Template Texto Corrido

Privacy Notice Gupy Climate and Engagement

Gupy and Pulses have a strong commitment to privacy and the protection of your personal data. Therefore, we present this Privacy Notice, which contains all the necessary information about when and for what purposes Gupy processes your personal data, as well as informing you of your rights when you use the Climate and Engagement Platform.

Your data is always collected in accordance with this Privacy Notice and in compliance with relevant data protection legislation, especially the General Data Protection Law ("LGPD").


Administrator: a private legal entity or an individual absolutely capable under Brazilian law who will proceed with the hiring of services offered by Gupy and Pulses, especially those related to Gupy Climate and Engagement, i.e., your employer. It is up to them to designate other Users to operate the platform, assigning specific accesses for this purpose, as well as feeding the platform with data from respondent Users and receiving the results obtained, keeping all information updated and legally responding for the client;

Anonymization: Use of reasonable and available technical means at the time of Processing, through which data loses the possibility of association, directly or indirectly, with an individual;

Controller: a natural or legal person, public or private, responsible for decisions regarding the processing of Personal Data;

Personal Data: data related to an identified or identifiable natural person;

Data Protection Officer (DPO): a person appointed by the controller and processor to act as a channel of communication between the controller, data subjects, and the National Data Protection Authority (ANPD);

Gupy: GUPY TECNOLOGIA EM RECRUTAMENTO LTDA, registered under CNPJ number 23.514.668/0001-52, headquartered at Avenida Paulista, 1079, Bela Vista, in the City of São Paulo, State of São Paulo, ZIP code: 01.311-200. Manager of Gupy Climate and Engagement;

Gupy Climate and Engagement: refers to the tool used by Client Companies for managing surveys, communication, and feedback from employees, consolidating results into dashboards for administrators and users;

Processor: a natural or legal person, public or private, who processes personal data on behalf of the controller;

Pulses: PULSES SERVICOS DIGITAIS S.A., a closely held corporation, located at Avenida Paulista, 1079, Bela Vista, in the City of São Paulo, State of São Paulo, ZIP code: 01.311-200;

Subprocessor: has a direct relationship with the processor and is hired to assist in carrying out activities of processing personal data on behalf of the controller;

Data Subject: a natural person to whom the personal data being processed relates;

Data Processing: refers to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or extraction;

User: a person designated by the administrator to use the platform in a specific way, including answering questions, providing feedback, responding to evaluations, viewing the results obtained, operating other platform functionalities on behalf of the administrator, as well as responding to questions that will be part of the information gathered, for the preparation of the report object of the platform;

Administrator User: a person with advanced access privileges to functionalities and more sophisticated controls for comprehensive management and customization of Gupy Climate and Engagement. They have exclusive permissions that allow them to perform critical tasks and exercise more comprehensive control in order to manage user accounts, configure parameters, and, in general, optimize the platform's operation.

Who we are?

Gupy and Pulses are the owners of Gupy Climate and Engagement and act as Processors when processing your Personal Data. For this reason, we recommend that you also consult the Privacy Policy of the client company where you work, the Personal Data Controller.

Who is the Data Protection Officer (DPO)?

Name: Renata Benjamin Gonçalves
Contacto: privacidade@gupy.com.br 

What data is collected? For what purposes? 

Gupy and Pulses, as Processors, process Personal Data of their clients to meet the purposes informed in this Privacy Notice on behalf of the Controller.

In our activities, we consider the principle of data minimization, as we only use the necessary information for the execution of the contract entered into with the client company, which aims to provide services related to people management through applications and analysis methods related to employee climate, engagement, performance, and culture.

However, during the term of the contractual relationship, for the purpose of contract fulfillment, as well as for service improvements, other personal data may be collected as necessary.

Tipo de dados Finalidades Como os dados são coletados

Registration data: CPF/Email/Internal identifier.

To identify the client/user on the platform:
i) Send surveys;    
ii) Avoid duplication of responses by the same User;    
iii) Segment results, respecting the confidentiality level of the surveys;    
iv) Configure platform access permissions.    
v) To ensure the security of the client/user.

Through insertion via API performed by the Controller.

Navigation data: Characteristics of the access device, browser, application access logs (IP address with date and time), accessed information, screens accessed, geolocation data, application history, among others.

i) Monitor the platform's operation;
ii) Conduct analyses for improvements, to operationalize new products and services;
iii) Fulfill legal and administrative obligations.

Automatically through cookies and other similar technologies during the use of the application. For more information, see our Cookie Notice.

Also, we may process data when using Gupy Climate and Engagement integrated with corporate communication platforms such as Slack, Microsoft Teams, among others. In this case, we will request some information sharing permissions for proper functioning.

Who do we share the collected data with?

User data will be shared (and only if strictly necessary) with some service providers we hire to assist us in carrying out our activities and ensuring the platform's operation, namely:

Provider Service Provider
Google Cloud Platform Storage and processing of platform data.
SendGrid Email sending. It has access only to the email address and content of the message sent, which is not stored in its systems.
Zenvia SMS messaging. It has access only to the phone number and content of the message sent.
Zendesk Support channel. Only the email and name of the account administrator are shared.

