Legal Information

Your GDPR Rights

Last Updated: January 31, 2026

1. Overview

The General Data Protection Regulation (GDPR) is a European Union law that gives you control over your personal data. Even if you're not in the EU, we extend these rights to all MyPublicist users worldwide.

2. Your Rights Under GDPR

Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you. We will provide this in a structured, commonly used format within 30 days.

How to exercise: Email privacy@pivotready.co with "GDPR Access Request" in the subject line.

Right to Rectification (Article 16)

You have the right to correct any inaccurate or incomplete personal data.

How to exercise: Update your information in Account Settings, or email us with corrections.

Right to Erasure - "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding grounds
• The data was unlawfully processed

How to exercise: Email privacy@pivotready.co with "Delete My Data" in the subject line. We will permanently delete your data within 30 days.

Note: We may retain some data if legally required (e.g., tax records, fraud prevention).

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, machine-readable format (e.g., JSON, CSV) and transmit it to another service.

How to exercise: Email privacy@pivotready.co with "Data Export Request" in the subject line.

Right to Object (Article 21)

You have the right to object to processing of your data for:

• Direct marketing purposes (we will stop immediately)
• Profiling or automated decision-making
• Processing based on legitimate interests

How to exercise: Email us or use the "Unsubscribe" link in marketing emails.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data while:

• We verify accuracy of disputed data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims

How to exercise: Email privacy@pivotready.co with your request.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

How to exercise: Update your preferences in Account Settings or contact us.

Right to Lodge a Complaint (Article 77)

You have the right to file a complaint with your local data protection authority if you believe we have violated your rights.

3. How We Process Your Data

Legal Basis for Processing

We process your data based on:

• Contract Performance - Providing the Service you subscribed to
• Consent - Marketing emails, optional analytics
• Legitimate Interests - Service improvement, fraud prevention
• Legal Obligation - Tax records, lawful requests

Automated Decision-Making

We use AI to:

• Recommend podcasts based on your expertise
• Generate personalized pitch content
• Optimize email send times

You have the right to request human review of any AI-generated decision that significantly affects you.

4. Data Protection Officer

For GDPR-related questions, contact our privacy team:

• Email: privacy@pivotready.co
• Legal Entity: TEN ELEVEN TWELVE LLC
• Jurisdiction: Texas, USA

5. Response Timeline

We will respond to all GDPR requests within 30 days as required by Article 12. If we need more time (complex requests), we will notify you and explain why.

6. Verification

To protect your privacy, we may ask you to verify your identity before fulfilling requests. This typically involves confirming your email address or answering security questions.

7. No Fee

We do not charge a fee for exercising your GDPR rights, unless your request is clearly unfounded, repetitive, or excessive.

8. International Transfers

Your data may be transferred outside the EU/EEA. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Services certified under EU-US Data Privacy Framework (where applicable)
• Encryption and security measures that meet or exceed GDPR standards

9. Data Retention

We retain your data for:

• Active Subscription - Duration of your subscription
• After Cancellation - 120 days, then permanently deleted
• Legal Requirements - As required by law (e.g., 7 years for tax records)

10. Security Measures (Article 32)

We implement technical and organizational measures including:

• Encryption in transit (TLS) and at rest (AES-256)
• Access controls and role-based permissions
• Audit logging of all data access
• Regular security assessments and penetration testing
• Employee training on data protection
• Pseudonymization where applicable

11. Data Breach Notification

In the unlikely event of a data breach that risks your rights and freedoms, we will notify you within 72 hours as required by Article 33. We will explain:

• What data was affected
• Likely consequences
• Measures we're taking
• Recommended actions for you

12. Contact Us

For any questions about your GDPR rights or our data practices, please contact privacy@pivotready.co