The canonical version of this document is maintained as Markdown in the public repository pipeboard-co/Data-Processing-Agreement. Click Watch on the repository to subscribe to changes.

Data Processing Agreement

Also referred to as Auftragsverarbeitungsvertrag (AVV) under German law.

Last updated: June 18, 2026

This Data Processing Agreement (the "DPA") forms part of the agreement between the customer ("Customer", also referred to as the "Controller") and ARTELL SOLUÇÕES TECNOLÓGICAS LTDA, a limited liability company registered in Brazil (CNPJ 53.540.982/0001-70), trading as Pipeboard ("Pipeboard", "we", or the "Processor"), governing the use of the Pipeboard service (the "Service") under the Pipeboard Terms of Service and Privacy Policy (together, the "Principal Agreement").

This DPA applies whenever Pipeboard processes Personal Data (as defined below) on behalf of the Customer in the course of providing the Service, and is intended to satisfy Article 28 of Regulation (EU) 2016/679 (the "GDPR"), the United Kingdom Data Protection Act 2018 together with the UK GDPR (the "UK GDPR"), and the Swiss Federal Act on Data Protection ("FADP"), to the extent each applies.

By using the Service, the Customer accepts this DPA. The canonical version is maintained as Markdown in the public repository pipeboard-co/Data-Processing-Agreement; the same content is rendered at pipeboard.co/dpa. A counter-signed PDF version is available on request from privacy@pipeboard.co.

Subscribe to changes: click "Watch" on the public repository (Releases or all activity) to receive a GitHub notification on every change, or point a page-monitoring tool of your choice (for example, Visualping, Distill, or Wachete) at this page.

1. Definitions

Capitalized terms used but not defined in this DPA have the meanings given in the Principal Agreement or in applicable Data Protection Laws. For the purposes of this DPA:

  • "Data Protection Laws" means the GDPR, the UK GDPR, the FADP, the Brazilian General Data Protection Law (Lei n. 13.709/2018, the "LGPD"), and any other applicable laws and regulations relating to the protection of Personal Data.
  • "Personal Data", "Controller", "Processor", "Data Subject", "Processing", and "Personal Data Breach" have the meanings given to them in the GDPR and, where the LGPD applies, the equivalent meanings of dado pessoal, controlador, operador, titular, tratamento, and incidente de segurança under the LGPD.
  • "Customer Personal Data" means the Personal Data Processed by Pipeboard on behalf of the Customer in connection with the Service, as further described in Annex I.
  • "Sub-processor" means any third party engaged by Pipeboard to Process Customer Personal Data, as further described in Annex III.
  • "Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR adopted by the European Commission in Decision (EU) 2021/914 of 4 June 2021, including any successor or related clauses adopted by a competent authority.
  • "UK Addendum" means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner's Office (Version B1.0).

2. Scope and Roles

The Customer is the Controller and Pipeboard is the Processor of Customer Personal Data. Where the Customer acts as a Processor for a third party (the "Ultimate Controller"), Pipeboard acts as a Sub-processor. The Customer represents and warrants that it has all necessary authority and lawful basis to instruct Pipeboard to Process Customer Personal Data as described in this DPA.

For Personal Data that Pipeboard processes for its own purposes (for example, account registration data, billing information, security and abuse prevention, and aggregated service analytics), Pipeboard acts as an independent Controller. Pipeboard's processing of such data is described in our Privacy Policy and is outside the scope of this DPA.

Where the Customer is established in Brazil or the Processing is subject to the LGPD, the Brazil (LGPD) Addendum set out in Annex IV applies, under which Pipeboard acts as operador. As to LGPD-governed Personal Data, Annex IV prevails over this DPA and the Principal Agreement to the extent of any conflict.

3. Subject Matter, Duration, Nature, and Purpose of Processing

The subject matter, duration, nature, and purpose of the Processing, the types of Customer Personal Data, and the categories of Data Subjects are described in Annex I.

4. Customer Instructions

Pipeboard will Process Customer Personal Data only on documented instructions from the Customer, including with regard to transfers of Customer Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Pipeboard is subject. In such a case, Pipeboard will inform the Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.

