Pivots Hiring← Back
Legal Document

Privacy Policy

Effective: March 1, 2026Last updated: March 1, 2026

This Privacy Policy describes how Pivots Global LLC collects, uses, and shares information about you when you use the Pivots Hiring platform at pivots-hiring.com. By using the Service, you agree to the collection and use of information as described in this policy.

01

Who This Policy Applies To

Client Users

Companies that sign in and use the hiring dashboard

Applicants

Individuals who submit job applications through the platform

Visitors

Anyone who browses public pages such as job listings or candidate profiles

02

Information We Collect

Information You Provide — Clients

  • Name and email address (via Google OAuth sign-in)
  • Company name (entered during account setup)
  • Payment information (processed by Stripe — we do not store raw card data)
  • Job listings and hiring pipeline data you create

Information You Provide — Applicants

  • Full name, email address, and phone number
  • LinkedIn URL, GitHub URL, personal website, portfolio links
  • Resume / CV (uploaded as PDF or text)
  • Cover letter and code examples
  • Video and text interview responses

Collected Automatically

  • Pages visited, features used, time spent on pages
  • Browser type, operating system, IP address
  • Authentication session cookies and CSRF tokens
  • AI screening scores, fit decisions, and interview transcripts

From Third Parties

  • Google OAuth: name, email, profile picture — no Google password, no access to other Google services
  • Stripe: customer ID, subscription status, billing events — no full card number stored
03

How We Use Your Information

We do not sell your personal data to third parties. We do not use candidate data to train external AI models without explicit consent.
PurposeLegal Basis
Provide and operate the ServiceContract performance
Process payments and manage subscriptionsContract performance
Screen and score job candidates using AILegitimate interest / Contract
Send transactional emails (confirmations, invites, status updates)Contract performance
Send account and billing notificationsContract performance
Analyze and improve the ServiceLegitimate interest
Prevent fraud and abuseLegitimate interest
Comply with legal obligationsLegal obligation
04

Email Communications

To Clients

  • Account setup and welcome
  • Subscription confirmation, renewal reminders, and receipts
  • New candidate application notifications
  • Interview request confirmations
  • Platform updates and feature announcements (unsubscribable)

To Applicants

  • Application received confirmation
  • AI screening result notification
  • Interview invitation and scheduling
  • Status update notifications

To unsubscribe from non-transactional emails, use the unsubscribe link in any marketing email or contact [email protected].

05

Cookies

CategoryNamePurposeRequired
Authenticationauthjs.session-tokenKeeps you signed inYes
CSRF Protectionauthjs.csrf-tokenPrevents cross-site request forgeryYes
Callback URLauthjs.callback-urlRestores redirect destination after OAuthYes
AnalyticsPlausible / VercelAnonymous usage statisticsNo (consent)
PaymentStripe.jsFraud prevention during checkoutYes (payment pages)
Preferencescookie_consentStores your cookie consent choiceYes

You can control non-essential cookies through your browser settings or our cookie consent banner. Disabling authentication cookies will prevent you from signing in.

06

Payment Processing

Payments are processed by Stripe, Inc. Your card data goes directly to Stripe and is never transmitted to or stored by Pivots Global LLC. Stripe is PCI DSS Level 1 certified.

We store only: Stripe customer ID, subscription ID, plan name, and billing status.

Stripe's privacy policy: stripe.com/privacy

07

Analytics

We do not use Google Analytics or other advertising-based analytics platforms that track users across sites.

We may use:

  • Plausible Analytics — privacy-friendly, no cross-site tracking, no personal data sold
  • Vercel Analytics — infrastructure-level, anonymized
  • Custom event logging for feature usage (stored in our own database)
08

Data Sharing

We share your information only in the following circumstances:

Service providers: Stripe (payments), Google (OAuth), email delivery providers, hosting — only to the extent necessary to operate the Service.
Legal requirements: If required by law, subpoena, or government request.
Business transfers: If Pivots Global LLC is acquired or merges, your data may be transferred (you will be notified).
With your consent: We will ask before sharing in any other case.
We do not share candidate personal data between competing client companies. Client A cannot see Client B's pipeline.
09

Data Retention

Data TypeRetention Period
Client account dataUntil account deletion + 90 days
Candidate application data2 years from submission, or until deletion request
Payment records7 years (legal/tax requirement)
AI analysis results2 years or until candidate deletion request
Session/auth tokens30 days (rolling)
Server logs90 days

You may request deletion of your data at any time (see Section 11).

10

Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data, contact us and we will delete it promptly.

11

Your Rights

Access

Request a copy of the personal data we hold about you

Correction

Request correction of inaccurate data

Deletion

Request deletion of your data ("right to be forgotten")

Portability

Request your data in a machine-readable format

Objection

Object to processing based on legitimate interest

Withdraw consent

Withdraw consent for analytics or marketing at any time

To exercise your rights: [email protected] — we respond within 30 days.

California residents (CCPA): You have the right to know what personal information is collected, the right to delete it, and the right to opt out of sale (we do not sell personal data).

EU/UK residents (GDPR): You have the right to lodge a complaint with your local data protection authority.

12

Data Security

All data transmitted over HTTPS/TLS
Authentication via Google OAuth — we never store passwords
Database credentials stored in environment variables, never in code
Session tokens signed and encrypted (NextAuth.js JWT)
Candidate resumes never exposed publicly without authorization
Access to candidate data is role-based and client-scoped

Despite these measures, no system is 100% secure. We will notify affected users of any data breach within 72 hours of discovery.

13

International Transfers

Our servers are located in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We use Standard Contractual Clauses (SCCs) for transfers from the EU/UK where required.

14

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notice at least 14 days before they take effect. The “Last Updated” date at the top reflects the most recent version.
15

Contact Us

Pivots Global LLC

Privacy: [email protected]

Legal: [email protected]

App

Third-Party Services

ServicePurposePrivacy Policy
Google OAuthAuthenticationpolicies.google.com/privacy
StripePayment processingstripe.com/privacy
Anthropic Claude APIAI candidate screening & interviewsanthropic.com/privacy
VercelHosting & infrastructurevercel.com/legal/privacy-policy