Your Data, Protected

Privacy Policy

How we collect, use, and protect your data. Your privacy is fundamental to us.

Privacy Dashboard Terms of Service
Effective Date: 2026-05-07 Version: 2.1
Your privacy is fundamental to us at LeanPivot.ai. This Privacy Policy explains what information we collect from you, how we use it, how we protect it, and your rights regarding your data. We want you to feel confident using our platform and interacting with PivotBuddy, knowing that we handle your information with the highest standards of care and transparency. For important disclaimers about AI-generated content and service limitations, please also review our Terms of Service.

1. Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, password, startup stage, industry, and profile preferences
  • Business Content: Business ideas, plans, goals, vault content, chat conversations with PivotBuddy, and responses to plan generators
  • Communication Data: Messages you send us, feedback, support requests, and survey responses
  • Payment Information: Billing address and payment details (processed securely by our payment processor Stripe)

Information We Collect Automatically

  • Usage Data: Features used, time spent on platform, click patterns, session recordings (anonymized), and interaction patterns
  • Technical Data: IP address, browser type, device information, operating system, referring URLs, and access logs
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies, and tracking pixels (with your consent)
  • Performance Data: Error logs, crash reports, and system performance metrics

Information from Third Parties

  • Social Login: If you use social media login, we receive basic profile information
  • Referral Data: Information about referrals and referral rewards from our referral program
  • Payment Data: Transaction confirmations and payment status from Stripe
  • Affiliated Platform Data: Your subscription status may be shared with LeanPivot Payments, an affiliated marketplace platform operated by LeanPivot Solutions, LLC, solely to manage your ecosystem benefits

2. How We Use Your Data

Service Operation and Delivery

  • Platform Functionality: Operating LeanPivot.ai, processing AI requests, managing your vault content, and tracking your progress
  • Account Management: Creating and maintaining your account, subscription management, and providing customer support
  • AI Processing: Using your inputs to generate personalized responses through PivotBuddy and our plan generators
  • Payment Processing: Handling subscriptions, processing payments, managing billing, and issuing refunds

Personalization and Improvement

  • Content Personalization: Tailoring content, recommendations, and AI responses based on your startup stage and preferences
  • Service Improvement: Analyzing usage patterns to improve features, fix bugs, and develop new functionality
  • Research and Development: Improving AI models and developing new features (using anonymized or aggregated data)
  • Quality Assurance: Monitoring service performance and ensuring optimal user experience

Communication and Marketing

  • Essential Communications: Service updates, security alerts, billing notifications, and policy changes
  • Marketing Communications: Newsletter, product updates, and promotional content (with your consent, opt-out anytime)
  • Referral Program: Managing referral rewards, tracking referral performance, and processing coin transactions

Legal and Security

  • Security: Preventing fraud, protecting against security threats, and maintaining platform integrity
  • Legal Compliance: Complying with applicable laws, responding to legal requests, and enforcing our terms
  • Business Continuity: Backup and disaster recovery, business transfers, and regulatory compliance

4. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy.
  • Active Accounts: Data retained while your account is active and for legitimate business purposes
  • Account Deletion: Most data deleted within 30 days of account deletion request
  • Legal Retention: Some data retained longer for legal compliance (payment records, legal claims)
  • Anonymized Data: Aggregated, anonymized data may be retained indefinitely for analytics
  • AI Interactions: Chat histories stored for your convenience, can be deleted through account settings
  • Financial Records: 7 years for tax and legal compliance requirements

5. Your Rights

GDPR Rights (EU Residents)

  • Access your personal data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Data portability
  • Object to processing
  • Restrict processing

CCPA Rights (California Residents)

  • Know what data we collect
  • Delete personal information
  • Opt-out of data sales (we don't sell data)
  • Non-discrimination for exercising rights
Privacy Dashboard Export My Data

6. Cookies and Tracking

We use cookies to enhance your experience. You can manage your preferences:

Cookie Categories
  • Essential: Required for basic functionality
  • Analytics: Help us understand usage
  • Marketing: Personalized content
  • Functional: Remember preferences
Manage Cookies

7. International Data Transfers

LeanPivot.ai operates globally, and your data may be transferred to and processed in countries other than your own:

Data Transfer Safeguards

  • Adequacy Decisions: We transfer data to countries with adequate protection as determined by applicable law
  • Standard Contractual Clauses: EU-approved contractual protections for transfers to non-adequate countries
  • Data Processing Agreements: Contractual safeguards with all service providers handling your data
  • Certification Programs: Partners certified under Privacy Shield successors or similar frameworks

Primary Data Locations

  • United States: Primary data processing and storage location
  • European Union: Data processing for EU users may occur within the EU
  • Cloud Providers: AWS, Google Cloud infrastructure with global presence
  • AI Processing: AI services may process data in multiple jurisdictions with appropriate safeguards

8. Information Sharing and Disclosure

We do not sell your personal data.

