1. Who we are
PivotYourIdea ("we", "us", "our") is operated by Atris Bekteshi ("the seller"), trading as PivotYourIdea. We act as the data controller for the personal data described in this notice. Contact: privacy@pivotyouridea.com.
2. Categories of personal data we collect
- Account data: name, email address, login credentials, profile metadata.
- Authentication identifiers: Google OAuth subject ID when you sign in with Google.
- Content you submit: startup ideas, prompts, validation inputs, chat messages.
- Support communications: messages you send to us and our replies.
- Usage and telemetry: pages visited, features used, request timestamps, error logs.
- Device data: IP address, browser type, operating system, device identifiers.
- Billing metadata: subscription/credit pack status, transaction IDs (full card data is never seen or stored by us — it is handled by Paddle).
3. Purposes and legal bases
- Provide the service (account creation, generating validations, storing your battle log) — legal basis: performance of a contract.
- Process payments and manage credits/subscriptions — legal basis: performance of a contract and legal obligation.
- Security, fraud prevention, abuse detection, service reliability — legal basis: legitimate interests.
- Product improvement (aggregated, de-identified analytics) — legal basis: legitimate interests.
- Customer support — legal basis: performance of a contract / legitimate interests.
- Marketing emails (only where you have opted in) — legal basis: consent.
- Compliance with law (tax, accounting, responding to lawful requests) — legal basis: legal obligation.
4. Data sharing — categories of recipients
- Paddle.com Market Limited — our Merchant of Record. Paddle handles the sale of our products, subscription management, payment processing, tax compliance, invoicing and refund handling. See Paddle's Privacy Notice.
- Hosting and infrastructure providers — Supabase (database, auth) and Cloudflare (edge hosting/CDN).
- AI / large language model providers — Google (Gemini) and equivalent providers used to generate validations, Devil critiques and reports. Your prompts and inputs are transmitted to these providers under their data-processing terms.
- Professional advisers — accountants and legal counsel as needed.
- Authorities — where required by law, court order or regulator.
We do not sell your personal data.
5. International transfers
Some recipients above are located outside your country, including the United States. Where data leaves the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and applicable adequacy decisions.
6. Data retention
- Account data: kept for as long as your account is active, plus up to 90 days after deletion to complete removal across backups.
- Validations and content you generate: retained while your account is active; deleted within 90 days of account deletion or earlier on request.
- Billing and tax records: retained by Paddle and by us for up to 7 years to meet legal/accounting obligations.
- Support communications: up to 24 months after the last interaction.
- Server and security logs: typically 30–90 days.
When data is no longer needed, it is deleted or irreversibly anonymised.
7. Your rights
Subject to applicable law (including GDPR/UK GDPR where relevant), you have the right to: access, rectify, erase, restrict or object to processing of your data; data portability; withdraw consent at any time; and lodge a complaint with your local data protection supervisory authority. We will respond within one month of a verified request.
To exercise a right, email privacy@pivotyouridea.com. You can also delete your account from the app at any time.
8. Security
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest for our database, row-level access controls, least-privilege admin access, audit logging, and regular dependency updates. No system is 100% secure; we encourage you to use a strong, unique password.
9. Cookies
We use strictly necessary cookies for authentication and session management, and a minimal amount of first-party analytics to understand reliability and feature usage. We do not use third-party advertising cookies. You can manage cookies in your browser at any time.
10. Changes to this notice
We may update this notice from time to time. Material changes will be communicated in-app or by email. The "Last updated" date above reflects the most recent revision.