The Customer's use of the Service in accordance with the Principal Agreement, including configuration of features, connections to ad and commerce platforms (Meta Ads, Google Ads, Pinterest Ads, TikTok Ads, Snap Ads, LinkedIn Ads, Reddit Ads, Microsoft Advertising, Shopify), creation and use of API tokens, scheduled reports, and prompts issued through the Customer's chosen MCP client or AI assistant, constitutes documented instructions for the purposes of this DPA. Additional or different instructions may be issued in writing to privacy@pipeboard.co; Pipeboard will accommodate them where they fall within the scope of the Service and are technically feasible.

Pipeboard will inform the Customer immediately if, in its opinion, an instruction infringes Data Protection Laws.

5. Confidentiality of Personnel

Pipeboard will ensure that all personnel authorized to Process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Access to Customer Personal Data is restricted to personnel who have a need to know in order to operate, maintain, and support the Service.

6. Security of Processing

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Pipeboard will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as set out in Annex II.

Pipeboard reviews and updates its technical and organizational measures on an ongoing basis. Updated measures will be at least equivalent to those described in Annex II.

7. Sub-processors

The Customer authorizes Pipeboard to engage Sub-processors to Process Customer Personal Data, subject to the conditions set out in this Section 7 and in Annex III.

Pipeboard imposes contractual data protection obligations on each Sub-processor that are no less protective than those set out in this DPA, including the obligation to implement appropriate technical and organizational measures in accordance with Article 28(3) GDPR. Pipeboard remains liable to the Customer for the performance of each Sub-processor's obligations.

The current list of Sub-processors is published, and kept up to date, in the public repository pipeboard-co/Data-Processing-Agreement and rendered at pipeboard.co/dpa. The repository's commit history is the authoritative record of changes. Pipeboard will update the list before engaging a new Sub-processor and will provide at least seven (7) days' advance publication for additions, except where a Sub-processor is engaged on shorter notice for urgent security or service-continuity reasons (in which case the list will be updated as soon as reasonably practicable). Customers may subscribe to changes by clicking "Watch" on the GitHub repository or by pointing a page-monitoring tool of their choice at the rendered DPA page.

If the Customer reasonably objects to a new Sub-processor on data-protection grounds, the Customer should write to privacy@pipeboard.co and the parties will discuss the objection in good faith. If no resolution is reached, the Customer may stop using the affected feature of the Service.

Pipeboard does not consider its hyperscale infrastructure providers (such as Vercel, Supabase, and AWS) to be Sub-processors of any Personal Data they cannot in practice read in cleartext as a result of encryption in transit and at rest combined with access controls; nevertheless, those providers are listed in Annex III for transparency.

8. Assistance with Data Subject Rights

Taking into account the nature of the Processing, Pipeboard will assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from Data Subjects exercising their rights under Chapter III GDPR (including rights of access, rectification, erasure, restriction, portability, and objection) and, where the LGPD applies, the rights of titulares under Article 18 of the LGPD.

Where a Data Subject contacts Pipeboard directly with a request relating to Customer Personal Data, Pipeboard will promptly forward the request to the Customer and will not respond on the substance of the request itself, unless the Customer instructs Pipeboard to do so. Customers can also delete the data of an end user themselves by following the steps on the User Data Protection page.

9. Personal Data Breaches

Pipeboard will notify the Customer without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting Customer Personal Data. The notification will, to the extent then known, describe:

  • the nature of the Personal Data Breach,
  • the categories and approximate number of Data Subjects concerned,
  • the categories and approximate number of records concerned,
  • the likely consequences of the Personal Data Breach, and
  • the measures taken or proposed to address the Personal Data Breach and to mitigate its possible adverse effects.

Pipeboard will provide reasonable cooperation and information to assist the Customer in fulfilling its own notification obligations under Articles 33 and 34 GDPR and, where the LGPD applies, the Customer's communication obligations to the ANPD and to titulares under Article 48 of the LGPD. Notifications will be sent to the email address associated with the Customer's account; the Customer is responsible for keeping that address current.

