Data ProtectionWhat companies using Pluga need to know

This page aims to provide educational information about data protection laws, focusing on general data protection principles, with references to the CCPA, GDPR, and LGPD. However, it should not be used as a way to ensure compliance with any specific law. To ensure compliance, we recommend consulting with a specialized company.

Understanding data protection

Data protection laws are designed to protect personal data, ensuring individuals privacy and freedom. Various regions have implemented specific regulations, such as the CCPA in California, USA, the GDPR in Europe, and the LGPD in Brazil.

What is data protection?

Data protection refers to practices, regulations, and laws intended to protect personal data from misuse, unauthorized access, and breaches. The goal is to ensure that personal data is handled responsibly and that individuals privacy rights are respected.

Highlights of key regulations


CCPA (California Consumer Privacy Act)

The CCPA grants California residents rights over their personal data, including the right to know what data is being collected, the right to delete personal data, and the right to opt-out of the sale of personal data. Companies must comply with these requirements to avoid significant penalties. Pluga's Privacy Policy clearly states that we do not sell any user data to third parties under any circumstances.

GDPR (General Data Protection Regulation)

The GDPR, applicable in Europe, sets a high standard for data protection and privacy. It includes stringent consent requirements, the right to access and rectify data, and severe penalties for non-compliance.

LGPD (Lei Geral de Proteção de Dados)

The LGPD is Brazil's data protection law, inspired by the GDPR. It aims to protect individuals' privacy and ensure data security by regulating the processing of personal data.

  • For more detailed information on these regulations, please consult our Privacy Policy.

Pluga as a data processor

In most scenarios, Pluga acts as a data processor, handling personal data on behalf of the controller, which is the user. For example, when a user uses Pluga to integrate apps like Typeform and Pipedrive, Pluga processes data to facilitate these automations.


Examples of data processing


User Registration

When users register with Pluga, we collect basic information, such as email, password, and company details, to provide personalized automation suggestions. This data is processed and protected in accordance with applicable data protection laws.

Third-Party Subprocessors

Pluga uses third-party services to enhance our infrastructure and services, including customer support, payment processing, and email notifications. Key subprocessors include:

  • Amazon Web Services (cloud computing platform)
  • RD Station Marketing (marketing automation platform)
  • Zendesk (customer service platform)
  • Stripe (payment processing)

Pluga's commitment to data protection

To ensure compliance and protect user data, Pluga has implemented several measures, including:

  • An option in the dashboard for users to export automation event history;
  • An option in the dashboard for users to delete the log (history);
  • An option in the dashboard for users to permanently delete their Pluga account;
  • An option in the dashboard for managing emails sent by Pluga.

These measures empower users to effectively control their data. We continue to enhance our data protection strategies, including conducting data protection impact assessments and training Pluga’s employees in best practices.

Best practices for using Pluga

  • Clarity and purpose

    Clearly state on your pages the purpose for collecting each piece of personal data.

  • Data removal

    If requested, delete user data (remember that users have the "right to be forgotten").

  • Specialized consultancy

    We suggest that your company seek specialized consultancy for a comprehensive data protection assessment.

  • Avoid collecting sensitive data

    As the person responsible for automation, you must be careful about what you request in your forms or enter into your spreadsheets, for instance. Sensitive data includes information about racial or ethnic origin; political opinions; religious or philosophical beliefs; genetic data; biometric data; health data; union membership data; sexual orientation data; data about minors; criminal history data.

  • Collect only what is necessary

    Collect only the data strictly necessary for your service. The processing of personal data must be based on principles of good faith (i.e., purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability, and responsibility).

The right to privacy: a global movement

Data protection is a global concern. Laws like the CCPA, GDPR, and LGPD reflect this movement, emphasizing the importance of protecting personal data and ensuring privacy.

For more details on our data protection and compliance practices, please read our Privacy Policy.

By staying informed and implementing best practices, you can help create a culture of respect for data privacy, ensuring compliance with applicable regulations and effectively protecting your users data.

Ready to automate your business? Start now in under 2 minutes.

Get started free