Knowledge Base

When using Pipedrive lead generation features like Chatbot and Web Forms and our paid add-on, Web Visitors, certain cookies are used to provide the best experience for you and your customers.

These cookies are required for the features to function. However, depending on the applicable privacy laws in the jurisdictions where you operate, you may need to obtain consent before these tracking technologies are deployed.

Furthermore, in order to provide you with the engagement statistics on the dashboard and allow troubleshooting on our end, we track certain events for Chatbot and Web Forms via a tracking script.

Who is responsible for legal compliance?

For Chatbot, Web Forms and Web Visitors that you embed on your website, you (the website operator) are generally the data controller for your visitors’ personal data. Pipedrive acts as your processor/service provider as described in our Terms of Service, Privacy Notice and Data Processing Addendum.

This means that you’re responsible for:

• Providing all required notices to your visitors (for example, in your privacy/cookie notice);

• Obtaining any consents that may be required under applicable laws (such as the EU/UK ePrivacy rules, GDPR, LGPD or relevant US state laws); and

• Configuring your cookie banner or consent management platform (CMP) and tags so that Pipedrive scripts and cookies are used only when you have a valid legal basis (for example, consent where required).
  

Consent signal detection

Pipedrive's Chatbot and Web Forms features don’t currently detect or respond to consent management platform (CMP) signals or visitor opt-out preferences.

If you implement a consent banner on your website, you’re responsible for configuring your site to prevent these scripts from loading until consent is obtained.

What cookies are used when using our lead generation features?

Chatbot and Web Forms protection

Both Chatbot and embedded Web Forms load a single Cloudflare cookie: __cf_bm. This helps to identify and mitigate automated traffic and protect our infrastructure.

This cookie is attached to Pipedrive’s domain.

Web Forms reCAPTCHA

When creating new Web Forms or editing existing ones, you can choose whether the form is spam-protected or not.

When spam protection is enabled for Web Forms, we use Google reCAPTCHA, which adds a _GRECAPTCHA cookie to provide risk analysis.

Web Visitors

When adding a tracking script to your website to collect visitor information, Dealfront sets _lfa and _lfa_expiry cookie to track all website visits. In addition, Pipedrive recommends configuring Dealfront’s built-in consent manager for Web Visitors. When configured, it creates the _lfa_consent cookie to record visitor consent choices.

The visitor might also see traces of the _lfa_test_cookie_stored, as it’s used to check if cookies are enabled or not.

Chatbot and Web Forms event tracking

To provide you with engagement statistics for Chatbot and Web Forms on the feature dashboard and allow troubleshooting from our end, certain events and end users’ engagement with those features are tracked via a tracking script.

When doing so, the tracking script collects the following information: webformId, embedded (true/false), URL and type of interaction (viewed/interacted).

No information about the end user or their device is collected, except for user agent which is, however, not used by us in any way, whether to identify end users or otherwise.

We also use the features’ engagement information for our own analytical purposes. Nonetheless, we do so only in aggregate form and not in a manner that would identify any end users.

The tracking script is always used with the Chatbot and Web Form features.

End users can block JavaScript and tracking in most browsers. That said, the Chatbot and Web Form features can’t be used in such cases.