10. Data Protection Impact Assessments and Prior Consultation

Taking into account the nature of the Processing and the information available to Pipeboard, Pipeboard will provide reasonable assistance to the Customer in carrying out data protection impact assessments and prior consultations with supervisory authorities under Articles 35 and 36 GDPR.

11. International Data Transfers

Pipeboard's production infrastructure is hosted in the United States (Vercel edge regions, Supabase on AWS us-east-1, and DigitalOcean droplets that operate the MCP gateway nodes). Customer Personal Data may therefore be transferred to, and Processed in, the United States and other countries in which Pipeboard or its Sub-processors operate, including Brazil (where Pipeboard is established).

Where Customer Personal Data originating in the European Economic Area, the United Kingdom, or Switzerland is transferred to a country that is not subject to an adequacy decision under the relevant Data Protection Laws, the parties agree that such transfer is governed by the Standard Contractual Clauses, which are hereby incorporated into this DPA by reference, with the following selections and completions:

  • Module: Module Two (Controller-to-Processor) where the Customer is a Controller; Module Three (Processor-to-Processor) where the Customer is itself a Processor.
  • Clause 7 (Docking clause): applies.
  • Clause 9 (Use of sub-processors): Option 2 (general written authorization) applies, with the change-publication mechanism set out in Section 7 of this DPA.
  • Clause 11 (Redress): the optional independent dispute resolution language does not apply.
  • Clause 17 (Governing law): the law of the Republic of Ireland.
  • Clause 18 (Choice of forum and jurisdiction): the courts of the Republic of Ireland.
  • Annex I.A (List of Parties): the Customer (data exporter) and Pipeboard (data importer), with contact details as in the Principal Agreement and in Section 18 below.
  • Annex I.B (Description of Transfer): as set out in Annex I to this DPA.
  • Annex I.C (Competent supervisory authority): the supervisory authority of the Member State in which the Customer is established, or where the Customer is established outside the EEA, the Irish Data Protection Commission.
  • Annex II (TOMs): as set out in Annex II to this DPA.
  • Annex III (List of sub-processors): as set out in Annex III to this DPA.

For transfers from the United Kingdom, the parties agree that the UK Addendum applies and is hereby incorporated, with Tables 1, 2, and 3 completed by reference to the foregoing selections and Annexes, and Table 4 set so that neither party may end the UK Addendum on the basis of changes to the Approved Addendum.

For transfers from Switzerland, the SCCs apply with the modifications required by the Swiss Federal Data Protection and Information Commissioner: references to the GDPR are construed as references to the FADP, and the competent supervisory authority is the Swiss FDPIC for data subjects in Switzerland.

For Personal Data subject to the LGPD that is transferred outside Brazil, the transfer relies on a basis admitted by Article 33 of the LGPD — including the Standard Contractual Clauses or specific clauses approved by the ANPD where available, an adequacy recognition, or the Customer's instruction or consent — and the parties will cooperate to keep the transfer mechanism current with ANPD regulation.

12. Audits

Pipeboard will make available to the Customer all information reasonably necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and this DPA, and will allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

The Customer's audit right will ordinarily be satisfied by Pipeboard providing, on written request and subject to reasonable confidentiality undertakings, copies of its then-current Security Profile, Data Classification, Handling, Protection and Retention Policy, sub-processor list, and any third-party audit reports of its Sub-processors that Pipeboard is permitted to share. Where the Customer reasonably determines that this information is insufficient, the Customer may, at its own expense and on at least thirty (30) days' prior written notice (or with shorter notice in the event of a Personal Data Breach or as required by a competent supervisory authority), request an on-site audit of Pipeboard's relevant facilities, no more than once per twelve-month period. Audits must be conducted during normal business hours, must not unreasonably interfere with Pipeboard's operations, and may be conducted by an independent third-party auditor acceptable to both parties under appropriate confidentiality obligations.

13. Return and Deletion

At the choice of the Customer, Pipeboard will delete or return all Customer Personal Data after the end of the provision of services relating to Processing, and delete existing copies, unless storage is required by Union or Member State law.

