Pivot Privacy Policy
1. Introduction and Scope
Welcome to Pivot. This Privacy Policy explains how Pivot Technology LLC ("Pivot", "we", "us", or "our") collects, uses, shares, and protects your personal information. Pivot operates a digital marketplace platform via our mobile application that connects learner drivers ("Learners") with Approved Driving Instructors ("Instructors") to facilitate the booking and management of driving lessons within the United Kingdom.
We are a UK-registered company committed to protecting your personal data and respecting your privacy in strict accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This policy applies to all users of the Pivot application.
2. Data Controller and Contact Information
For the purposes of the UK GDPR, the Data Controller responsible for your personal information is Pivot Technology LLC.
Our Contact Details:
Email: contact@pivottech.co.uk
Corporate Entity: Pivot Technology LLC
3. Information We Collect
The personal data we collect depends on whether you utilize the application as an Instructor or a Learner.
Information Collected from Instructors:
To facilitate your professional profile and allow Learners to discover you and book lessons within your working hours, we collect: Your full name, phone number, email address, encrypted account password, residential or business address, profile images, your specific lesson pricing structures, the driving test centres you utilize, your operational schedule, working hours, and time off.
To verify your professional standing and ensure Learner safety, we collect: Your Approved Driving Instructor (ADI) number.
To allow Learners to identify you at the pickup location, we collect: Your vehicle make and model, photographs of the vehicle, and your vehicle registration mark (car number plate).
Information Collected from Learners:
To create your account and facilitate lesson bookings, we collect: Your full name, email address, encrypted account password, phone number, and residential address.
To facilitate the physical driving lesson, we collect: Your designated pickup locations (which may be the same as your residential address).
We also maintain a historical record of the purchases you have made on the app and the lessons you have booked.
Information Collected Automatically (Telemetry and Technical Data):
When you interact with the Pivot application, we automatically collect technical information to ensure the app functions securely and efficiently. This includes: Your device IP address, device type, operating system information and version, the Pivot application version installed, and diagnostic crash logs.
- Location Data: The application requests access to your device's GPS and location services to facilitate interactive mapping features. This location data is utilized in real-time to render maps via third-party APIs but is not persistently stored on our database servers.
- Cookies: The application utilizes strictly necessary cookies exclusively to authenticate user requests and maintain secure login sessions. We do not utilize any advertising, tracking, or cross-site analytics cookies that would monitor your behavior outside of the Pivot application.
Financial and Verification Information (Processed via Stripe):
Pivot utilizes Stripe Connect to process all financial transactions. When Instructors submit government-issued IDs for verification and bank routing information for payouts, or when Learners submit payment card details for lesson purchases, this data is transmitted directly to Stripe. Pivot temporarily passes this data through our application programming interface (API) but does not persistently store your raw bank account details or full payment card numbers on our servers.
4. How We Use Your Data and Our Lawful Basis
Under the UK GDPR, we must establish a valid "lawful basis" for every processing activity we undertake. We process your data under the following legal grounds:
| Purpose of Processing | Data Utilized | Lawful Basis under UK GDPR |
|---|---|---|
| Account Creation & Service Delivery: To register your account, manage instructor schedules, process lesson bookings, and facilitate communication between Learner and Instructor. | Names, Addresses, Emails, Passwords, Phone Numbers, Pricing, Pickup Locations, Driving Centres, Schedule, Working Hours, Time Off. | Contractual Necessity (Article 6(1)(b)) – Processing is required to fulfill our Terms of Service. |
| Safety & Verification: To verify instructor credentials via the DVSA and ensure vehicles are properly identified. | ADI Number, Vehicle Make/Model, Number Plate (VRM). | Contractual Necessity & Legal Obligation (Article 6(1)(c)) – Adherence to industry safety standards. |
| Security, Stability & Optimization: To prevent fraudulent activity, monitor network stability, and debug application errors. | Device IPs, OS/App Versions, Crash Logs. | Legitimate Interests (Article 6(1)(f)) – To ensure the platform remains secure and functional. |
| Financial Processing & Compliance: To process payments, issue instructor payouts, and maintain auditable financial records. | Purchase History, Stripe Verification IDs, Bank/Card Information. | Contractual Necessity & Legal Obligation – Compliance with UK taxation and Anti-Money Laundering laws. |
| Dynamic Mapping Features: To render geographical maps within the app. | Ephemeral GPS/Location Data. | Consent (Article 6(1)(a)) – Obtained via your mobile device's native permission settings. |
5. How We Share Your Information
We share your personal data with specific categories of third parties strictly to operate the marketplace, ensure safety, and comply with the law.
