Legal
Nov 13, 2025
AI Security & Privacy Overview
Table of Contents
AI in Pivot accelerates work without compromising privacy. This page explains how AI features handle customer data and the controls available to admins.
Minimum necessary context. AI calls send only the prompt/context required to fulfill the request.
No training on your data. At Pivot, we never train models on customer data. Third-party model providers are contractually restricted from training on, or retaining, your prompts/responses.
Tenant isolation. Requests are processed in a way that does not mix one customer’s data with another’s. Users can only use AI on data they have access to.
Enable/disable AI features org-wide.
Export and review AI-related events via Audit Logs.
Using AI with PHI or similar regulated data requires HIPAA-eligible deployment and a signed BAA.
Customers are responsible for data classification and for configuring least-privilege access, SSO/MFA, and retention per policy.
Pivot applies the same TOMs described in the DPA to AI flows: encryption in transit and at rest, access controls, logging, and vendor due-diligence.
New/updated model providers undergo security, privacy, and data-processing reviews. If a provider changes terms that affect data handling, we will update this page and our sub-processor list