Is Pigment safe with your data?
Pigment
Pigment SAS
Weak disclosure · medium confidence
Pigment earns a D (46/100) because it leaves much about its data practices unstated.
#120
of 211 apps ranked
46
score · Finance avg 37
+9
vs category average
Pigment's privacy policy discloses data inputs used for model training with no named opt-out, grants users standard GDPR rights, retains data for mixed periods (3 years or contract duration), shares with named service provider categories under standard contractual clauses, enumerates data categories and legal bases in a table, and implements named security controls including ISO 27001 with a named DPO contact.
What Pigment's privacy policy and terms of service say about your data
Model Training , No Opt-Out
Policy states data used 'to provide, develop and improve our Pigment AI Features' and 'training our models' with no explicit opt-out mechanism disclosed in the privacy policy itself.
Full GDPR Rights Enumerated
Access, erasure, rectification, portability, and objection rights are all explicitly listed in the 'Your rights?' section without procedural complexity.
Named ISO 27001 + DPO
Security section cites ISO 27001 and SOC 1 & SOC 2 Type 2 certifications; Data Protection Officer contact explicitly provided at dpo@pigment.com.
Purposes-to-Legal-Bases Table
Policy includes explicit table mapping data purposes (marketing, service improvement, billing) to legal bases and retention periods, supporting full transparency on D5.4.
What the policy is silent or vague on
- Not stated: a way to opt out of training
- Not stated: whether training use differs by plan
- Not stated: a deletion timeline after closure or request
- Not stated: shorter retention for AI conversation logs
Pigment privacy rating
Details
- Category
- Finance
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2026-06-01
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other finance apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.