Privacy Policy

1. When This Policy Does Not Apply - Customer Data

This Policy does not apply to personal information that Pit processes on behalf of its enterprise customers under a separate written agreement (the “Customer Data”). Such customers are the controllers of their Customer Data, and our processing is governed by the data processing terms in our agreements with them. If you are an end-user of a Pit customer’s deployment of our enterprise products, please consult that customer’s privacy notice or contact them directly.

2. Personal Information We Collect

2.1 Information You Provide

We collect personal information you provide when you interact with the Services, including:

• Contact information, such as your name, work email address, phone number, employer, and job title (for example, when you submit a contact form or sign up for marketing communications);
• Communications, such as messages you send to us by email or through forms on the Site, and your responses to surveys; and
• Recruitment information, such as the contact details, CV, cover letter, and other information you provide if you apply for a role with us.

2.2 Information Collected Automatically

When you use the Services, we and our service providers automatically collect certain information about your device and your interactions with the Services, including:

• Device and connection information, such as IP address, device type, operating system, browser type, language, and approximate location derived from IP address;
• Usage information, such as the pages you visit, the features you use, the time and duration of your sessions, the actions you take, and the referring URL; and
• Information collected through cookies and similar technologies, as described in Section 8.

2.3 Information from Third Parties

We may receive personal information about you from third parties, such as business contact data from publicly available sources or sales-intelligence providers, identity and authentication data from single sign-on providers if you log into a Pit product through them, and information from social media platforms or analytics providers consistent with their privacy settings.

3. How and Why We Use Personal Information

We process personal information for the purposes described below. Where the EU General Data Protection Regulation (GDPR) applies, our lawful bases are noted under each purpose.

3.1 Provide and Operate the Services

We use personal information to operate, maintain, and provide the Services to you, including to respond to your requests and inquiries, troubleshoot issues, and provide customer support.

Lawful basis: performance of a contract or steps prior to entering into a contract; our legitimate interests in operating and securing the Services; and, where required, your consent.

3.2 Improve and Develop the Services

We use personal information to understand how the Services are used, to debug, test, and improve them, and to develop new features and products.

Lawful basis: our legitimate interests in improving and developing the Services; and, where required, your consent.

3.3 Security, Fraud Prevention, and Legal Compliance

We use personal information to protect the Services, our users, and our business, including to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity, to enforce our terms and policies, and to comply with applicable law and respond to lawful requests from public authorities.

Lawful basis: our legitimate interests in protecting our business and users; and compliance with our legal obligations.

3.4 Marketing and Communications

We use personal information to send you marketing communications about Pit’s products and events, to invite you to webinars and conferences, and to tailor the marketing communications and content we show you.

Lawful basis: our legitimate interests in promoting our business; and, where required, your consent. You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us at [email protected].

3.5 Recruiting

If you apply for a role with Pit, we use the information you provide to evaluate your application, communicate with you, and, where relevant and permitted by law, retain your application for future opportunities.

Lawful basis: steps prior to entering into a contract; our legitimate interests in evaluating candidates; and, where required, your consent.

3.6 With Your Consent or Direction

We may also use personal information for other purposes that we describe to you at the time of collection, with your consent, or as otherwise directed by you.

4. How We Share Personal Information

4.1 Service Providers and Subprocessors

We share personal information with third-party service providers that help us operate the Services, including hosting and infrastructure providers, database providers, content delivery and security providers, analytics providers, consent management platforms, customer-relationship-management providers, and email and communication tools. These providers are bound by contractual obligations to protect personal information and to use it only for the purposes we instruct. A current list of subprocessors is set out in Annex A below.

4.2 Affiliates

We may share personal information with our affiliates for the purposes described in this Policy, where they are subject to obligations consistent with this Policy.

4.3 Business Transfers

If Pit is involved in a merger, acquisition, financing, reorganisation, bankruptcy, sale of all or part of our assets, or similar transaction, personal information may be transferred to the relevant counterparties as part of that transaction, subject to standard confidentiality obligations.

4.4 Legal and Safety

We may disclose personal information when we believe in good faith that disclosure is necessary or appropriate to: (a) comply with applicable law, regulation, legal process, or lawful governmental request; (b) protect the rights, property, or safety of Pit, our users, or others; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our terms and policies.

4.5 With Your Direction or Consent

We may share personal information with third parties when you direct us to do so or with your consent.

5. International Transfers

Pit is established in Sweden. Some of our service providers and affiliates are located outside the European Economic Area (EEA), including in the United States. When we transfer personal information outside the EEA or Switzerland to a country that has not received an adequacy decision from the European Commission, we rely on appropriate safeguards, in particular the European Commission’s Standard Contractual Clauses, supplemented by additional measures where required following a transfer impact assessment. You may request a copy of the safeguards we use by contacting us at [email protected].

6. Retention

We retain personal information for as long as we need it to fulfil the purposes for which it was collected, including to provide and improve the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria we use to determine retention periods include the nature and sensitivity of the information, the purposes for which we process it, applicable legal requirements, and the risks of unauthorised use or disclosure.

7. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal information:

• the right to access, correct, and request deletion of your personal information;
• the right to data portability;
• the right to restrict or object to certain processing, including processing based on our legitimate interests;
• the right to withdraw consent at any time, where processing is based on consent (without affecting the lawfulness of processing carried out before withdrawal); and
• the right to lodge a complaint with your local supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY).

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before fulfilling your request and will respond within the timeframes required by applicable law.

8. Cookies and Similar Technologies

The Site uses cookies, pixels, web beacons, local storage, and similar technologies (“Technologies”) to operate the Site, remember your preferences, analyse usage, and measure marketing effectiveness. We use Cookiebot as our consent management platform. A current and authoritative Cookie Declaration - listing every cookie and similar technology in use on the Site, the purpose of each, the provider, the storage duration, and whether it is strictly necessary, functional, statistical, or marketing - is embedded on the Site and updated automatically when our cookie inventory changes. Where required by law, we ask for your consent to non-essential Technologies through our cookie banner; you can review the Cookie Declaration and change your preferences at any time via the cookie banner or the Cookie Declaration page in the Site footer. Note that disabling certain Technologies may affect the functionality of the Site.

We also use Cloudflare Turnstile, an interaction-based bot-detection challenge, to protect the Site against automated abuse and to verify that visitors are likely human. Turnstile only collects browser signals when a challenge is rendered, and it is operated by our subprocessor Cloudflare. Cloudflare’s processing of personal information in connection with Turnstile is described in the Cloudflare Turnstile Privacy Addendum.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction, taking into account the nature of the information and the risks involved. No security measures are perfect, however, and we cannot guarantee the security of any information transmitted to or stored by the Services.

10. Children

The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe that a child has provided us with personal information, please contact us so that we can delete it.

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Site and updating the “Last updated” date above, and where appropriate by other means. Your continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the updated Policy.

12. Controller and Contact

The controller of your personal information is Pitdotcom Sweden AB (company registration number 559493-9851), with registered office at Luntmakargatan 26, 111 37 Stockholm, Sweden. If you have questions about this Policy or our privacy practices, or if you would like to exercise any of your rights, please contact us at [email protected].

Annex A - Subprocessors