The Customer may at any time use the in-product self-service deletion controls (see the User Data Protection page) or write to privacy@pipeboard.co to request deletion. Deletion is performed within thirty (30) days of the request and propagates to backups in accordance with Pipeboard's standard backup rotation. Logs containing Customer-related metadata are retained for up to thirty (30) days from creation and are deleted automatically thereafter.

14. Liability

Each party's liability arising out of or related to this DPA, whether in contract, tort, or under any other theory of liability, is subject to the limitations and exclusions of liability set out in the Principal Agreement. Nothing in this DPA limits any liability that cannot be excluded or limited under applicable law, including liability of a party to a Data Subject under Article 82 GDPR.

15. Term and Termination

This DPA takes effect on the date of acceptance and remains in force for as long as Pipeboard Processes Customer Personal Data on behalf of the Customer. Sections that by their nature survive termination (including Sections 9, 12, 13, and 14) will continue to apply.

16. Order of Precedence and Changes

In the event of any conflict between this DPA and the Principal Agreement, this DPA will prevail to the extent of the conflict. In the event of any conflict between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail to the extent of the conflict. As to Personal Data governed by the LGPD, Annex IV (Brazil / LGPD Addendum) prevails over this DPA and the Principal Agreement to the extent of the conflict.

Pipeboard may update this DPA from time to time. Each update is published as a commit in the public repository pipeboard-co/Data-Processing-Agreement; the commit history is the authoritative change log. Where a change materially reduces the protection afforded to Customer Personal Data, Pipeboard will additionally announce the change at least seven (7) days in advance via email to the Customer's account contact and via the GitHub release notes.

17. Governing Law

This DPA is governed by the law specified in the Principal Agreement, except that the Standard Contractual Clauses are governed by the law identified in Section 11 and the UK Addendum is governed by the laws of England and Wales.

18. Contact

For matters relating to this DPA, including data protection questions, sub-processor notifications, audit requests, and deletion requests, please contact:

ARTELL SOLUÇÕES TECNOLÓGICAS LTDA R 72, 223 Quadra C16 Lote 12/15 Sala 1507, Cond QS 01, Jd Goias, Goiânia, GO, Brazil, CEP 74805-480 CNPJ: 53.540.982/0001-70 Email: privacy@pipeboard.co Web: https://pipeboard.co

No formal Data Protection Officer (DPO) is appointed; Pipeboard's privacy contact for all inquiries is privacy@pipeboard.co.


Annex I — Description of Processing

A. List of Parties

Data exporter / Controller: the Customer, as identified in its Pipeboard account.

Data importer / Processor: ARTELL SOLUÇÕES TECNOLÓGICAS LTDA (Pipeboard), contact details in Section 18.

B. Subject Matter and Duration

Subject matter: the provision of the Pipeboard Service, including the MCP gateway, web application, scheduled reports, and AI-assisted analysis and management of advertising and commerce data on connected platforms.

Duration: for the term of the Principal Agreement, plus any additional period during which Pipeboard is required to retain Customer Personal Data to provide the Service or to comply with applicable law.

C. Nature and Purpose of Processing

Pipeboard Processes Customer Personal Data in order to: (i) authenticate users via email/password or OAuth providers; (ii) read and, where the Customer instructs, modify advertising and commerce data on connected platforms (Meta Ads, Google Ads, Pinterest Ads, TikTok Ads, Snap Ads, LinkedIn Ads, Reddit Ads, Microsoft Advertising, Shopify); (iii) enable the Customer's chosen AI assistant or LLM client to access and act on that data through Pipeboard's MCP servers, and generate recurring reports through features such as Scheduled Reports; (iv) operate, secure, monitor, and support the Service; and (v) bill the Customer.

