We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or not, feel secure to continue using our product.

GDPR gives EU citizens more control, choices and rights over how their data is used and puts forth guidelines for the collection and processing of data for businesses.

We’ve been working hard these past few months to prepare for GDPR. After a thorough review of our approach to storing, handling and processing data, we’ve made changes to our terms and policies so all of our customers, whether abroad or in the EU, feel confident in continuing to use HEFLO and have a greater understanding of their options to control personal data within HEFLO.

Data control

New features to give customers more control over their data: all files are stored in an exclusive Amazon S3 folder for each customer, so with an AWS S3 client tool it’s possible to download these files to your infrastructure. Also, we provide an exportation job that generates all customer automation data (forms and workflow data) as text files on Amazon S3.

Personal data

The personal data we hold are simple information such as Name, Email, Address, and invoice information.

Contact data of Administrator users are exported to the marketing tools below:

  • Active Campaign: email marketing. The user can unsubscribe from lists using a link at the bottom of each message.
  • Pipedrive: CRM. We send this information after a user’s explicit sales contact request.

Also, we share the CRM data with our partners in Mexico, Germany, Austria, Switzerland (German speakers) and Netherlands (German speakers) .

We do not hold sensitive data such as credit card data.

Updated Terms of Use

For more information read our Terms of Use.

Also, we revised Amazon AWS hosting services, and you can obtain more information at General Data Protection Regulation (GDPR) Center.

Data Protection Officer

Ricardo Guimarães – Please use the chat tool to ask for Ricardo’s contact.

Email marketing

Every new user with the role “Administrator” is automatically included in our marketing campaigns, and the reason for this is the need to instruct them on features and BPM concepts. Also, in each message, there is an opt-out link to leave the list.


The HTTPS protocol encrypts all data in transit between browser and servers. The entire communication is secure. For the relational database, there is also the encryption of data. This means that if this database falls into the hands of a hacker, the data will remain inaccessible.

Was this article helpful?

Related Articles