Template Texto Corrido

Privacy Notice for Gupy Performance and Development

Gupy and Pulses are deeply committed to privacy and the protection of your personal data. Therefore, we present this Privacy Notice, which contains all the necessary information about when and for what purposes we process your personal data, as well as informing you of your rights when you use Gupy Performance and Development.

Your data is always processed in accordance with this Privacy Notice, in compliance with legislation, the provisions of the contract we have with the Client Company, and the instructions given to Gupy by this company.


Controller: a natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data. In Gupy Performance and Development, the Client Company is classified as the Controller.

Data: Personal data and/or sensitive data;

Personal data: information related to an identified or identifiable natural person;

Sensitive personal data: personal data concerning racial or ethnic origin, religious belief, political opinion, union membership, or membership in religious, philosophical, or political organizations, data concerning health or sex life, genetic or biometric data, when linked to a natural person;

Client Company: refers to the company that contracts the services offered by Gupy and Pulses, especially the services related to Gupy Performance and Development, i.e., your employer;

Data Protection Officer (DPO): a person appointed by the controller and processor to act as a channel of communication between the controller, data subjects, and the National Data Protection Authority (ANPD);

Gupy: refers to the company GUPY TECNOLOGIA EM RECRUTAMENTO LTDA, registered under CNPJ number 23.514.668/0001-52, headquartered at Avenida Paulista, 1079, Bela Vista, in the city of São Paulo, state of São Paulo, ZIP code 01.311-200. Manager of Gupy Performance and Development;

Gupy Performance and Development: refers to the Performance and Development Platform of Gupy and Pulses for managing employee performance through the construction of performance evaluations and the promotion of continuous employee development, available in application and web formats;

LGPD: General Data Protection Law - Law No. 13,709, of August 14, 2018;

Pulses: refers to the company PULSES SERVIÇOS DIGITAIS S.A., registered under CNPJ number 09.570.403/0001-40, headquartered at Avenida Ministro Victor Konder, 730, room 01, “Fazenda” neighborhood, Itajaí/SC, ZIP code 88301-701. Manager of Gupy Performance and Development;

Operator: a natural or legal person, public or private, who carries out the processing of personal data on behalf of the Controller. Gupy and Pulses are classified as Operators in activities related to Gupy Performance and Development;

Services: activities offered through Gupy Performance and Development available in an application for web and mobile devices, compatible with the iOS or Android operating system, available on the App Store and Google Play stores or on the website https://www.pulses.com.br/app/aplicativo/

Suboperators: have a direct relationship with the Operator and are hired to assist in the processing of personal data activities on behalf of the Controller;

User: means (i) an employee of the client company who has access to use the functionalities of Gupy Performance and Development; (ii) an employee of the client company who has credentials to manage the Gupy Performance and Development platform. In summary, any person who intends to use or uses the services of Gupy Performance and Development.

Who are we?

Gupy and Pulses are the holders of Gupy Performance and Development and act as Operators when processing your personal data. For this reason, we recommend that you also consult the Privacy Notice of the company where you work - the Data Controller.

Who is the Data Protection Officer (DPO)?

Name: Renata Benjamin Gonçalves
E-mail: privacidade@gupy.com.br 

What data is collected? For what purposes?

Gupy and Pulses process your data on behalf of the Client Company to enable the use of Gupy Performance and Development, according to the permissions granted to them, especially to enable the management of employee performance through the construction of performance evaluations and the promotion of continuous employee development.

We take your privacy very seriously and will never sell your data.

Data Types Puposes How we collect your data
Identification Data: Full name and/or social name, email, phone number, CPF (Brazilian ID number), language, profile picture*, date of birth*, gender*, cellphone*. 

(* - optional)
We use this data to register and authenticate you to enable your access to the platform, provide support assistance, among other purposes. This data is entered by you, through your own submission, or may be provided by the Client Company for registration in Gupy Performance and Development.
Professional Data: 

Internal identifier*, date of hire*, education*, position*, geographic unit*, business unit*, level of education, language*, groups*, leaders*, position*, among others. 

