Pipedrive is Now SOC 2 Certified

Pipedrive SOC 2 Certification

We take the protection of our customers’ data very seriously. While this has traditionally meant putting great security systems in place and ensuring that we partner with industry leading service providers, we realize that some of you have a need for us to go beyond just giving you our word, so we went out and got some certification.

We already follow globally recognized best-practices, which means you can rest assured that your intellectual property, customer lists, product information, deal information, in fact, all your sales information is in great hands.

Now we are proud to say that Pipedrive is also a SOC 2 Certified Service Provider. If that sounds like we just randomly threw some numbers and letters together, read on.

The technical stuff

The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide you with proof that, when it comes to protecting your data, we’re not all talk. Thanks to a company-wide effort we managed to get certified in the following areas:

  • Security: All parts of the system are protected against unauthorized access.
  • Availability: Pipedrive is available for operation and use as committed or agreed
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in Pipedrive’s privacy policy.

The relationship we have with you is built on trust, and this certification is our way to bolster that trust and work towards earning rather than expecting it.

At Pipedrive we believe your privacy and the security of your information is a fundamental right. Our culture ensures that every member of our team preserves and respects what has been entrusted to us by you, our customers,” – Pipedrive Information Security Manager Jesse Wojtkowiak.

What’s next?

Of course, safety is an ever evolving concept in the digital world. We are currently making preparations to complete SOC 2 Type II keeping pace for GDPR compliance and ISO 27001 certification, and once that is done we will look at improving even further. Behind the scenes, we will keep examining how we build and run Pipedrive to ensure that we always have an eye on protecting you and your data.

Happy closing!

Join Pipedrive CTA

Martin Henk

Co-Founder, Head of Product Management

  • Ann Missy Brooks Drummond

    This is great news. Do you have any plans of becoming HiPAA certified/compliant?

    • Joel Jesus

      Hey Ann!

      It’s not in our plans at the moment I’m afraid.

      Pipedrive

  • Jed Keenan

    When is global GDPR compliance scheduled? I would like to use the service but am based in the EU with laws governing data collection and use that differ from US law and do note that we are transferring our Client Data and Personal Data to the United States for storage and processing. And that by providing any information, including Client Data and Personal Data, on or to the Service, we have consented to such transfer, storage, and processing.

    • Christopher

      Hi Jed,

      I want to assure you that we take data privacy very seriously and, having an office also in the EU, are well informed of the implications of the GDPR. We’re currently in the process of mapping and addressing any gaps we may have in GDPR compliance and we intend to get the bulk of the work done by May next year.

      With regard to data transfers, I wanted to clarify that EU customers will be contracting with our EU entity based in Estonia which has an agreement with our US hosting provider based on the EU Commission’s Standard Contractual Clauses to ensure adequate protection of personal data.

  • Jed Keenan

    Are you right to write certified?
    http://www.lawtechnologytoday.org/2014/07/soc-2-type-ii-certification-means/
    There’s no such thing as a “SOC2 Certification”..
    The SOC2 (or 1) is an audit/report on the effectiveness of operating controls in a given environment, as audited against selected Systrust principles and the policies/procedures in place for the audited organization, by a third-part Auditor.
    The Report is just that – a report on the outcome of the audit, showing whether deviations were found for each control by the auditor..
    Neither the AICPA nor the SOC auditor issues a Certificate, because it is not a Certification exercise.

    • Christopher

      Hi Jed,

      Thanks for bringing this up.
      We used the word certified because we received a certification which states that the audit was passed.