We only share your information in specific, limited circumstances with appropriate safeguards:

Service Providers and Partners

  • Cloud Infrastructure: AWS, Google Cloud, or similar providers for hosting and data storage
  • AI Processing Providers: Contracted AI providers (OpenAI, Anthropic, Google Cloud Gemini) under strict data protection agreements
  • Payment Processing: Stripe for payment processing and subscription management
  • Communication Services: Email service providers, SMS services, and customer support platforms
  • Analytics and Monitoring: Google Analytics, error monitoring, and performance monitoring services

Affiliated Platforms

  • LeanPivot Payments: When your subscription status changes (subscribe, upgrade, downgrade, or cancel), we securely notify our affiliated marketplace platform, LeanPivot Payments, so that your ecosystem benefits (reduced marketplace fees, instant payouts, and billing waivers) are automatically applied or removed. The only data transmitted is your email address and subscription status (active or inactive). Your email is looked up using a privacy-preserving blind index (HMAC-SHA256) on the receiving platform and is never stored in plaintext logs. This communication is encrypted via TLS 1.3, authenticated with API keys, and restricted by IP allowlisting. No business content, AI coaching data, or financial details are shared through this integration.

Legal and Regulatory Requirements

  • Legal Process: Court orders, subpoenas, or other valid legal processes
  • Law Enforcement: When required by law or to prevent illegal activity, fraud, or harm
  • Regulatory Compliance: Compliance with applicable laws, regulations, or government requests

Business Transfers

  • Mergers and Acquisitions: If LeanPivot Solutions, LLC is acquired, merged, or sells assets
  • User Notification: We will notify you of any such transfer and your choices regarding your data
  • Continued Protection: Any successor entity will be bound by the same privacy commitments

9. Data Security and Protection

Encryption

Data encrypted in transit (TLS 1.2+), at rest (AES-256), and at the field level (Fernet encryption for sensitive business data including coaching sessions, AI-generated plans, goals, and customer interviews)

Input Sanitization

All user-generated content is filtered against cross-site scripting (XSS) and injection attacks using industry-standard HTML sanitization before rendering. Custom code on landing pages is validated and restricted

Access Control

Role-based access and MFA

24/7 Monitoring

Threat detection and response

10. AI Data Processing and Protection

AI Data Processing and Protection
AI Data Usage Principles
  • Purpose Limitation: Your data is used only to generate responses for you, not to train public AI models
  • Confidentiality: Your business ideas, plans, and conversations remain confidential
  • Data Minimization: We only process the minimum data necessary for AI responses
  • No Cross-User Training: Your proprietary business information is never used to improve responses for other users
Third-Party AI Processors
  • Trusted Partners: Enterprise-grade AI services (Google, OpenAI, Anthropic) with strict data protection agreements
  • Contractual Protection: All AI service providers are prohibited from using your data for their own purposes
  • No Persistent Storage: Third-party AI processors don't retain your data beyond processing your immediate request
User Responsibility and Disclaimers
  • Informational Purposes Only: AI-generated outputs are for informational purposes only and do not constitute professional advice
  • User Responsibility: You are solely responsible for the accuracy, legality, and appropriateness of the data you provide
  • No Warranty: We make no representations about the accuracy, reliability, or completeness of AI-generated outputs
User Control
  • Session Storage: Chat histories stored for your convenience and can be deleted through account settings
  • Aggregated Analytics: Usage patterns analyzed in aggregate without identifying individuals
  • Deletion Rights: You can request deletion of your AI interaction history at any time

11. Contact Information

Privacy-Specific Contacts

Self-Service Options

Business Information

  • Company: LeanPivot Solutions, LLC
  • Address: Available upon request for legal correspondence
  • EU Representative: Contact privacy@leanpivot.ai for EU representative information
  • Response Time: We respond to privacy inquiries within 72 hours

Supervisory Authorities

You have the right to file a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO)
  • EU: Your national Data Protection Authority
  • California: California Attorney General

Last updated: 2026-05-07

Print this policy