Such providers have been carefully selected, have strict confidentiality agreements and obligations related to the protection of your data, and may only process your data for the purposes of providing the service contracted by Gupy and Pulses.

Other specific legal demands may lead to the sharing of personal data, including for eventual defense of our rights and interests in any type of conflicts or to comply with determinations from competent authorities, such as:

I. For the protection of Gupy and Pulses' interests in case of conflict, including in judicial demands;

II. In case of transactions and corporate changes involving Gupy and Pulses, in which case the transfer of data will be necessary for the continuity of services offered through the platform;

III. Through court order or by request of administrative authorities with legal competence to request them.

Security Measures

We are very concerned about the privacy and protection of your Personal Data, therefore, we have adopted technical, administrative, and organizational security measures and best practices to protect our systems and databases, using the best technologies available in the market - including the use of antivirus, data encryption, anonymization of personal data, access control, use of firewalls, and implementation of information security policy, software solution architecture with intrusion prevention, and use of HTTPS, institutional measures (Privacy and Data Protection Governance Program), employee training and awareness, protection against unauthorized access, among others.

Despite our efforts, considering the nature and architecture of the internet (which includes elements that are not under our control), it is impossible to guarantee that malicious agents will not be able to access or misuse Personal Data, as it is an inherent risk of using computerized systems.

How to request service to a right?

You can exercise your rights provided for in the LGPD, such as confirmation of the existence of processing, right of access, correction of incomplete, inaccurate, or outdated data, right of portability, withdrawal of consent, right of opposition, or request for account deletion or your data, through direct contact with your Company.

However, if this is not the case and you have usability issues with Gupy Climate and Engagement, you should contact us via support.

Gupy Climate and Engagement is compliant and follows the guidelines established by the LGPD. Companies choosing to use it outside Brazil should be aware that they may be subject to other legislation, in addition to the LGPD, without Gupy or Pulses having any interference.

How long will we keep your data?

Gupy and Pulses will keep your Personal Data stored for as long as necessary to meet the purposes that motivated the collection, including for the fulfillment of any legal or contractual obligations, or request from competent authorities.

Gupy and Pulses may delete the Personal Data collected from Users:

(i) When the purpose for which they were collected is achieved, or when they are no
longer necessary or relevant for the purpose, as described in the Terms of Use and Privacy Notice;

(ii) When the Administrator User deletes a User's account;

(iii) When the legal retention period expires; or

(iv) If determined by a competent authority.

The data presented by Users and Administrator Users are their sole responsibility, and the insertion of any false, adulterated, or unauthorized information by third parties does not generate any liability to Gupy and Pulses.

Gupy and Pulses will treat your content as confidential information and will only use and disclose it in accordance with the Terms of Use (https://www.gupy.io/termos-de-uso-clima-e-engajamento) and Privacy Notice (https://www.gupy.io/aviso-de-privacidade-clima-e-engajamento/).

However, your content will not be considered confidential information if:

1. it is or becomes public (provided it is not through a violation of these Terms of Use by Gupy and Pulses);

2. it has legally come to the knowledge of Gupy and Pulses before being received from you;

3. it is received by Gupy and Pulses from third parties, without knowledge of any violation of any obligation assumed with you; or

4. it was independently developed by Gupy and Pulses, without reference to its content.

This document represents the comprehensive understanding between the user, Gupy, and Pulses, being governed by Brazilian Laws. It is determined that the competent court to resolve any issues arising from this instrument is the city of Itajaí, SC, expressly waiving any other jurisdiction, regardless of its primacy.

International Transfer of Personal Data

Gupy Climate and Engagement is fully operated in the cloud, through the Google Cloud Platform - GCP. Our storage base in the GCP is located in Brazilian territory in 1 (one) region and 3 (three) availability zones. At present, all data processed, transmitted, and served by Gupy Climate and Engagement are stored in one or more of these three zones.

We may transfer your Personal Data to other countries, specifically to the United States or the European Union, if the Client Company or any subprocessor has servers in those countries.

We comply with all requirements established by current legislation and adopt the best practices for security and data protection to ensure the integrity, confidentiality, availability, and privacy of your personal data throughout the process. Our relationships with such companies are governed by contracts that include obligations for data protection and information security appropriate to the nature of the personal data processing we perform and compatible with the requirements of Brazilian legislation.


This Privacy Notice may be updated at any time, and such changes will be published in our services and can be checked whenever you want. Therefore, we recommend visiting this page periodically to be aware of any modifications. If significant changes requiring new authorizations from you are made, you will be notified through Gupy Climate and Engagement.

Últimas Alterações

13/12/2023 – Versão atual

08/12/2022 - Privacy Policy - Version 2.1

23/02/2022 – Privacy Policy - Version 2.0