SCHEDULE A DEMO
CONTACT US

Privacy Policy

Last Modified: April 22, 2026

GoPivot Solutions, LLC (“GoPivot,” “we,” “us,” or “our”) is committed to respecting the privacy of all persons using the gopivotsolutions.com website, associated sites, content, services, and mobile application (collectively, the “Site”). This Privacy Policy (this “Policy”) describes how we collect, use, disclose, and protect personal information, and the rights you have with respect to that information. Please read this Policy carefully. To use the Site, you must accept this Policy. If you do not consent to the terms of this Policy, please do not access or use the Site.

This Policy supplements, and is incorporated into, the GoPivot Terms of Use.

1. Scope and Relationship to Our Customers

GoPivot provides a mobile-first wellness, safety, recognition, and engagement platform to employers and other sponsoring organizations (each, a “Customer”). When a Customer deploys the GoPivot platform to its workforce, GoPivot acts as a service provider (or, under applicable state law, “processor”) for that Customer with respect to personal information collected from participating employees and members. The Customer is the “business” or “controller” responsible for determining the purposes and means of processing. In those cases, the Customer’s own privacy notice also governs, and where its terms conflict with this Policy, the Customer’s written agreement with GoPivot controls the handling of participant data.

With respect to visitors to our public marketing website, prospects who submit demo or contact forms, and individuals who correspond with us directly, GoPivot acts as the business/controller, and this Policy governs our practices.

Health data & HIPAA. Certain Customers are covered entities under the Health Insurance Portability and Accountability Act (“HIPAA”) or sponsor group health plans that are. In those engagements, GoPivot may act as a Business Associate under HIPAA with respect to Protected Health Information (“PHI”), and the handling of PHI is governed by a separate Business Associate Agreement (“BAA”) executed with the applicable Customer. The terms of the BAA, and HIPAA itself, control over any inconsistent provision of this Policy with respect to PHI.

2. Information We Collect

2.1 Account Information

When you establish a GoPivot account, we may require you to provide personal information including your name, email address, physical address, date of birth, height, and weight. You can decide whether to provide additional personal information when establishing your account.

2.2 Fitness, Activity, and Wearables Data

As a subscriber to a GoPivot program, we collect information necessary to track your fitness progress, calculate points for reward programs, and provide helpful content. If you link a wearable tracking device or a third-party health platform (e.g., Fitbit, Garmin, Apple Health, Google Fit) to your GoPivot account, we will receive activity, biometric, and physiological data from that device or platform in accordance with the permissions you grant. GoPivot makes no warranty as to the accuracy of information provided by such devices or platforms.

2.3 Biometric Screening Results

If you participate in a biometric screening through your employer or other sponsoring organization, your test results may be displayed in your GoPivot account. Your employer or sponsoring organization does not receive your individual biometric results from GoPivot; we disclose such information to the organization only in de-identified, aggregated form as described in Section 4.

2.4 Health Risk Assessment

If you complete a health risk assessment (“HRA”) on the Site, your results will be displayed in your account and used to generate personalized recommendations. Your employer or sponsoring organization does not receive your individual HRA results from GoPivot; we disclose such information to the organization only in de-identified, aggregated form as described in Section 4.

2.5 Sensitive Personal Information

Certain information described above — including biometric measurements, health and medical information, and precise account credentials — constitutes “sensitive personal information” under the California Consumer Privacy Act (“CCPA”) and “sensitive data” under other state privacy laws. We collect and use this information only for the purposes for which you provided it and as otherwise described in this Policy. We do not use or disclose sensitive personal information for purposes of inferring characteristics about you beyond the services you have engaged us to provide.

2.6 Usage Data and Device Information

We collect and analyze information about your use of the Site for the purposes of determining compliance with the GoPivot Terms of Use, for security, and for statistical purposes. This includes IP address, browser type and version, operating system, device identifiers, pages viewed, referring URL, time stamps, and actions taken on the Site. This information may be analyzed and aggregated to determine modifications and enhancements to the Site and to customize your experience.

2.7 Cookies and Similar Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies on the Site. We use:

You may adjust your browser to refuse cookies or to alert you when cookies are being sent; however, certain aspects of our Site may not function properly if cookies are disabled. Where required by law, we obtain your consent before setting non-essential cookies. You can change your preferences at any time using our cookie preferences control or your browser settings. We honor Global Privacy Control (“GPC”) signals as a valid opt-out of the “sale” or “sharing” of personal information and of targeted advertising to the extent required by applicable law.

2.8 Communications

When you submit a form on our public site (such as a demo request or contact form), correspond with us by email, chat, or phone, or attend a webinar, we collect the information you provide and records of that communication.

