🪄 Our new AI-powered features are here! Learn more.

CRM privacy and security

How to be on top of your CRM security

Your CRM is a goldmine of valuable and highly-sensitive customer information. Even the smallest security breach could cause irreparable damage with long-lasting effects. And, with security breaches rising by 11% since 2018 and 67% since 2014, security has never been more crucial for businesses’ livelihood. A reliable CRM must, therefore, safeguard your information and prevent it from falling into the wrong hands by upholding the highest standards of CRM security policy on all levels.

With multiple security certificates, world-class infrastructure and a host of CRM privacy and security features, from user permissions to single sign-on and two-factor authentication, Pipedrive is committed to protecting your data and keeping you informed on all levels and at all times.

Full access. No credit card required.








Security center

Knowing how and when your company’s data is accessed and by whom is key to protecting your business information and your customers’ privacy. Your CRM security features should, therefore, cover these areas to the max. What’s more, your CRM should provide you with easy access to these features to ensure that you can monitor your security and access control independently.

Pipedrive’s security center enables you to manage all your company’s security aspects from one place, starting with its security dashboard – which gives you an overview of your security and enables you to tackle suspect user and account activities in real-time – through user access and device logs, allowing you to receive notifications about the times and locations of user logins over the last 60 days – all the way to rules and alerts designed to automate secure practices such as whitelisting IPs or setting time-restricted access.


Visual dashboards

User access and device logs

Rules and alerts

Email notifications

SSO and 2FA

Manage user access centrally through your preferred single sign-on provider while confirming users’ identity

Visibility groups

Categorize your users into groups and sub-groups and dictate what they are allowed to see within Pipedrive

Permission sets

Customize what users can do in Pipedrive with variable user permission sets suited for different levels of user access

User access and device logs

Get notifications about the times and locations of user logins over the last 60 days to pinpoint and prevent suspicious activity


Visibility and login protection

Your CRM security starts with the product itself. More specifically, with visibility and login protection. Managing user access empowers you to create information hierarchies that protect the data on your company's account.

For example, with Pipedrive you can use user permission sets and visibility groups to limit what users can do, see and access. You can also enhance your login security from any device with two-factor email verification or manage user access centrally through your single sign-on provider. Lastly, and to protect your account from strangers trying to log in, user accounts that enter an incorrect password three times in a row will be locked. The user then receives an email that helps them securely unlock their account.


Organizational data management

While security on the product level is fundamental, your organizational data management must also meet certain criteria to allow businesses in different locations to comply with local and global security standards, from GDPR to ISO/IEC 27001. For that reason, it’s crucial to ensure your CRM security policies are in line with your business’s.

Pipedrive is fully committed to meeting GDPR requirements. It further encrypts your data and lets you export it, transfer it via the API or tell us to delete it. Lastly, the company employs a dedicated data protection officer who’s responsible for spearheading data protection compliance and initiatives.


Secure infrastructure

Secure infrastructure is the last and probably the most prominent piece of your security puzzle. It’s meant to ensure your foundation is rock solid and reliable so that security on all levels can be maintained at all times.

With Pipedrive, you benefit from world-class hosting infrastructure in Rackspace and AWS, state-of-the-art encryption for all data, whether at rest or in transit over public networks and daily backups going back three months. Add this to various security certificates and you get a product that is secure from top to bottom.

Security rules

Turn on and enforce password strength requirements, password expiration and history control, two-factor authentication (2FA), IP- and time-based access restrictions for all users

Security alerts

Get instant email notifications about suspicious access to your company’s account, potential data leaks and data loss

Security management tips

Manage user access and security-related activity in your company’s account and get tips to protect your business data

GDPR compliance

Make sure your sales practices adhere to GDPR in safeguarding personal data

Join over 100,000 companies

Pipedrive shares the following information with all customers:

  1. Security and Privacy White Paper
  2. SOC 3 report
  3. ISO/IEC 27001:2013 certificate
  4. Pipedrive DPA (our legal contract detailing our commitments in regard to data protection)

Pipedrive shares the following additional information with all customers who’ve signed NDAs*:

  1. SOC 2 Type II report
  2. Security questionnaires. Pipedrive fills out questionnaires for customers who are on the Enterprise Tier

*Please reach out to your contact person/account executive for clarification or to receive the above documents.


EU-US Data Privacy Framework


Data Processing Addendum
RFC 2350
Pipedrive Vulnerability Disclosure Program

Focus on security features that matter

Pipedrive is designed to:

  • Prevent security breaches and data leakage
  • Help admins monitor all security aspects from one location
  • Support custom permission sets
  • Automate secure practices
  • Comply with international security standards, such as GDPR
  • Offer security management tips

Pipedrive CRM security policy

We at Pipedrive adhere to the following guidelines to meet the highest standards of CRM security policy:

  • Customers’ data is stored in separate databases to avoid the risk of any leaks into other databases
  • Pipedrive accounts are hosted in Rackspace data centers in Europe and the US by hosting providers compliant with SAS 70 type II
  • All information is encrypted via secure HTTPS connections and is backed up daily through Amazon Web Services
  • Pipedrive complies with GDPR and adheres to SOC 2, SOC 3, the EU-US Data Privacy Framework and ISO/IEC 27001:2013
  • Pipedrive employees are regularly trained regarding security best practices and regulations

Used by over 100,000 companies in 179 countries

In the forecast view, we look at what deals are due to close this month, next month just to make sure everyone is really honest about what they should be working on.

Carolyn PearsonFounder, Maiden Voyage

One of the favorite features within Pipedrive is the email integration. It pulls all of the clients details in, so that we don’t have to think about it.

Erin and DrewFounders, Pro Arts

As a business owner, my favorite feature in Pipedrive is the statistics and being able to look at the dashboard and use those metrics to help each individual on the team.

Lisa CoyleCEO, 360 Payments

Privacy and security FAQ

Sell more. Pay less. Try it free!

Full access. No credit card required.