Privacy Policy

Effective Date: 25 March 2026

This Privacy Policy explains how Pivotal Digital Ltd ("we", "us", or "Pivotal") collects, uses, shares, and protects your personal data when you use the Landing Platform service ("Service"). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Pivotal Digital Ltd is the data controller for the personal data we collect about you as a user of the Service. For personal data that you upload to the Service about your own customers or contacts, you are the data controller and we act as your data processor.

2. Information We Collect

Information you provide:

  • Account information: Name, email address, company name, phone number, and billing details when you create an account
  • Profile information: Avatar, job title, industry, team size, and preferences you set within the Service
  • Content: Landing pages, images, documents, branding assets, and other content you create or upload
  • Communications: Messages you send to us via support, feedback, or other channels

Information collected automatically:

  • Usage data: Pages visited, features used, actions taken, and timestamps
  • Device information: Browser type, operating system, screen resolution, and device identifiers
  • Network information: IP address, approximate location (country/region), and referring URL
  • Cookies and similar technologies: See Section 9 below

Information from third parties:

  • OAuth providers: When you connect social media or other accounts, we receive basic profile information as authorised by you
  • Payment processors: Transaction confirmations and billing status from Stripe or PayPal

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service provision: To operate, maintain, and improve the Service, including AI-powered features such as landing page generation and brand analysis
  • Account management: To create and manage your account, process payments, and communicate about your subscription
  • Customer support: To respond to your enquiries and provide technical assistance
  • Security: To detect, prevent, and investigate security incidents, fraud, and abuse
  • Product improvement: To analyse usage patterns and improve the Service's features and performance
  • Communications: To send you service updates, security alerts, and (with your consent) marketing communications
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

4. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

  • Performance of contract: Processing necessary to provide the Service you have subscribed to
  • Legitimate interests: Processing for our legitimate business interests (such as security, fraud prevention, and product improvement), where these are not overridden by your rights
  • Consent: Where you have given explicit consent (such as for marketing communications). You may withdraw consent at any time
  • Legal obligation: Processing necessary to comply with our legal obligations

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers: Trusted third parties who assist us in operating the Service, including cloud hosting, payment processing (Stripe, PayPal), email delivery, and AI services (Anthropic). These providers are contractually bound to protect your data
  • Within your organisation: Other members of your team or organisation as determined by your account settings
  • Legal requirements: When required by law, court order, or governmental authority, or to protect our rights, safety, or property
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity

6. AI Processing

The Service uses AI models (including Claude by Anthropic) to power features such as landing page generation, content analysis, and brand extraction. When using these features:

  • Only the data necessary for the specific task is sent to the AI provider
  • AI providers process data according to their own privacy policies and our data processing agreements
  • Your data is not used to train AI models
  • You can choose not to use AI-powered features

7. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations for countries deemed to provide adequate data protection
  • International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination:

  • Your data is available for export for 30 days
  • After 30 days, your data is permanently deleted from our active systems
  • Backup copies may persist for up to 90 days before being overwritten

We may retain certain data for longer periods where required by law (such as financial records for tax purposes) or to resolve disputes.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for the Service to function (authentication, security, session management)
  • Analytics cookies: To understand how the Service is used and to improve it
  • Preference cookies: To remember your settings and choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

10. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request that we restrict the processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at privacy@pivotal.digital. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Effective Date" at the top of this policy indicates when it was last revised.

14. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at:

Pivotal Digital Ltd
Data Protection Enquiries
Email: privacy@pivotal.digital
Website: https://landing.pivotal.digital