3. How We Use Personal Information

We use personal information to:

3.1 Automated Decision-Making

GoPivot does not use your personal information for solely automated decision-making that produces legal or similarly significant effects concerning you. We may use automated processes to score activity, calculate rewards points, generate wellness recommendations, and surface relevant content — none of which has legal or similarly significant effects. We do not train generative artificial-intelligence models on participant health, biometric, or HRA data.

4. De-Identified and Aggregated Data

GoPivot will de-identify biometric, HRA, and other participant information and may combine it with others’ information in such a way that no one could trace the information back to you directly. This anonymous, aggregated data may be shared with your employer or sponsoring organization (so they can design better benefits, programs, and services) and with other organizations for research purposes. You are welcome to request the names of such organizations from us. We maintain de-identified data in a manner that prevents re-identification and contractually obligate recipients not to attempt to re-identify it.

5. Sharing Information with Others

5.1 Team and Challenge Participants

If you elect to join a team and/or participate in one or more challenges, personal information related to that team or challenge will be shared with other members of your team and other participants in the challenge. This may include your FitScore™, changes in weight, changes in BMI, steps, exercise minutes, and other challenge-specific information.

5.2 Your Organization’s Administrator

Except as expressly limited in this Policy (for example, with respect to individual biometric or HRA results), your organization’s administrator may see your personal information in connection with program administration.

5.3 Service Providers and Subprocessors

We disclose personal information to service providers and subprocessors that perform services on our behalf and are contractually required to protect the information and use it only for authorized purposes. Categories include:

A current list of subprocessors for the platform is available to Customers under their written agreements with GoPivot; consumers may request a current list of material service providers by contacting us using the information in Section 11.

5.4 Legal and Safety Disclosures

We may release personal information if required to do so by law, or in the good-faith belief that such action is necessary to comply with state, federal, or international laws, respond to a court order, subpoena, or search warrant, enforce our agreements, take precautions against liability, investigate and defend against any third-party claims, assist government enforcement agencies, protect the security or integrity of the Site, or protect the rights, property, or personal safety of GoPivot, our users, or others.

5.5 Corporate Transactions

If all or part of GoPivot is acquired by or merged with a third-party entity, you agree that we may transfer or assign the information we have collected from you as part of such merger, acquisition, or other change of control. In the event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, we may not be able to control how your personal information is treated, transferred, or used.

5.6 No Sale of Personal Information

GoPivot does not sell personal information in exchange for monetary consideration. Certain disclosures to advertising partners through cookies and similar technologies on our public marketing site may constitute “sharing” for cross-context behavioral advertising, or a “sale” as defined broadly under the CCPA and similar state laws. You can opt out of this activity using the “Do Not Sell or Share My Personal Information” link in our website footer, our cookie preferences control, or by sending a valid Global Privacy Control (GPC) signal from your browser. We do not knowingly sell or share the personal information of consumers under 16 years of age. We do not sell or share sensitive personal information, PHI, or participant health or biometric data.

6. How We Keep Your Information Safe

GoPivot has implemented reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, disclosure, and loss. Measures include a login process requiring a username and password that you select, encryption of data in transit, access controls based on the principle of least privilege, logging and monitoring, and vendor-management controls for our service providers. The platform is hosted by a third party that has obtained HITRUST certification and maintains HIPAA and HITECH compliance.

You are responsible for keeping your password and username confidential and secure from unauthorized persons. If you know or suspect that your credentials have been compromised, change your password immediately and notify us. If you have a security-related concern, please contact GoPivot Support.

Breach notification. In the event of a confirmed breach of personal information, we will notify affected individuals and applicable authorities in accordance with HIPAA (where PHI is involved), state breach-notification laws, the GDPR (where applicable), and any obligations under our Customer agreements.

7. Data Retention

We retain personal information for as long as needed to provide the Site and our services to you and your Customer, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer needed for these purposes, we securely delete or de-identify it. Specific retention periods depend on the nature of the information and the applicable legal and contractual requirements:

8. Your Rights and Choices

8.1 Communications Choices

You may opt out of marketing email communications from GoPivot by clicking the “unsubscribe” link in any marketing email, by updating your preferences in your user profile, or by contacting us using the information in Section 11. Even if you opt out of marketing mailings, we reserve the right to send you service-related communications (such as maintenance notices and security alerts).

8.2 Access and Correction

You may access, update, or correct your account information at any time by editing your account. You may need to supply certain information so that we can verify your authority to modify this information.

