), which requires notification within 30 days of discovery. Notifications will be sent via email to the address associated with your account.

9. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

For transfers of personal data from the European Economic Area (EEA) or United Kingdom (UK), we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Your Rights

10.1 All Users

Regardless of your location, you may:

  • Access and update your account information through your account settings
  • Close your account by contacting us at admin@pivot.gdn
  • Opt out of non-essential email communications

10.2 European Economic Area (EEA) and UK Residents — GDPR Rights

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Right to Object: Object to the processing of your data for certain purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Lawful Bases for Processing: We process your personal data on the following legal bases under GDPR Article 6:

  • Contract Performance: Processing necessary to provide the Service you have requested (account management, Profile hosting, payment processing).
  • Legitimate Interests: Processing for service improvement, security, and fraud prevention, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent, such as for marketing communications or non-essential cookies.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

To exercise any of these rights, contact us at admin@pivot.gdn. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10.3 California Residents — CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of collection, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Categories of personal information collected in the preceding 12 months:

  • Identifiers (name, email address, IP address, account ID)
  • Commercial information (subscription history, payment records)
  • Internet or electronic network activity (browsing history, interactions with the Service)
  • Inferences drawn from the above (usage patterns, preferences)

To submit a verifiable consumer request, contact us at admin@pivot.gdn. We will verify your identity before processing your request and respond within 45 days.

We honor Global Privacy Control (GPC) signals as valid opt-out requests in accordance with California law.

10.4 Florida Residents

As a Florida-based company, we comply with the Florida Information Protection Act (FIPA). In the event of a data breach involving your personal information, we will notify you within 30 days of discovery as required by FIPA.

11. Do Not Track Signals

Pivot does not use tracking cookies or analytics that track individual users. We honor Global Privacy Control (GPC) signals as valid opt-out preferences.

12. Third-Party Links and Integrations

The Service, including user Profiles, may contain links to third-party websites and services. We are not responsible for the privacy practices, content, or security of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

When you connect a third-party account (such as Gumroad or Patreon) to Pivot, you authorize that service to share certain data with us through their API. You can revoke this access at any time by disconnecting the integration in your Pivot account settings or by revoking access directly within the third-party service's settings. Upon disconnection, Pivot will remove stored access tokens and cached data associated with that integration.

13. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at admin@pivot.gdn.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Service and updating the "Last Updated" date. For significant changes, we will make reasonable efforts to provide notice via email. Your continued use of the Service after any modifications constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related concern, please contact us at:

Pivot Online LLC
Orlando, Florida
Email: admin@pivot.gdn

For GDPR-related inquiries, EEA and UK residents may also contact us at the email above. We will respond to data rights requests within 30 days.