Security + Privacy

At Pivott, security is a core value ingrained in everything we do. From the first line of code to the final product release, we prioritize the protection of your data and privacy.
Security Icon
Security
Our organization adheres to best-in-class data security and privacy industry best practices and requires all employees to undergo cybersecurity awareness training. Pivott leverages Amazon Web Services (AWS) to store and retrieve contract data according to the industry’s best practices in security, compliance, and data protection.
Privacy Icon
Privacy
Pivott treats all data provided by customers as strictly confidential and we only use data for your benefit. Pivott has implemented technical and organizational measures to protect the data. Additionally, we offer a range of implementations to suit specific organizational processes or privacy requirements. To see the extent to which we protect your privacy and data, please read our privacy policy.
Your Choice. Your Control.

Pivott offers 3 different ways to simplify and streamline the importing of your contracts and data into Pivott, all of which are optional. These options are designed to provide choice and flexibility.  From email forwarding to fully automated contract detection and synchronization, we can accommodate any security and privacy requirements.

Option 1:
Forward or Upload
How it works: Forward or upload selective contracts to Pivott.
Option 2:
Click to Automate
How it works: Add our Microsoft Outlook Add-in to enable one-click contract import from Outlook to Pivott.
Option 3:
Fully Automated
(recommended)
How it works: Add our Microsoft 365 App, set import rules, and all contracts meeting your criteria are automatically imported to Pivott.
Technology

Pivott maintains a formal information security program and information security personnel focused on protecting the information assets of our customers. The following provides a high-level overview of elements of the security that surrounds customer data in connection with our services.

Product + Cloud Infrastructure
Data Security
An arrow pointing Right
  • Encryption using TLS/SSL
  • Three-tier architecture for scalable, reliable and secure infrastructure.
  • VPN enforcement.
  • Software Development Life Cycle combines: technical, security, and DevOps expertise through continuous integration and deployment (CI/CD).
  • Isolated development, staging and production environments.
  • Peer code review.
  • Incident response team and communication plan.
  • No on-premise hosting.
Physical and Environmental Security
An arrow pointing Right
  • Single Sign-on SSO enforcemenThe Pivott Platform is hosted on AWS Cloud. For AWS data center compliance, please refer to: https://aws.amazon.com/compliance/
Application Security
An arrow pointing Right
  • IT senior management ensures that any business-critical changes at the application level are pre-approved and go through thorough security review. This is induced from architecture designing, specification defining phase to the deployment and testing phase. All builds, including nightly builds go through the security scanning.
  • The Pivott Platform can integrate with a subscriber identity provider for user authentication using industry-standard protocols like SAML2. OAuth\Open ID, WS-Fed. If Multi-Factor authentication is enabled on the identity provider side, the Pivott Platform by default, supports it.
  • Audits logs are maintained and monitored at a specific frequency.
  • All data at rest is encrypted using AES 256-bit encryption, which is provided by underlying AWS services. Encryption keys are managed by AWS. If required, Pivott can manage the encryption keys in the AWS Key Vault. For data in transit, data encryption is done using the certificate. Pivott has detailed audit logs in the system. The transaction audit log is captured in the history of the transaction. The Pivott Platform captures all user actions on the user record with date and time stamp.
Third Party Integrations
An arrow pointing Right
  • AWS cloud hosted in USA/Canada.
  • Two-Factor Authentication (2FA) enforced on all supported platforms.
  • SOC2 compliance required for 3rd party vendors/suppliers.
  • Hardware and software inventory management.
Business Continuity & Disaster Recovery
An arrow pointing Right
  • 3-2-1 backup strategy in place
  • All essential data is stored remotely using commercial cloud providers.
Organizational Security
Access & Authentication
An arrow pointing Right
  • Single Sign-on SSO enforcement.
  • Password length and complexity enforcement.
  • Principle of least privilege (PoLP) for access.
  • Privileged access management for (PAM) provides monitoring, detection and prevention of unauthorized access to critical resources.
Risk Management
An arrow pointing Right
  • All employees working on the Pivott Platform are subject to background verification, and are bound by contractual obligations of confidentiality. Employees go through various training sessions necessary to perform their duties, including training regarding information security and data protection.
  • User access and activity logging.
  • IT policy review
  • Comprehensive insurance