Pipefy highlighted in 2026 Gartner® Emerging Tech

Read more

Legal

Partnership

Privacy

Security

Last updated: 12 de January de 2026

GDPR Attestation Letter


Data Privacy Program, complying with GDPR Law
We know that sharing your personal information with us requires trust. We take it very seriously and,
therefore, we started our work around the theme in April 2021, including the hiring of specialize
legal advice (Opice Blum Bruno & Vainzof Advogados Associados) to provide legal services
regarding broadly adequacies with the General Data Protection Regulation European Union
2016/679 (“GDPR”).
This Attestation Letter describes the activities undertaken during this period.

  1. GDPR Compliance Project
    The GDPR Compliance Project scope consisted of 3 phases:
  2. Phase 1 – Diagnosis
  3. Phase 2 – Document elaboration/validation
  4. Phase 3 – Attestation Letter
    Each phase comprised a series of activities which are detailed below with their respective status
    and completion date.
    Phase 1 – Diagnosis
    Activity Status Completion
    Kick Off Meeting Completed 04.13.2021
    Preliminary Action Plan:
    a. Review of the data mapping and processing activities
    b. 1st Meeting with personnel (HR, IT, Finance, Purchase)
    c. 2nd Meeting with personnel (Sales, Marketing, Customer
    Success)
    Completed 05.18.2021
    Analysis of the lawful basis for processing Completed 05.18.2021
    Assessment of the mapped activities Completed 05.18.2021
    Phase 2 – Drafting Documents
    Activity Status Completion
    Action plan for the assessment of the mapped activities Completed 06.14.2021
    Confidentiality Notice: This document is confidential and contains proprietary information and intellectual property of Pipefy, Inc. 2
    GDPR Compliance Program
    Identification of supervisory authorities in Europe and the UK Completed 06.14.2021
    Assessment of the need for drafting a DPIA appointment in
    Europe and the UK
    Completed 06.14.2021
    Assessment of the need for drafting DPIAs Completed 06.14.2021
    EDPO final check of the (1) Identification of supervisory
    authorities (2) Assessment of the need for drafting a DPIA
    Completed 07.08.2021
    Phase 3 – Final
    Activity Status Completion
    Opice Blum provides the attestation letter to Pipefy Completed 07. 14.2021
    Currently, our DPO manages our Privacy Program, working mainly in monitoring compliance, carrying
    out internal training and communication actions, relationships with authorities and regulatory bodies
    and responding to requests from holders of Personal Data.
    In addition, we periodically carry out a review of our risks, our data processing activities, internal
    policies and procedures and other measures adopted, within a cycle of continuous improvement
    conducted by our DPO, with support from all our areas.
    Pipefy is committed to complying with the law, and maintaining a privacy program that brings
    security to the data of our employees and customers.
    If you have any questions about our conduct regarding the processing of Personal Data, visit our
    Privacy Policy.
Book a Demo Book a Demo