D. Types of Personal Data

  • Account data: name, email address, hashed password (where email/password sign-in is used), provider user ID for OAuth sign-ins (Facebook, Google, GitHub, SSO).
  • Authentication tokens: OAuth access and refresh tokens for Meta Ads, Google Ads, Pinterest Ads, TikTok Ads, Snap Ads, LinkedIn Ads, Reddit Ads, Microsoft Advertising, and Shopify (and, for Meta, Facebook Page access tokens); Pipeboard API tokens. Stored encrypted.
  • Advertising and commerce data: ad account, campaign, ad group, ad, creative, audience, keyword, placement, and performance metrics retrieved from the connected platforms; pixel and conversion configuration metadata; identifiers of ad accounts, business managers, MCC accounts, advertisers, organizations, and Shopify shops.
  • Lead form responses (only where the Customer enables features that require it): where the Customer connects LinkedIn and grants the lead-generation permission, the responses people submit through the Customer's LinkedIn lead generation forms, which may include the lead's name, email address, phone number, job title, employer, and answers to the form's questions. On Meta, Reddit, and Pinterest, Pipeboard reads lead form configuration only and does not retrieve submitted responses.
  • Customer identifiers transmitted on the Customer's instruction (only where the Customer enables features that require it): where the Customer instructs Pipeboard to send server-side conversion events (to Meta, Pinterest, Reddit, or LinkedIn) or to build custom or lookalike audiences (on Meta, TikTok, Snap, or Pinterest), the identifiers contained in those uploads, such as email addresses, phone numbers, and mobile advertising IDs. Pipeboard normalizes and SHA-256 hashes these identifiers before transmission, so the receiving platform receives only hashes.
  • Shopify-customer data (only where the Customer enables features that require it): Shopify customer personal data such as names, email addresses, shipping and billing addresses, and order line items, and — only where the Customer has granted Shopify Protected Customer Data Access — order attribution and journey details. Pipeboard accesses this data only to the extent necessary to provide the requested feature, in accordance with Shopify's Protected Customer Data requirements.
  • Service usage and operational metadata: request and response metadata for MCP and HTTP requests (timestamps, tool name, request ID, status, duration, response size), error events, IP addresses, user-agent strings, and other technical telemetry.
  • Billing data: billing email, company name, billing address, tax ID/VAT, and Stripe customer/subscription identifiers. Card numbers are processed directly by Stripe and are not stored by Pipeboard.
  • Support and communications data: messages exchanged with Pipeboard support (for example, via Crisp) and the email address used.

E. Special Categories of Personal Data

The Service is not designed to Process special categories of Personal Data within the meaning of Article 9 GDPR or data relating to criminal convictions and offences. The Customer is responsible for not entering, uploading, or instructing Pipeboard to retrieve such data unless the parties have agreed in writing on additional safeguards.

F. Categories of Data Subjects

  • The Customer's users and team members who access the Service.
  • The Customer's end users, leads, and prospects whose information appears in the connected advertising or commerce platforms — for example, people who submit the Customer's lead generation forms (such as on LinkedIn) and Shopify customers, where those features are enabled by the Customer.
  • Authorized contacts of the Customer (for example, billing and security contacts).

G. Frequency of Transfer

Continuous, on a transactional basis, for the duration of the Service.

H. Retention

  • User account data: retained for the duration of the account, and deleted within thirty (30) days after account closure or a verified deletion request.
  • OAuth tokens and Pipeboard API tokens: retained while the account is active or until revoked by the Customer; deleted on account closure.
  • Advertising and commerce data accessed via platform APIs: not retained long-term; cached briefly (typically minutes to a few hours) for performance and reliability. Pipeboard may store a small per-user cache of recent aggregate metrics and the ad-account list to accelerate Insights reports.
  • Application and request logs: retained for up to thirty (30) days, then deleted automatically.
  • Backups: encrypted and retained in accordance with Pipeboard's managed-database backup rotation, after which deleted Personal Data is purged from backups by normal rotation.
  • Billing records: retained for as long as required by tax and accounting law applicable to Pipeboard.

Annex II — Technical and Organizational Measures

Pipeboard maintains the following technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in line with Article 32 GDPR.

1. Pseudonymization and Encryption

  • In transit: all traffic to and from the Service is protected by TLS 1.2 or higher.
  • At rest: Customer Personal Data stored in Pipeboard's managed PostgreSQL database (Supabase on AWS) is encrypted at rest using AES-256. Backups are encrypted.
  • Application-level: sensitive credentials (OAuth tokens, API tokens) are stored with additional application-level controls and are never returned to the client.

