Effective 2026-05-09Version 1.0APP-aligned

Privacy Policy.

How we handle your personal information — and your child’s. Written to be readable, aligned with the Australian Privacy Principles (APPs).

Overview

Pivot is a youth football parent education platform based in Australia. This policy explains what personal information we collect, why we collect it, who we share it with, and the choices you have. It applies to pivot.football, the Pivot web app, the Pivot WhatsApp Assistant, and any related service we operate (collectively, “the Service”).

We treat information about your child with extra care. We don’t sell personal data, we don’t use it for advertising, and we don’t train third-party AI models on it without your consent.

Who we are

The data controller is Pivot Football Pty Ltd (ABN to be confirmed), an Australian company. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

You can reach our privacy team at privacy@pivot.football.

What we collect

Information you provide

Account details — name, email, phone number, password (hashed).
Profile — your role (parent, guardian, coach), location (city/region).
Information about your child — age, club, position, growth stage, training load, notes you record.
Conversations — messages you send to the AI Assistant on web or WhatsApp, including any voice notes (transcribed).
Content — Pro Requests, comments, surveys, support tickets.
Payment details — handled by Stripe; Pivot does not store card numbers.

Information collected automatically

Device and connection — IP address, browser, operating system, language.
Usage — pages viewed, features used, time spent, error logs.
Cookies and similar — see Cookies & analytics.
Inbound messages on WhatsApp — phone number, message content, timestamps (delivered to us by Meta’s WhatsApp Business API).

Information about your child

Pivot is designed for parents and guardians, not for children themselves. The Service is not directed at children under 13, and we do not knowingly create accounts for them.

When you add information about your child, we use it only to personalise the guidance the AI Assistant provides to you. We do not use it for advertising, profile building, or any purpose unrelated to giving you better answers.

You can review, update, or delete any information you’ve added about your child from your account settings, or by contacting us.

How we use your information

We use personal information to:

Provide the Service — authenticate you, deliver content, generate AI responses, send transactional email.
Personalise — tailor the AI Assistant’s answers to your child’s context.
Improve — fix bugs, debug AI quality, measure feature usage in aggregate.
Communicate — respond to support, send service updates, send the Tribune digest if you’ve subscribed.
Comply with law — meet our obligations under the Privacy Act and other applicable laws, and respond to lawful requests.
Protect — prevent fraud, abuse, and security threats.

We rely on a mix of legal grounds depending on the purpose: performance of our contract with you, your consent (which you can withdraw at any time), and our legitimate interests in running and improving the Service.

AI processing

The Pivot AI Assistant runs on large language models hosted by OpenAI and/or Anthropic. When you send a message, the relevant context (your message, recent conversation history, your child’s profile, retrieved Tribune passages) is sent to one of these providers to generate a response.

Both providers are contractually committed to:

Process inputs only to generate responses for you.
Not train their models on your inputs without consent.
Retain inputs only for a short period for abuse monitoring.

We may store anonymised, aggregated conversation patterns to evaluate AI quality and improve our editorial library. This data is stripped of direct identifiers.

WhatsApp & messaging

When you message the Pivot Assistant on WhatsApp, your message is delivered to us through Meta’s WhatsApp Business API. Meta processes the message in transit; we receive it, generate a response, and send it back through the same channel.

Meta’s handling of WhatsApp messages is governed by WhatsApp’s Privacy Policy. Voice notes you send are transcribed using a speech-to-text provider and processed as text from that point on.

Overseas storage

Some of our sub-processors store and process data outside Australia, primarily in the United States and European Union. Where this happens, we take reasonable steps to ensure they handle your information in a way that’s consistent with the Australian Privacy Principles.

Data retention

Account data — kept while your account is active and for up to 12 months after closure, then deleted or anonymised.
Conversation history — kept for 24 months by default to give the AI context across time. You can delete it earlier from settings.
Billing records — kept for 7 years to meet Australian tax and accounting obligations.
Backups — encrypted backups are rotated within 30 days of deletion of the source.
Anonymised analytics — may be retained indefinitely.

Security

We protect personal information through a layered set of controls:

Encryption in transit (TLS 1.2+) and at rest.
Row-Level Security on every database table — code paths that bypass it are forbidden.
Least-privilege access for staff; admin actions are logged.
Automated security scanning of dependencies and source code on every change.
MFA on operational systems handling personal data.

No system is perfectly secure. If we ever experience a data breach that’s likely to result in serious harm, we’ll notify affected users and the Office of the Australian Information Commissioner (OAIC) as required by law.

Your rights & choices

You can:

Access — request a copy of the personal information we hold about you.
Correct — update inaccurate or incomplete information.
Delete — close your account and request deletion of your personal information.
Restrict — ask us to pause certain processing.
Withdraw consent — where we rely on consent, withdraw it at any time.
Object — to processing based on our legitimate interests.
Export — get a portable copy of your data in a common format.

Most of these you can do directly from your Pivot account settings. For anything else, email privacy@pivot.football and we’ll respond within 30 days.

Cookies & analytics

We use a minimal set of cookies and similar technologies:

Essential — for authentication and session management. The Service won’t work without these.
Preferences — to remember your theme, sidebar state, and similar choices.
Analytics — privacy-respecting, cookie-less analytics (e.g., Plausible) that don’t track you across sites.

We do not run third-party advertising cookies, social-media tracking pixels, or behavioural ad networks.

Marketing communications

We’ll only send you marketing communications if you opt in (for example, by subscribing to the Tribune digest). Every marketing email includes a one-click unsubscribe link. Transactional emails — receipts, password resets, security notices — aren’t marketing and don’t carry an unsubscribe option.

Complaints

If you think we’ve mishandled your personal information, please email privacy@pivot.football first — we’ll investigate and respond within 30 days.

If you’re not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this policy

We may update this Privacy Policy as the Service evolves. When we make material changes, we’ll notify you by email or in-app notice at least 14 days before the changes take effect. The version and effective date are listed at the top of this page.

Contact us

For privacy questions, requests, or complaints:

Email: privacy@pivot.football
General support: support@pivot.football
Postal address: To be confirmed (Sydney, Australia)