Privacy Policy

Pivony ("we", "our", "us") is a B2B SaaS company providing AI-powered consumer intelligence and Voice of Customer (VoC) analytics. Our platform helps businesses collect, analyze, and act on customer feedback at scale.

Registered address: Pivony Technology Inc., 2093 Philadelphia Pike #4590, Claymont, Delaware 19703, USA.
Contact: privacy@pivony.com

We collect the following categories of personal data:

• Account data: Name, email address, job title, company name when you register or book a demo.
• Usage data: Pages visited, features used, session duration, and interaction logs within the platform.
• Communication data: Messages sent via contact forms, support requests, or emails.
• Technical data: IP address, browser type, device identifiers, and cookies (see Cookie Policy).
• Customer data (processed on behalf of clients): Any end-customer data uploaded by our business clients to the Pivony platform for analysis. Pivony acts as a data processor for this category.

We process your personal data for the following purposes:

• To provide, operate, and improve the Pivony platform and services.
• To communicate with you about your account, demos, and support requests.
• To send product updates and marketing communications (with your consent, which you may withdraw at any time).
• To comply with legal obligations and enforce our Terms of Use.
• To analyze aggregate usage patterns and improve platform performance.

We never use customer data to train AI models. Data processed on behalf of our clients is used solely to deliver the contracted service.

For users in the European Economic Area (EEA) and the United Kingdom, we rely on the following legal bases:

• Contract performance: Processing necessary to provide our services.
• Legitimate interests: Analytics, security, fraud prevention, and service improvements.
• Consent: Marketing emails and non-essential cookies.
• Legal obligation: Compliance with applicable laws.

All data is stored on Google Cloud Platform infrastructure, which is certified to ISO 27001, ISO 27017, and ISO 27018 standards. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Primary data residency is in the EU (Belgium, europe-west1) region. Clients may request a specific regional deployment under their enterprise agreement.

We retain personal data only as long as necessary for the purpose it was collected, or as required by law. Account data is deleted within 30 days of account termination upon request.

We do not sell your personal data. We may share data with:

• Service providers: Google Cloud (hosting), Stripe (payments), HubSpot (CRM), Intercom (support). All are bound by data processing agreements.
• Analytics providers: Anonymized and aggregated usage data with analytics tools.
• Legal authorities: When required by applicable law or court order.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent for marketing or non-essential cookies at any time.

To exercise any of these rights, email us at privacy@pivony.com. We will respond within 30 days.

For users in Turkey, Pivony complies with the Law on Protection of Personal Data (KVKK No. 6698). As a data controller, we register processing activities and provide the rights listed in Article 11 of KVKK, including the right to learn whether your data is processed, request information about processing, and request correction or deletion.

KVKK requests can be submitted to kvkk@pivony.com.

If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Pivony's services are intended for business professionals and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or prominent notice within the platform at least 14 days before changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Questions or concerns about this Privacy Policy?
Email: privacy@pivony.com
Address: 2093 Philadelphia Pike #4590, Claymont, Delaware 19703, USA