How PicPay Made Strict Compliance an Inline Feature of Frictionless Access

About PicPay

A Leader in Banking, FinTech, and Digital Commerce

 PicPay, founded in 2012, is a leading Brazilian fintech company that has grown from a digital wallet into a full-service financial platform with over 60 million users. Today, PicPay innovates like a tech company, but with the scale and reliability of a traditional financial institution. Their app hosts a broad range of data-driven services designed to improve the experiences of their customers. With thousands of resources spread across dozens of business units, their data is both an incredible platform to innovate with and their primary liability.

The PicPay Challenge

Effortless Compliance and Democratized Access to Optimize Operations

PicPay adheres to strict security standards and least privilege access controls to maintain compliance and minimize risk. However, this rigorous approach introduced bottlenecks when developers needed timely access to databases. As the company scaled and both headcount and infrastructure expanded, the burden of provisioning access fell disproportionately on a small group of Database Administrators (DBAs). Rather than focusing on strategic architecture and system design, DBAs were pulled into repetitive tasks, like manually writing access policies and running queries for teams without direct access.

  • Regulatory Assurance. PicPay needed a secure access solution that could enforce centralized control, provide complete audit trails, and guarantee that the actions taken in their databases matched approved change documents, which is crucial to remaining compliant with financial regulation.
  • Developer Velocity Without Risk. To accelerate development while maintaining security, PicPay turned to hoop.dev’s Zero-Config Data Masking. This feature neutralizes sensitive data exposure, allowing for safe, automated read-access sessions that eliminate delays while preserving compliance.
  • Eliminating Operational Toil. PicPay sought to reduce the operational load on DBAs, who were spending valuable time running scripts for less technical teams. hoop.dev enabled safe, self-service access so DBAs could focus on long-term infrastructure design and optimization.

The hoop.dev Solution

Protect Sensitive Data. Automate Access. Block Dangerous Actions.

hoop.dev is the only access proxy for linux and databases that unblocks the organizational congestion caused by the growing pressures of regulatory requirements, security provisioning, data and resource accumulation, and workforce expansion, so teams can innovate faster and more securely. By masking the data at the protocol level, hoop.dev can safely democratize read-only access, automating self-service and reducing the permissioning load on DBAs by 50% while increasing developer velocity. By reducing write-permissions to a single command, hoop.dev ensures continuity from every change document issued to the actions implemented, streamlining a crucial step to compliance and reducing the overhead on DBAs and compliance teams. Lastly, Finally, hoop.dev’s templated ‘runbooks’ deliver ready-to-execute code, minimizing ad-hoc scripting and empowering less technical teams to query data safely, without relying on DBA intervention, which saves DBAs from hours of cumulative context switching by enabling with “just one click.”

By implementing hoop.dev, PicPay found a secure, scalable solution that aligned with both their compliance obligations and their growth ambitions. hoop.dev not only reduced the operational burden on DBAs but also unlocked faster, safer access to data across the organization.

Developers now move with greater autonomy, regulatory requirements are met with confidence, and DBAs are freed from context-switching to focus on high-impact architectural work. One DBA, when interviewed, said his time spent running scripts for other teams had reduced by 93.7%. He also specified that all read-requests has been automated, making access nearly instantaneous.

As both a bank and a fintech platform, PicPay operates under some of the world’s strictest regulatory standards—conditions that would typically hinder innovation. But with hoop.dev’s secure access gateway and built-in compliance capabilities, PicPay is able to accelerate progress in fintech, banking, and e-commerce, without ever compromising on security.