Privacy & Data Protection Agreement

Effective Date: 15/09/2025

Last Updated: 27/09/2025

1. Introduction

Pivot Point (“Company,” “we,” “our,” or “us”) operates the private invite-only network known as “The Community” available at [thepivotpoint.world] (the “Platform”).


We value your privacy and are committed to protecting your personal data. This Privacy & Data Protection Policy (“Policy”) explains how we collect, use, store, and share your information.


  • This Policy is designed to comply with:
    • Malaysia's Personal Data Protection Act 2010 (PDPA)
    • European Union General Data Protection Regulation (GDPR, EU 2016/679)
    • United States privacy laws, including the California Consumer Privacy Act (CCPA) and CalOPPA

By registering for or using the Platform, you agree to this Policy. If you do not agree, please do not use the Platform.

2. Data Controller

  • The Company is the data controller of all personal data processed on the Platform.
  • For EU users, the Company complies with the General Data Protection Regulation (EU 2016/679) (“GDPR”).
  • For all users, the Company complies with the Malaysian Personal Data Protection Act 2010 (“PDPA”) and we extend rights under CCPA and other applicable laws.

3. Data Collected

The Company may collect the following categories of data:

  • Registration data: name, email address,country, date of birth, login credentials account ID.
  • Profile Data (Profile Owners only): Biographical information, submitted content, activity logs.
  • Subscriber data: subscription history, engagement activity, communication preferences.
  • Technical data: IP address, browser, device type, operating system, cookies and usage logs.
  • Communications: messages, support requests, content submissions.
  • Referral & Engagement Data: Invitations sent and accepted, outbound clicks, and referral tracking.

4. Purpose of Processing

Personal data may be processed for the following purposes:

  • Providing access, operating and improving the Platform and its features.
  • Registering and Managing user accounts, invitations, and subscriber relationships.
  • Reviewing, approving, editing or removing content submitted by Profile Owners and requesting modifications to submitted content.
  • Enforcing compliance with Platform Terms of Use and community standards.
  • Facilitating communication between Subscribers, Profile Owners, and the Company.
  • Company's own internal and external commercial activities including marketing, promotions, research, and product development, (with your consent where required).
  • Analytics and reporting (using anonymized or aggregated data).
  • Compliance with legal or regulatory obligations.

5. Content Responsibility

  • Profile Owners remain solely responsible for the legality, accuracy, and compliance of all content they submit.
  • If the Company edits, reformats, or requests changes to Profile Owner content, such actions do not transfer legal responsibility from the Profile Owner to the Company.
  • Any disputes, claims, or liabilities arising from Profile Owner content remain the sole responsibility of the Profile Owner.

6. Subscriber Data & Ownership

  • Profile Owners:
    • Profile Owners own the relationships with the subscribers inside the Platform.
    • Profile Owners may view, engage with, and communicate with their subscribers within the Platform environment.
  • The Company:
    • Owns and controls the master subscriber database.
    • The Company retains the right to access, analyze, and use subscriber data for its own company-related commercial purposes (including marketing, cross-promotion, business development, and communications).
    • The Company may directly contact subscribers at any time, including if a Profile Owner becomes inactive.
  • No Exclusivity:
    • Subscriber ownership by Profile Owners does not exclude the Company from using the same subscriber data for its own purposes.

7. Legal Basis for Processing

We process personal data under different legal bases depending on jurisdiction:

  • For Malaysian users: consent under the PDPA.
  • For EU users:
    • Consent (Article 6(1)(a) GDPR) — registration, communications, marketing.
    • Contractual necessity (Article 6(1)(b)) — providing services.
    • Legitimate interests (Article 6(1)(f) GDPR) — analytics, commercial use, security, compliance.
    • Legal obligations (Article 6(1)(c) GDPR) — regulatory compliance.

CCPA/US law:

  • Users have the right to opt out of the “sale” or commercial use of personal data.
  • We do not sell personal data in the conventional sense.

8. Data Sharing

The Company shares data only when necessary with:

  • Service providers (hosting, IT support, analytics, marketing) bound by confidentiality.
  • Regulators or authorities, where required by law, regulation, or legal process.
  • Other users, only to the extent necessary for Platform functionality.(e.g., invitations, subscriber engagement).
  • In Business Transfers: In the event of merger, acquisition, or restructuring.

We do not sell your personal data.

9. International Transfers

Data may be transferred and stored outside your country, including Malaysia and the EU. Where required by law, we implement safeguards such as contractual clauses or equivalent mechanisms to ensure your data is protected. The Company applies safeguards required under PDPA and GDPR for such transfers.

10. Data Retention

  • Data is retained as long as an account is active.
  • After account termination, we may retain data where necessary for legal obligations, dispute resolution, or legitimate business purposes.
  • When no longer required, personal data will be deleted or anonymized.

11. User Rights

Depending on your jurisdiction, you may have the following rights:

11.1 Under PDPA (Malaysia)

  • Right to access and correct personal data.
  • Right to withdraw consent (may limit Platform access).

11.2 Under GDPR (EU users)

  • Right to access, rectify, erase, restrict or object to processing, data portability, and to lodge complaints with supervisory authorities.

11.3 U.S. (CCPA/CalOPPA)

  • Right to know what data we collect, request deletion, opt out of sale/sharing of data, and non-discrimination for exercising rights.

Requests must be submitted to: support@thepivotpoint.world

12. Security

The Company uses reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or loss. However, no system is completely secure, and we cannot guarantee absolute protection.

13. Cookies

The Platform uses cookies and similar tools for authentication, analytics, performance monitoring, marketing, and user experience.
You may disable cookies in your browser, but some features of the Platform may not work properly.

14. Children's Privacy

The Platform is intended for users aged 18 and above.

We do not knowingly collect personal data from individuals under 18. If such data is collected, it will be deleted promptly.

15. Amendments/Updates to this Policy

The Company may amend this Policy at any time. Users will be notified of changes via

  • Post the updated Policy on the Platform; and
  • Update the “Last Updated” date.

Continued use of the Platform after changes constitutes acceptance of the revised Policy.

16. Governing Law

This Policy shall be governed by and construed in accordance with the laws of Malaysia. For EU users, mandatory GDPR rights apply regardless of this choice of law.

17. Contact Us

If you have any questions, requests, or complaints about this Policy or your personal data, please contact us at: legal@thepivotpoint.world