Privacy Policy

We collect the minimum we need to run PivotProof, we don't sell your data to anyone, and we never see your credit card. Specifics below.

• Account info — when you sign in with Google we receive your email, name, and profile picture from Google. That's it. We do not receive your contacts, calendar, drive, or any other Google data.
• Ideas you submit — the title, description, target customer, and stage of any startup idea you submit, plus the panel feedback generated for it. This is what makes the product work.
• Payment data — Stripe collects and processes all card data. We only see the amount, the pack purchased, and a Stripe session ID. We never see your card number, expiry, or CVC.
• Team and invite data — if you invite teammates, we store their email, your invite message, and their join status.
• Operational logs — IP address, browser/device user-agent, and page URLs, used only to debug errors and prevent abuse.

• To run the AI panel and return reports to you.
• To process payments through Stripe.
• To send transactional email (invite links, password resets, receipts) via Resend.
• To improve product quality and debug issues.
• To respond when you contact us at info@pivotproof.org.

We do not sell, rent, or trade your data. We do not use your submitted ideas to train AI models, and we do not share your reports with other users unless you explicitly choose to make a report public via the share link feature.

• Google — for sign-in (OAuth). Google's privacy policy.
• Stripe — for payment processing. Stripe's privacy policy.
• Anthropic (Claude) — to generate panel feedback. Your idea text is sent to Anthropic over an authenticated API. Per Anthropic's API terms, this data is not used to train their models.
• Resend — to deliver transactional email. Resend's privacy policy.
• MongoDB Atlas — to store user, session, and report data.

We use one piece of browser storage: a session token (stored inlocalStorage) to keep you logged in. We don't use third-party advertising cookies. We don't use Google Analytics or similar trackers.

You can:

• Request a copy of all data we hold about you.
• Delete your account and all associated data.
• Export your reports (PDF/ZIP via the in-app export feature).
• Withdraw consent at any time by deleting your account.

Email info@pivotproof.org for any data request. We typically respond within 7 days.

We keep your account and reports until you delete them. Once you delete your account, all personally identifying data is removed from our database within 30 days. Aggregate, anonymized usage statistics may be retained for product analytics.

PivotProof is not for users under 16. If we learn that a user is under 16, we will delete their account.

If we change this policy materially, we'll email you at the address on file before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.

Questions, complaints, or data requests: info@pivotproof.org.