ICYMI: IT leaders discuss overcoming constraints to drive business growth Watch the recording

Pipefy Announces GDPR and LGPD Compliance

No-Code Business Process Management Platform Certified in GDPR and LGDP


SAN FRANCISCO – August 10, 2021 - Pipefy, the no-code workflow automation platform that empowers doers and transforms the way teams work, today announced that it is fully compliant with the rules mandated by the General Data Protection Regulation (GDPR), the European Union’s new regulatory framework for data privacy and protection as well as Lei Geral de Proteção de Dados (LGPD), Brazil’s data privacy law that was modeled after that of the EU. The company will comply with the GDPR and LGPD across all their worldwide clients, to preserve and secure all personal data.


“Our clients’ privacy and security are at the heart of everything we do at Pipefy,” said Alessio Alionço, Founder and CEO at Pipefy. “We welcome GDPR and LGPD's more stringent data protection and privacy standards. As a trusted technology partner to over 3,000 organizations worldwide, we are committed to support our customers’ individual rights and ensure best practices all while handling personal data safely and securely.”


The announcement represents the culmination of more than a year’s worth of work by Pipefy’s Security and Data Teams to complete a series of data privacy and security compliance protocols. In June the company announced it had achieved the International Organization for Standardization (ISO) 27001:2013 certification for its Information Security Management System (ISMS) to support global customers using its Business Process Management Platform.


Pipefy has been focused on providing security at scale for its customers since the company was founded in 2015. The ‘people first’ company believes in data security and security monitoring for all, from single users to enterprises. Pipefy platform security features include:

  • Permissions and Authentifications:  Access to customer data is limited to authorized employees only. Pipefy’s environment is protected by having Single Sign-on (SSO), Multi-Factor Authentication (MFA), and strong password policies on their code repository, email provider, and storage warehouse platform. Pipefy’s platform, developers’ site, and help site are delivered 100% onto HTTPS.
  • Disaster Recovery and Fail Over: All infrastructure and data are spread across 3 availability zones and will continue to work without issue if any one of their data centers fails.
  • Back-Ups and Monitoring: Audit logs for all activity on the platform, using a secure platform for analysis and archival purposes. Active monitoring and backups in place to recover information in the event something happens within our environment.
  • Encryption: All data within Pipefy is encrypted in transit and at rest using 256-bit encryption, which provides a better and more secure service.
  • Pentest and Vulnerability Scanning: Security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised on these scans, when applicable, and performs regular penetration tests on the application and infrastructure.
  • Incident Response: Strict protocol for handling security events which includes escalation procedures, rapid mitigation, and postmortem. 
  • GDPR/LGDP: Security and compliance protocol for data protection
  • SOC 2: (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service. SOC 2 is expected in Q3 2021.
  • “In the first half of 2021, 118.6 million people were impacted by data breaches, data exposures and data leaks,” said Ananth Avva, President and COO at Pipefy. “Three of the 10 largest breaches occurred at technology companies. SaaS companies, like Pipefy, have a responsibility to keep our customers’ data secure. As an organization we are in constant pursuit of alleviating any rising fears stemming from privacy policy concerns.”


    According to the GDPR website, the General Data Protection Regulation is the toughest privacy and security law in the world. It’s policies, which were put into effect in May 2018, impose obligations onto organizations targeting or collecting data related to people in the EU.  GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros. 


    Share this on social: Pipefy announces GDPR and LDPG compliance rounding out a series of stringent security protocols. #no-code #businessprocessmangement #workflowautomation #automation #bpm #nocode #citizendeveloper


    About Pipefy


    Pipefy is the no-code workflow automation platform that increases team productivity, centralizes data and standardizes processes for teams like Finance, HR, Customer Service, and more so those requesting services, those processing the requests and those managing the operation are more efficient. Through automated workflows and a no/low-code platform, Pipefy enhances speed, increases visibility, and delivers higher quality outcomes with ready-to-use, customizable workflows. Digitally transform your team in a matter of hours, not weeks or months. The company is headquartered in San Francisco, CA. Try Pipefy today!




    Contact: Rochelle Clark, Director of Corporate Marketing, [email protected]