2. Confidentiality, Integrity, Availability, and Resilience

  • Access control: least-privilege access; row-level security (RLS) enforced at the database level so each user can only access their own records; administrative features gated and require explicit authorization; no shared credentials or standing access to production data.
  • Authentication: Pipeboard sign-in via email/password or OAuth providers (Facebook, GitHub, corporate SSO via SAML/OIDC) using authentication flows aligned with current best practices, including PKCE.
  • Network security: all production endpoints are served over HTTPS; MCP gateways behind nginx with TLS termination.
  • Application security: TypeScript strict mode, parameterized database queries, input validation via Zod schemas, dependency scanning via GitHub Dependabot, automated tests (Jest), pre-commit linting and formatting, and code review before merge to production branches.
  • Resilience: serverless application hosting with auto-scaling and automated recovery; managed PostgreSQL with multi-AZ availability and automated backups with point-in-time recovery; target recovery time objective (RTO) of one hour for the application and four hours for the database.

3. Restoration of Availability

Backups are performed automatically on a regular schedule by the managed database provider, are encrypted, and are tested in line with the provider's standards. The full codebase is maintained in version control (Git), enabling rapid redeployment.

4. Testing, Assessment, and Evaluation

  • Automated CI/CD pipeline with build, lint, and test gates required before merge to production branches.
  • Continuous dependency scanning and automated upgrade pull requests for security patches.
  • Public bug bounty program; vulnerability remediation targets aligned with severity (Critical: 24 hours, High: 7 days, Medium: 30 days).
  • Annual review of policies and security controls; ad-hoc review after material changes to the architecture or sub-processor list.

5. Logging and Monitoring

  • Structured logging of MCP and HTTP requests (request ID, user ID, tool name, status, duration) via OpenTelemetry, exported to SigNoz.
  • Product analytics via PostHog; anomalies and error events surfaced through dashboards and alerts.
  • Logs containing Customer-related metadata are retained for up to thirty (30) days.

6. Personnel and Organizational Measures

  • Personnel are bound by confidentiality obligations and receive role-appropriate security guidance.
  • Documented internal policies covering incident response, vulnerability management, secure development, change management, and data classification, handling, protection, and retention.
  • Documented incident response procedure aligned with the GDPR's 72-hour notification requirement.

7. AI-Specific Measures

  • Pipeboard does not use Customer Personal Data or connected advertising and commerce data to train AI models. If we ever introduce features that benefit from cross-account learning, we will provide advance notice and an account-level opt-out before any such use.
  • Where Pipeboard sends data to a hosted LLM provider on the Customer's instructions, only the data necessary for the requested operation is sent, and the provider is configured with privacy-preserving and no-training settings where available.
  • Pipeboard does not allow human review of Google user data without the affirmative agreement of the user, except where necessary for security, to comply with applicable law, or in aggregated and anonymized form for internal operations.

Annex III — Sub-processors

Pipeboard engages the following Sub-processors to support the delivery of the Service. Each Sub-processor is bound by a written contract that includes data protection obligations no less protective than those in this DPA.

Sub-processorPurposeLocation
Vercel Inc.Application hosting and global CDNUnited States (global edge)
Supabase Inc. (operating on Amazon Web Services)Managed PostgreSQL database, authentication, file storageUnited States (us-east-1)
DigitalOcean LLCMCP gateway hosting (mcp1, mcp2 nodes)United States
Stripe, Inc.Payment processing, billing, tax handlingUnited States
Anthropic, PBCHosted LLM inference (used only on Customer instruction; no training on Customer data)United States
OpenAI, L.L.C.Hosted LLM inference (used only on Customer instruction; no training on Customer data)United States
GitHub, Inc.Source-code hosting and CI/CD (build and deployment automation)United States
SigNoz Inc.Application observability and structured log/trace storageUnited States
PostHog Inc.Product analytics and feature flagsUnited States / European Union
Customer.io, Inc.Transactional and lifecycle email deliveryUnited States
Crisp IM SASCustomer support messagingEuropean Union (France)

The list above is current as of the date stated at the top of this DPA. The authoritative, current list lives in pipeboard-co/Data-Processing-Agreement on GitHub; the commit history is the change log. Subscribe to changes by clicking "Watch" on the repository.