Instructor-to-Learner Data Sharing (Privacy by Design):
To arrange a lesson, we share the Instructor's public profile (Name, Vehicle, Pricing, Photos) with the Learner. To protect Learner privacy, we employ a delayed-sharing mechanism. The Learner's exact pickup address and phone number are strictly withheld from the Instructor until exactly 24 hours prior to the scheduled lesson. This information is displayed to the Instructor exclusively within the secure environment of the Pivot application. To enforce strict data minimization, this information is automatically hidden from the Instructor's view 24 hours after the lesson has completed. Pivot retains full control of this data throughout the process.
Third-Party Service Providers:
- Payment Processing (Stripe): We utilize Stripe Connect for all payment processing and connected account payouts. Stripe acts as an independent Data Controller regarding the financial data, ID verification, and bank information it processes to comply with financial regulations. We highly recommend reviewing Stripe's Privacy Policy.
- Cloud Infrastructure (AWS): We utilize Amazon Web Services (AWS) to securely host our application database and API infrastructure. AWS acts as our Data Processor and only processes data under our strict instructions.
- Location Services (Google): We utilize Google APIs to provide map data and location services. GPS data transmitted to Google to render these maps is subject to Google's terms of service.
6. Data Retention Policy
We keep your personal data only for as long as is strictly necessary to fulfill the purposes outlined in this policy. Our standard retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Active Account Profile Data | Retained for the duration of your active account lifecycle. Upon requesting account deletion, standard profile data is erased within 30 days. |
| Financial & Transactional Records | By law (HMRC regulations), we must retain records of purchases, financial transactions, and tax-relevant data for 6 years following the transaction. |
| Lesson Booking Histories | Retained securely for 6 years following the event to defend against potential legal claims under the UK Limitation Act 1980. |
| Technical Logs & Crash Data | Device IPs, access logs, and diagnostic crash logs are retained for 90 days for security monitoring, after which they are deleted or heavily anonymized. |
7. Data Security
We implement robust, industry-standard technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS). Data stored within our AWS databases is encrypted at rest. User passwords are cryptographically hashed and never stored in plain text. Access to our internal databases is strictly limited to authorized personnel utilizing role-based access controls.
8. International Data Transfers
While we prioritize keeping your personal data within the UK, some of our third-party service providers (such as Stripe or Google) may process your data outside the United Kingdom. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by implementing appropriate legal safeguards, such as utilizing the UK Information Commissioner’s Office approved International Data Transfer Agreement (IDTA) or relying on official Adequacy Decisions.
9. Your Data Protection Rights
Under the UK GDPR, you possess significant rights regarding your personal data. You have the right to:
- Request Access: Obtain a copy of the personal data we hold about you.
- Request Rectification: Correct any inaccurate or incomplete personal data (e.g., updating your ADI number or address).
- Request Erasure: Ask us to delete your personal data (subject to our legal obligations to retain financial records for 6 years).
- Object to Processing: Object to our processing of your data where we rely on legitimate interests.
- Request Restriction: Ask us to suspend the processing of your data in specific scenarios.
- Request Data Portability: Receive your data in a structured, commonly used, machine-readable format.
To exercise any of these rights, please contact us at support@pivottech.co.uk. We will respond to all legitimate requests within one calendar month.
10. Complaints
If you have any concerns regarding our use of your personal information, you can make a complaint to us at support@pivottech.co.uk or by writing to us at the address provided in Section 2.
If you remain unhappy with how we have handled your data, you retain the fundamental right to lodge a formal complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113