Critical Privacy Issue: Emails within company (e.g.: with HR, CEO, etc.) are synced

Scott Anderson
Scott Anderson Member Posts: 9 VERIFIED MEMBER
edited May 2022 in Sales CRM #1

(This is a critical privacy loophole)

My emails to HR, Supervisor or CEO can be synced in Pipedrive. This is a very severe privacy risk and breach for Intracompany communication. 

A common test of the sales pipeline is testing with an employee's work email address. If a work email is entered into Pipedrive then the full email history of that employee becomes visible on Pipedrive which is unacceptable because email communication between employee and Supervisor, HR, CEO etc will be synced.  There is no reliable way to prevent this breach from happening with the options available in Pipedrive.

Maybe I'm missing something, but this seems to be a critical and common privacy loophole. 

SUGGESTION to RESOLVE:

Domain filter that will not sync email where there are only senders and recipients from that domain; I.E.: Ignore Intra-company Emails).

Comments

  • Vladimir Dubakin
    Vladimir Dubakin Posts: 59 VERIFIED MEMBER
    100 Comments Pipedrive Team
    edited February 2021 #2

    Hey, @Scott Anderson 

    Hoe are you?

    Vladimir from Pipedrive is here.

    Upon connecting email sync for the first time - user can select which folders/;labels will be synced with PIpedrive as well as how far back the communication will go.

    So, first thing possible to do - to create a filter in your email client to make sure all work - related emails will get automatically labelled by "work" label.

    And when you set up sync -  user will just make sure to select all other folders except the "work one" : 

    image

    Also, users can select "not to share emails with others in the company" using this  default emails sharing option:

    image

    Then, by design, if you create a contact person with an email address of your colleaegue (that is also a Pipedrive user) - emails should not get linked to contact person account.

    So, you can see that there is a variety of options in Pipedrive to limit email sharing and if that still does not work for you well- please do reach out to support@pipedrive.com or use in-app chat!

    Kind regards,

    Vladimir

  • StephenC
    StephenC Member Posts: 10 VERIFIED MEMBER
    Fourth Anniversary Photogenic First Comment

    Hi,

    These approaches are not satisfactory remedies to Scott's privacy concerns, which we share. If a user creates a Contact record for any employee in the company, all emails to that user will sync.

    The first approach requires users make changes to their email clients. Some users are not so knowledgeable. Or they may use multiple clients.

    The second approach (Keep all my email conversations private) puts a burden on the user to manually "share" emails in Pipedrive. It's hard enough to get busy sales people to use the CRM at all, asking them to do this guarantees emails will not be properly done.

    The right approaches are, I believe, either as Scott suggests, to prevent intra-company emails from being shared by default, or - better - prevent creation of a Contact with an email in the company's Domain.

    If senior management believes their internal emails have any chance of being seen by others in the company, they will not use Pipedrive at all. That's a problem for Pipedrive because other CRMs do not have this possibility, and companies will move to them.

    Regards,

    Stephen