Note on connected advertising and commerce platforms: Meta, Google, Pinterest, TikTok, Snap, LinkedIn, Reddit, Microsoft, and Shopify are independent Controllers of the data on their platforms. Pipeboard accesses those platforms on the Customer's instructions under the Customer's own platform credentials, and does not engage them as Sub-processors of Customer Personal Data.


Annex IV — Brazil (LGPD) Addendum

This Brazil (LGPD) Addendum supplements this DPA and applies where the Customer is established in Brazil or the Processing is subject to the LGPD (Lei n. 13.709/2018). Solely as to LGPD-governed Personal Data, it prevails over this DPA and the Principal Agreement to the extent of any conflict.

1. Definitions and Equivalence

For the purposes of this Annex IV, the terms used in this DPA have their LGPD equivalents: Controller corresponds to controlador (Article 5, VI); Processor / Pipeboard corresponds to operador (Article 5, VII); Data Subject corresponds to titular (Article 5, V); Processing corresponds to tratamento (Article 5, X); and Personal Data Breach corresponds to incidente de segurança. "ANPD" means the Autoridade Nacional de Proteção de Dados, Brazil's national data protection authority.

2. Roles

The Customer is the controlador and Pipeboard is the operador. Where the Customer is itself an operador, Pipeboard acts as suboperador. For Personal Data that Pipeboard Processes for its own purposes, Pipeboard is an independent controlador.

3. Legal Basis and Instructions

The Customer warrants that it has a valid legal basis under Article 7 (and, for sensitive personal data, Article 11) of the LGPD and that it has provided any information and obtained any consent required. Pipeboard Processes Personal Data only on the Customer's documented instructions and will flag any instruction that, in its opinion, infringes the LGPD.

4. Security

Pipeboard maintains the technical and organizational measures set out in Annex II of this DPA, in line with Articles 46 to 49 of the LGPD.

5. Security Incidents

Pipeboard notifies the Customer within seventy-two (72) hours of becoming aware of a security incident affecting Personal Data and assists the Customer with its communication to the ANPD and to affected titulares under Article 48 of the LGPD. The duty to communicate the incident to the ANPD and to titulares rests with the Customer as controlador.

6. Data-Subject Rights

Pipeboard assists the Customer in responding to titular requests under Article 18 of the LGPD. Requests that titulares direct to Pipeboard are forwarded to the Customer in accordance with Section 8 of this DPA.

7. Sub-processing

The authorized suboperadores are those listed in Annex III of this DPA, engaged under the same change-notification mechanism set out in Section 7. Pipeboard remains liable to the Customer for their performance.

8. International Transfer

Transfers of Personal Data outside Brazil rely on a basis admitted by Article 33 of the LGPD, as described in Section 11 of this DPA.

9. Retention and Elimination

At the Customer's choice, Pipeboard deletes or returns Personal Data within thirty (30) days, save where retention is required by law, in accordance with Section 13 of this DPA and Articles 15 and 16 of the LGPD.

10. Records and Accountability

Pipeboard maintains records of its Processing operations as operador under Article 37 of the LGPD and supports the Customer in demonstrating compliance, on the audit terms set out in Section 12 of this DPA.

11. Liability

Liability under this Annex IV is subject to the limitations and exclusions of liability set out in the Principal Agreement, save for any liability that cannot be excluded under applicable law. The allocation of responsibility between operador and controlador under Articles 42 to 45 of the LGPD is preserved.

12. Governing Law and Disputes

This Annex IV is governed by Brazilian law. Disputes follow the dispute-resolution provisions of the Principal Agreement (arbitration before the 12ª Corte, Goiânia/GO, with the courts of Goiânia competent for urgent measures), without affecting the regime of the Standard Contractual Clauses under Section 11.

13. Order of Precedence

As to LGPD-governed Personal Data, this Annex IV prevails over this DPA and the Principal Agreement to the extent of any conflict; otherwise this DPA remains in full force.