Privacy statement.
How we handle your data — on this website and inside our AI services. Short, clear, no black box.
1. Controller
The controller for data processing on this website and in connection with our services is: Pivot Pilot Karl-Marx-Platz 9 94439 Roßbach Germany Email: landgraf@pivot-pilot.com Phone: +49 1516 1858793 Reach out to us at the contact details above for any privacy-related question.
2. Scope
This statement explains the nature, scope, and purpose of how we process personal data — both when you visit this website and when you use our AI services (phone assistants, email automations, and further agents). Legal basis is the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We only process data on the basis of a legal ground under Art. 6 GDPR — in particular consent, contract performance, legal obligation, or legitimate interest.
3. Server log files
When you visit this website, our hosting provider automatically collects technical data your browser transmits: • IP address (typically anonymized) • date and time of access • page requested and amount of data transferred • browser type and operating system • referrer URL This data is processed to ensure stable operation, defend against attacks, and produce aggregate statistics (Art. 6(1)(f) GDPR). Log files are deleted after 14 days unless a security incident requires longer retention.
4. Cookies and local storage
This website uses only strictly necessary cookies and local storage (for example to remember your language preference). No consent is required for this. We do not use tracking, advertising, or profiling cookies. If we add analytics tools in the future, we will obtain your explicit consent first.
5. Contact form
If you use the contact form, the data you enter (name, email address, optional phone number, message) is processed to handle your request (Art. 6(1)(b) and (f) GDPR). Form delivery is handled by Formspree (Formspree Inc., USA). Transfer of data to the US is based on the EU Standard Contractual Clauses. We retain inquiries for as long as needed to handle the request and any follow-up, at most 24 months.
6. Booking (Cal.com)
You can book an intro call on our website via Cal.com (Cal.com, Inc.). Clicking the link sends you to Cal.com's site. Cal.com independently processes the data you provide there (name, email, chosen slot). Cal.com's privacy policy applies: https://cal.com/privacy. We use Cal.com based on our legitimate interest in efficient scheduling (Art. 6(1)(f) GDPR).
7. Data within our AI services
If you are a Pivot Pilot customer and use our AI agents (e.g. phone assistants, email automations), we process personal data exclusively as a processor under a separate data processing agreement (DPA) per Art. 28 GDPR. Processed data categories typically include: • lead data (name, address, phone number, contact details) • call data (audio recordings, transcripts, metadata) • email content and metadata • technical data (system logs, configurations) The customer remains the controller under GDPR. Details — including technical and organizational measures, breach notifications, sub-processors, and retention periods — are governed by the relevant DPA.
8. Sub-processors and hosting
To deliver our services we use carefully selected sub-processors, including: • hosting and infrastructure providers (e.g. AWS) — GDPR-compliant within the EU or via Standard Contractual Clauses • voice AI platforms (e.g. Vapi) for phone assistants • workflow automation (e.g. n8n) for email processing • telephony providers for outbound/inbound calls • LLM providers for generation and classification Each is engaged under a written agreement and with the controller's consent.
9. Technical and organizational measures
We apply appropriate technical and organizational measures under Art. 32 GDPR to ensure a level of security commensurate with the risk. These include: • access control at the facility, system, and data level • encrypted transmission (TLS) and encrypted storage • separation of data across tenants and purposes • regular security reviews and backups • role-based access and least-privilege for staff
10. Your rights
You have the right to: • access the data we hold about you (Art. 15 GDPR) • correct inaccurate data (Art. 16 GDPR) • erasure (Art. 17 GDPR) • restrict processing (Art. 18 GDPR) • data portability (Art. 20 GDPR) • object to processing (Art. 21 GDPR) • withdraw consent at any time with effect for the future (Art. 7(3) GDPR) You also have the right to lodge a complaint with a data protection supervisory authority.
11. Retention
We store personal data only for as long as needed for the relevant purpose or as required by statutory retention obligations. Once the purpose ceases, data is deleted or anonymized.
12. Changes to this statement
We may update this privacy statement to reflect legal changes or changes to our services. The version published on the website at the time of your visit applies.
Last updated: July 2026