Your data is yours.
Always.
Pivony stores and encrypts customer data on ISO-certified Google Cloud infrastructure and never uses it for any purpose beyond delivering the service. Below is every security layer we apply — transparently.
Google Cloud
ISO 27001 · 27017 · 27018
GDPR & KVKK
Compliant
AES-256 + TLS 1.3
Encrypted
No data training
Your data stays yours
Security Layers
Protection at every layer
Google Cloud Infrastructure
All customer data is hosted exclusively on Google Cloud Platform — ISO 27001, ISO 27017, and ISO 27018 certified. Enterprise-grade availability, redundancy, and audit trails built in.
GDPR & KVKK Compliant
Pivony is fully compliant with EU GDPR and Turkish KVKK data protection regulations. A Data Processing Agreement (DPA) is available on request for enterprise procurement.
Encryption Everywhere
Data is encrypted at rest with AES-256 and in transit with TLS 1.3. No data is ever stored or transmitted in plain text.
Your Data Is Never Shared
Customer data is never sold, shared with advertisers, or disclosed to third parties. It is used solely to deliver the Pivony service to your organization.
No AI Training on Your Data
Pivony's AI models are trained on anonymized, aggregated datasets — never on your organization's customer data. Your insights stay yours.
Role-Based Access & Isolation
Each organization's data is logically isolated. Role-based access controls, audit logs, and session management ensure only authorized users can access your workspace.
Things we never do
These aren't buried clauses in a policy document. They're architectural constraints we enforce by design.
- ✕We do not sell your customer data to any third party, ever.
- ✕We do not use your customer data to train or fine-tune AI models.
- ✕We do not share your data with advertisers or analytics brokers.
- ✕We do not retain your data after contract termination — deletion is available on request.
GCP
Google Cloud Platform
ISO-Certified Infrastructure
Pivony hosts all customer data on Google Cloud Platform. GCP holds international certifications for information security management (ISO 27001), cloud security (ISO 27017), and protection of personal data in the cloud (ISO 27018). We chose this infrastructure not for cost alone, but for the proven security foundation that enterprise customers expect.
Frequently Asked Questions
Where exactly is my data stored?+
All data is stored on Google Cloud Platform servers. GCP maintains ISO 27001, ISO 27017, and ISO 27018 certifications. We do not use any other cloud provider for customer data.
Is my data used to train Pivony's AI?+
No. Pivony's NLU and AI models are trained on separately licensed, anonymized datasets. Your organization's customer feedback, tickets, and survey data are never used for model training or improvement.
Are you GDPR compliant?+
Yes. Pivony processes personal data in accordance with GDPR principles: lawful basis, data minimization, purpose limitation, and rights of the data subject. We can provide a Data Processing Agreement (DPA) for enterprise customers.
What happens to my data if I cancel?+
Upon contract termination, you may request full deletion of your organization's data from our systems. We will confirm deletion in writing within 30 days.
Can I get security documentation for procurement?+
Yes. We can provide a DPA, data flow diagram, sub-processor list, and responses to security questionnaires. Contact hello@pivony.com or request through your account manager.
Security questions?
You can request a DPA, data flow diagram, or technical security documentation as part of your procurement process.