(* - optional)
To identify the client/User in Gupy Performance and Development. 
i) Send surveys; 
ii) Avoid duplication of responses by the same User; 
iii) Segment results, respecting the confidentiality level of surveys; 
iv) Configure platform access permissions; 
v) Ensure client/user security.
Through insertion via screen, bulk import, or API performed by the Data Controller.
Navigation Data: Characteristics of the access device, browser, access logs to the application (IP, with date and time), accessed information, screens accessed, geolocation data, application history, among others. i) Monitor the platform's operation; 
ii) Conduct analyses for improvements, to operationalize new products and services; 
iii) Fulfill legal and administrative obligations.
Automatically through cookies and other similar technologies, during the use of the application. For more information, see our Cookie Notice.
We might also treat your data when using Gupy Climate and Engagement integrated with other corporate communication platforms, such as Slack, Microsoft Teams, and others. In this case, we will ask for some information sharing permissions for its correct functioning.

With whom do we share your data?

We are authorized by the Controller to share your Personal Data with other data processing agents, including public entities, if necessary for the purposes listed in this Privacy Notice, observing the principles and guarantees established by the LGPD.

Your Data will be shared (and only if strictly necessary) with some service providers we hire to assist us in carrying out our activities, namely:

Provider Service Provided
Google Cloud Platform Storage and processing of data in the cloud.
Mailgun Email, SMS, or in-app/web notifications dispatching as per our contract with the Client Company.
Zenvia SMS messaging tool. It only has access to the phone number and content of the sent message.
Hotjar  Usability analysis tool.
Salesforce Support ticket management. 

Such providers have been carefully selected, have strict confidentiality agreements and obligations related to the protection of your data, and may only process them for the purpose of providing the service contracted by the Company through Gupy and Pulses.

Other specific legal demands may lead to the sharing of personal data, including for the eventual defense of our rights and interests in any type of conflict or to comply with determinations from competent authorities.

International data transfer

We may transfer your Personal Data outside of Brazil, specifically to the United States or countries in the European Union, if the Client Company or any of the Suboperators have servers in these countries.

We adhere to all guidelines established by current legislation and adopt best practices for data security and protection to ensure the integrity, confidentiality, availability, and privacy of your Personal Data throughout the procedure. Our relationships with such companies are governed by contracts that include obligations for the protection of data and information security appropriate to the nature of the Personal Data processing we carry out and compatible with the requirements of Brazilian legislation.

Information Security Measures

We are very concerned about the privacy and protection of your personal data, so we adopt technical, administrative, and organizational security measures and best practices to protect our systems and databases, using the best technologies available in the market - including the use of antivirus software, data encryption, anonymization of personal data, access control, firewall utilization, implementation of information security policy, software solution architecture with invasion prevention and HTTPS usage, institutional measures (Privacy and Data Protection Governance Program), employee training and awareness, protection against unauthorized access, among others.

However, despite our efforts, considering the nature and architecture of the internet (which includes elements beyond our control), it is impossible to guarantee that malicious agents will not be able to access or misuse personal data, as it is an inherent risk in the use of computerized systems.

Where and for how long will we keep your data?

Your data is stored in the cloud by the company Google Cloud Platform, whose server is located in Brazil.

We store your Personal Data only for as long as necessary to achieve the purposes for which they were collected, in accordance with the instructions of the Client Company.

Your personal data will be kept only while:

(i) you are indicated by the Client Company as a User-company of Gupy Performance and Development and;

(ii) Gupy, Pulses, and the Client Company have an ongoing commercial relationship. Once such conditions cease to exist, your data as a User will be deleted, retaining only those necessary for defense in judicial or administrative proceedings, or the regular exercise of rights.

To know the retention and disposal period, please contact directly the responsible department of your company.

What are your rights regarding the privacy of your data?

You can exercise your rights provided by the LGPD such as confirmation of the existence of treatment, right of access, correction of incomplete, inaccurate or outdated data, right of portability, withdrawal of consent, right of opposition or request for deletion of the account, or of your Data, through direct contact with your Company.

However, if this is not the case and you have usability issues with Gupy Performance and Development, you should contact us via support.

Gupy Performance and Development is compliant and follows the guidelines established by the LGPD. The Company choosing to use them outside of Brazil should be aware that it may be subject to other legislation, in addition to the LGPD, without Gupy or Pulses having any interference.


This Privacy Notice may be updated. Therefore, we recommend visiting this page periodically to be informed about the modifications. If relevant changes requiring new authorizations from you are made, you will be notified through Gupy Performance and Development.


Last updated on February 20, 2024.