Security

Count on Pipefy to keep your data protected

Pipefy keeps your organization and personal data safe while you build automated and efficient workflows. Improve your processes with confidence on our secure platform.

Key Features

Product Security

SSO & 2FA

Use Auth0 Single Sign-on (SSO) to authenticate users without requiring additional login credentials. If you are using password-based authentication, Pipefy also allows you to turn on 2-factor authentication (2FA).

Password Complexity and MFA

Pipefy requires password complexity, following market standards. We also protect credentials using a high cryptographic solution.

Uptime

Pipefy has a 99.9% or higher uptime, which shows our product’s high availability.

Permissions

Set permission levels to high or low privileges, managing what each user can see, edit or change inside your organization’s environment using flexible role profiles. Use your Identity and Access Management or Active Directory tool to manage all company users from a centralized application.

Network & Application Security

Storage and Data Hosting

Pipefy hosts services and data in Amazon Web Services (AWS) facilities (us-east-1) in the USA.

Disaster Recovery (DR) and Fail Over

Pipefy has a disaster recovery plan for high availability. All infrastructure and data are spread across 3 AWS availability zones and will continue to work without issue if any one of those data centers fails.

Back-Ups and Monitoring

Pipefy produces audit logs for all activity on the platform, using LogFy for analysis and S3 for archival purposes. We have active monitoring and backups in place to recover the information if anything happens within our environment.

Encryption

All data within Pipefy is encrypted in transit and at rest using 256-bit encryption, which provides a better and more secure service.

Permissions and Authentication

Access to customer data is limited to authorized employees only. We ensure Pipefy’s environment is protected by having Single Sign-on (SSO), Multi-Factor Authentication (MFA), and strong password policies on our code repository, our email provider, and AWS. Pipefy’s platform, developers’ site, and help site are delivered 100% onto HTTPS.

Pentest and Vulnerability Scanning

Pipefy uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised on these scans, when applicable, and performs regular penetration tests on the application and infrastructure. 

Incident Response

Pipefy has a protocol for handling security events which includes escalation procedures, rapid mitigation, and postmortem. All employees are informed of our policies.

Additional Security Features

Training

All employees complete Security and Awareness training annually. The engineering team constantly goes through security development training.

Policies

Pipefy has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Check out the Pipefy Integrated Management System Policy.

Confidentiality

We respect your data and information, all of our employees sign confidentiality agreements.

pipefyawsqualifiedsoftware1.png
ISO27018
ISO27701

Questions?

Contact us with questions, compliance inquiries, or to report security vulnerabilities

Abuse Prevention

Pipefy has a strict anti-abuse policy. We don’t allow spam and don’t want you to feel harmed by someone using our system.

 

If you have been spammed or abused in any way as a result of using Pipefy, please contact our team through our anti-abuse form. Pipefy’s Security team will be pleased to investigate and solve the issue. Our mission is to keep you and your data secure.

 

Learn more about our Privacy Policy.