8.3 U.S. State Privacy Rights

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Rhode Island, and other states with comprehensive consumer privacy laws may, subject to the conditions and exceptions of their state laws, have the following rights with respect to personal information GoPivot processes as a business or controller:

To exercise these rights, submit a request via the “Contact Us” form, by email to support@gopivotsolutions.com, or by calling +1 (919) 885-0525. We will verify your identity using information already associated with your account or, for non-account holders, by requesting information reasonably necessary to match you with our records. You may designate an authorized agent to submit a request on your behalf by providing signed written authorization; we may still require you to verify your identity directly with us. We will respond within the timeframes required by your state’s law. If we deny your request, you may appeal by replying to our response with the word “appeal.”

Requests relating to Customer programs. If your personal information is processed by GoPivot on behalf of a Customer (your employer or sponsoring organization), we will forward your request to that Customer and assist them in responding in accordance with our agreement with them and applicable law. You may also wish to contact the Customer directly.

8.4 Nevada Residents

Nevada law provides Nevada consumers the right to opt out of the sale of certain covered personal information. GoPivot does not sell personal information as defined by Nevada law. You may submit a verified request to opt out using the contact information in Section 11.

8.5 GDPR Rights (European Economic Area, United Kingdom, and Switzerland)

GoPivot complies with the General Data Protection Regulation (“GDPR”) and comparable UK and Swiss laws where applicable. If the GDPR applies to our processing of your personal data, you have the right to: (i) access your personal data; (ii) request rectification of inaccurate or incomplete data; (iii) request erasure; (iv) restrict or object to processing; (v) data portability; (vi) withdraw consent at any time where processing is based on consent, without affecting prior processing; and (vii) lodge a complaint with your supervisory authority.

Our legal bases for processing include: performance of a contract with you or your Customer; compliance with legal obligations; legitimate interests in operating, securing, and improving our Site and services (balanced against your rights); and, where required, your consent. When we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework and its UK Extension and Swiss-U.S. Data Privacy Framework (together with supplementary measures where needed). A copy of the relevant transfer mechanism is available on request.

9. Children’s Privacy

The Site is not directed to children under 13 years of age. Consistent with the Children’s Online Privacy Protection Act (“COPPA”), GoPivot does not knowingly collect personal information from children under 13. In addition, GoPivot does not knowingly allow individuals under the age of 15 to sign up for an account on the Site or otherwise disclose personal information to us. If you are under 15, please do not use or access our Site. If we later obtain actual knowledge that a user is under the applicable age, we will take steps to remove that user’s information from our systems. If you are the parent or guardian of a child whom you believe has disclosed personal information to us, please contact GoPivot Support so that we may delete the information.

10. Other Terms

10.1 Public Forums

The Site may include chat rooms, blogs, message boards, and other public forums. Any information disclosed in these areas will necessarily be disclosed to third parties and become public information. Exercise caution when deciding to disclose your personal or proprietary information in these forums.

10.2 Third-Party Sites

The Site may contain links to other Internet sites. We have no responsibility for the privacy practices of other websites, including those of our business partners. When a browser window is opened from the Site that does not show a page created by GoPivot (noted by a GoPivot copyright statement at the bottom of such pages), you should assume that this Policy does not apply.

10.3 International Users

The Site is hosted and operated in the United States and is subject to United States law. Any personal information you provide to GoPivot is transferred to GoPivot for use in the United States and is hosted on servers located in the United States. By establishing an account with GoPivot and accessing the Site, you consent to the transfer of your personal information to the United States. If you are accessing the Site from outside the United States, please be advised that United States law may not offer the same privacy protections as the law of your jurisdiction, subject to the safeguards described in Section 8.5 where applicable.

10.4 Legal Requirements

We intend to protect your privacy to the fullest extent possible as described in this Policy while also fulfilling our responsibility to uphold all applicable laws and regulations. We cannot ensure that all of your private communications and other personally identifiable information will never be disclosed or accessed in ways not otherwise described in this Policy. We may be compelled under law to disclose information to government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications. You authorize us to disclose any information to law enforcement or other government officials that we, in our sole discretion, believe necessary or appropriate in compliance with the law.

10.5 Changes and Updates to this Privacy Policy

This Policy may be revised periodically by GoPivot, as reflected by the “Last Modified” date above. Please revisit this page to stay aware of any changes. Material amendments to this Policy will be communicated to you at the time you log into the Site or by other reasonable means. Your continued use of the Site constitutes your agreement to this Policy and any future revisions.

10.6 Terms of Use

This Policy is part of, and incorporated into, the GoPivot Terms of Use, which include provisions such as limitations on damages, dispute resolution, and application of Georgia, U.S.A. state law.

11. Contacting GoPivot

If you have any questions about this Policy, wish to exercise your privacy rights, or have concerns about our information-handling practices, please contact us: