Pivota Shopping AgentAI shopping layer for LLMs

Pivota Merchant App Privacy Policy

Last updated: 2026-01-19

This Privacy Policy explains how Pivota (“Pivota”, “we”, “us”) collects, uses, stores, and shares information when a merchant installs and uses the Pivota Merchant App (the “App”) in connection with their e‑commerce store.

If you have questions, contact us at support@pivota.cc.

1) What information we collect

When you install and use the App, we may collect and process:

Store and account information

  • Store identifiers (for example: store domain), store name, and basic store metadata returned by the platform.
  • App installation and authorization metadata (timestamps, granted permissions/scopes, webhook IDs).

Order and fulfillment information

  • Orders (order IDs, order status, line items, prices/totals, currency, shipping method).
  • Fulfillment events (fulfillment IDs, fulfillment status).
  • Shipment tracking data (carrier, tracking number, tracking URL when provided).

Customer information (when applicable)

  • Customer identifiers provided by the platform (for example: customer ID).
  • Customer contact details associated with orders (for example: email and shipping name/address) when required for order processing and customer support workflows.

Product information (when applicable)

  • Product and variant identifiers and catalog fields needed to display and validate items on Pivota.

Technical data

  • API logs needed to operate and secure the integration (request IDs, timestamps, error codes).
  • Webhook delivery metadata (topic, delivery time, signature verification result).

We do not intentionally collect sensitive categories of personal data. If your store sends such data to the App, we will treat it as confidential and process it only as necessary to provide the service.

2) How we use information

We use the information to:

  • Provide the App’s core functionality (connect your store, sync orders, sync fulfillment and tracking updates).
  • Register and receive webhooks so Pivota can reflect near‑real‑time order and fulfillment state.
  • Prevent fraud and secure the integration (signature verification, replay protection, audit trails).
  • Provide customer support and troubleshoot issues you report.
  • Comply with legal obligations.

3) How we share information

We may share information:

  • With service providers (sub‑processors) that help us host and operate Pivota (for example, cloud hosting and observability providers).
  • When required by law, regulation, or legal process.

We do not sell merchant or customer data.

4) Data retention

We retain data only as long as needed to provide the App and maintain accurate order records, and to meet legal, accounting, or audit requirements. We may retain de‑identified or aggregated data for analytics and product improvement.

5) Security

We use reasonable administrative, technical, and physical safeguards, including:

  • Encryption in transit (HTTPS) for API communication.
  • Verification of webhook authenticity via HMAC signatures.
  • Access controls and least‑privilege principles for internal access.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

6) Uninstall and account disconnection

If you uninstall or disconnect the App, we stop receiving events from your store. Access tokens used to call the platform’s Admin API are removed or invalidated in Pivota where applicable. Some operational records (for example, security logs) may be retained for a limited time for fraud prevention and audit.

7) Merchant rights and data requests

Merchants can request access, correction, export, or deletion of merchant data processed by Pivota by contacting support@pivota.cc.

For stores subject to data protection laws (such as GDPR), the platform may send mandatory compliance requests (data access and deletion requests). Pivota supports these requests and processes them as required.

8) Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date above and, if changes are material, provide additional notice as required.