Last Updated: 30/09/2024

Introduction

Pivot Point Pty Ltd (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy outlines how we manage personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable regulations. By using our website, products, and services, including our AI-powered chatbot solutions, you consent to the terms of this Privacy Policy.

1. Information We Collect

We collect personal and non-personal information as outlined below:

1.1 Personal Information

Personal information refers to any data that identifies or could identify an individual, such as:

  • Name
  • Email address
  • Phone number
  • Shipping address or Order details (e.g. for e-commerce clients)

No sensitive personal information (e.g. financial details) will be requested from users using any of our chatbots or AI tools.

1.2 Non-Personal Information

We also collect non-personal information that cannot identify an individual, such as:

  • IP address
  • Browser type
  • Device type
  • Usage patterns via cookies and other tracking technologies

2. How We Collect Personal Information

We will only collect personal information that is reasonably necessary for our business activities and that you provide through our website, chatbot services, and other interactions. We also collect data that is requested by our clients to be collected from their users through our chatbot services. We will inform you about the purpose of data collection and obtain your consent before collecting any personal information, as required under APP 3.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our AI chatbot services.
  • To personalise the user’s experience and respond to customer support enquiries.
  • To analyse trends and improve our website and services.
  • To pass collected data to our clients’ CRM systems for further follow up with users/
  • To comply with legal obligations and government regulations.

All use or disclosure of personal information will be conducted in accordance with APP 6, which requires that personal information only be used or disclosed for the purposes it was collected or as otherwise permitted by law.

4. Data Storage and Cross-Border Transfers

4.1 Data Storage

Your data is securely stored in our server currently located in Sydney, Australia or in a different location in Australia as server locations may change from time to time. Our data storage systems are regularly reviewed and updated to ensure compliance with relevant laws and the Australian Privacy Principles.

4.2 Cross-Border Data Transfers

We may transfer your personal information to overseas service providers, such as OpenAI, for processing. These transfers comply with APP 8, which ensures that overseas recipients protect your information to standards comparable to Australian law. 

Please note that while OpenAI processes your data for the functionality of the chatbot, it does not retain your personal data unless specified otherwise. You can view OpenAI’s privacy policy here.

Currently, our data storage and application processing servers are located in Australia, while service providers like OpenAI operate in the USA. We have agreements in place to ensure that these providers meet Australian privacy and security requirements.

Additionally, we mirror and index publicly available content from our clients’ websites onto a private server in Virginia, USA, to provide faster access for our chatbots when answering user queries. No personal or confidential information is stored on this server—only publicly available information from client websites necessary for answering user enquiries.

If a client opts to use our Google Drive document sharing facility, all shared documents are governed by Google Drive’s terms of service and privacy policies. We recommend reviewing these policies to understand how Google handles and protects your data. While we facilitate access, we do not control or manage Google’s security or privacy protocols.

5. Data Protection and Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, in compliance with APP 11. We employ industry-standard security measures, including:

  • Data Encryption and Access Control: All sensitive information, including user passwords and API Keys are encrypted both at rest and in transit using industry-standard encryption protocols. We use strict access control measures to ensure that only authorised personnel can access sensitive data. This is done using an industry-standard cryptographic hashing algorithm for encrypting passwords, which includes salting and multiple rounds of hashing. This approach adheres to best practices for password security, ensuring that passwords are highly resistant to brute-force attacks and other forms of unauthorised access. Our encryption method follows guidelines recommended by leading cybersecurity standards to provide strong protection for sensitive data.

6. Privacy and Consent Management

We prioritise transparency and user control over personal data. Our systems are designed to ensure that:

  • Consent: Users may at any time request to withdraw their consent for data collection and processing at any time, as required by APP 3 and APP 5.
  • Data Access and Correction: In compliance with APP 12 and APP 13, users have the right to request access to their personal data and correct any inaccurate or incomplete information. To request access or corrections, users need to contact Client to access the conversations stored on our server and may share that information accordingly.
  • Right to Be Forgotten: Users can request the deletion of their personal data in compliance with the right to erasure under the Australian Privacy Act. Clients will need to monitor the recorded responses accordingly and request deletion of personal data from Pivot Point for those conversations.

7. Data Retention and Disposal

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. When personal information is no longer needed, it will be securely destroyed or de-identified in accordance with APP 11.

8. Notifiable Data Breaches (NDB) Scheme

We are committed to complying with the Notifiable Data Breaches (NDB) scheme under the Australian Privacy Act. If a data breach occurs that is likely to result in serious harm, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and in any event within 30 days, as per the NDB scheme requirements.

We will also take steps to contain the breach and prevent further occurrences, and we will provide guidance to affected individuals on how to mitigate potential harm.

9. Third-Party Service Providers

We may share personal information with third-party service providers for the purpose of delivering our services (e.g. OpenAI for chatbot processing). These providers are contractually obligated to comply with Australian privacy laws and protect the confidentiality and security of personal information.

10. Use of Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to enhance your experience on our website. You can control the use of cookies through your browser settings. 

11. Individual Rights

As outlined by APP 12 and APP 13, you have the right to:

  • Access the personal information we hold about you.
  • Request corrections or updates to your personal information.
  • Request the removal of your data in accordance with the right to erasure.

To exercise any of these rights, please contact us at hello[at]pivotpoint.biz. We will respond to your request within a reasonable timeframe.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy in response to changes in legal requirements, including amendments to the Australian Privacy Act. Any changes will be posted on this page, and we encourage you to review the Privacy Policy periodically.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Pivot Point Pty Ltd
Email: hello[at]pivotpoint.biz
Phone: +61 2 8007 2907
Address: 31/192a Kingsgrove Rd, Kingsgrove, NSW 2208, Australia