Information We Collect and Use
Pipefy uses information we collect to operate, maintain and provide you the features and functionality of the Service, to analyze how the Service is used, diagnose service or technical problems, maintain security, personalize content, remember information to help you efficiently access your account, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track Content and users as necessary to comply with the Digital Millennium Copyright Act and other applicable laws.
Information You Provide: You provide us information about yourself, such as your name and e-mail address, if you register for an account with the Service, including by connecting with the Service via a third-party service, or by “following,” “becoming a fan,” adding the Pipefy application, etc., on a third party website or network. Your name, email address and other information you choose to provide on the Service will be viewable and discoverable by other users, in accordance with your settings on the Service. We may use your email address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail). We may also use your contact information to send you marketing messages. If you don’t want to receive these messages, you can opt out by following the instructions in the message. If you correspond with us by email, we may retain the content of your email messages, your email address and our responses. If you choose to use our invitation service to invite a friend to the Service, we will ask you for that person’s email address and automatically send an email invitation. Pipefy stores this information to send this email, to register your friend if your invitation is accepted, and to track the success of our invitation service.
Content: You also provide us non personal information in Content you post to the Service. Your Content and metadata about your Content may be viewed by other users in accordance with your settings on the Service. Pipefy can, but has no obligation, to monitor your Content you post on the Service. We can remove any information you post for any reason or no reason. Unless Content is made viewable in accordance with your settings on the Service, Pipefy and Pipefy employees will not view your Content except: (i) to maintain, provide or improve the Service; (ii) to help you and resolve your support requests; or (iii) as Pipefy believes, in its sole opinion, is necessary to comply with or avoid the violation of applicable law or regulation or to cooperate with law enforcement.
Cookies: When you use the Service, we may send one or more “cookies” – a small data file – to your computer to uniquely identify your browser and let Pipefy help you log in faster and enhance your navigation through the site. A cookie may convey anonymous information about how you browse the Service to us. A persistent cookie remains on your hard drive after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.
Log Files: When you use the Service, our servers automatically record certain information sent by your web browser. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, mobile carrier, and other such information.
Clear Gifs Information: When you use the Service, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and make Pipefy better for our users.
Geo-Location Information: When you use the Service by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey information about how you browse the Service to us. Location data does not collect or share any personally identifiable information about you. Location data may be used in conjunction with personally identifiable information. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.
Device Identifiers: When you access the Service by or through a mobile device, we may access, collect, monitor and/or remotely store one or more “device identifiers.” Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device and are used to enhance the Service. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information about how you use the Service to us. A device identifier does not collect or share any personally identifiable information about you. A device identifier may be used in conjunction with personally identifiable information. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Service may not function properly if use or availability of device identifiers are impaired or disabled. Pipefy may access, collect and/or store device identifiers upon enabling Pipefy’s Services.
How We Share Your Information
Your Use: We will display your Personal Information in your profile page and elsewhere on the Service according to the preferences you set in your account. Any information you choose to provide should reflect how much you want others to know about you. Please consider carefully what information you disclose in your profile page and your desired level of anonymity. You can review and revise your profile information at any time. We may also share or disclose your information with your consent, for example, if you use a third party application to access your account (see below).
Service Providers, Business Partners, and Others: Pipefy may (i) share your contact information with our trusted business partners, who may reach out to you regarding products or services that may be relevant to you; and (ii) share your personally identifiable information with other third parties for the purpose of providing the Service to you. If we do this, such business partners and other third parties will be bound by obligations to keep your information confidential. We may also store personal information in locations outside the direct control of Pipefy (for instance, on servers or databases co-located with hosting providers).
Business Transfers: As we develop our business, we may buy or sell assets or business offerings. Customers, email, and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer or assign such information in the course of corporate divestitures, mergers, or dissolution.
Compliance with Laws and Law Enforcement Requests and Protection of Pipefy’s Rights: Pipefy may disclose your personal information if required to do so by law or subpoena or if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Pipefy’s rights or property.
Non-Personally Identifiable Information: We may disclose your non-private, aggregated, or otherwise non-personally identifiable information, such as anonymous usage data, platform types, etc., with interested third parties to help them understand the usage patterns for certain Pipefy Services.
How We Protect Your Information
The security of your information is important to us. When you enter sensitive information (such as a credit card number) as part of our service, we encrypt the transmission of that information using secure socket layer technology (SSL).
Pipefy uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information, once we receive it. For example, we continuously and regularly back up your data to help prevent data loss and aid in data recovery. We also guard against common web attack vectors, host data in secure SAS 70 audited data centers, and implement firewalls and access restrictions on our servers to secure our network and better protect your information. No method of electronic transmission of storage is 100% secure, however, and we cannot ensure or warrant the absolute security of any information you transmit or store in the Service.
Your Choices About Your Information
You have the right to:
- Request an accounting of all personal information that we possess that pertains to you in an electronically portable format (e.g., electronic copies of information attached to an email).
- Request that we change any personal information that pertains to you.
- Request that we delete any personal information that pertains to you.
To request an accounting of your personal information, a change to your personal information, or deletion of your personal information, please contact us at [email protected].
If you have a complaint about our use or processing of your personal information, you have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here.
In order to comply with the Brazilian LGPD law, we have the channel for assistance by our Data Protection Officer who will respond within the legal timeframe informed by law. Data Protection Officer contact: [email protected]
Right to withdraw consent
In case you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact us at [email protected].
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In case we processed your Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such marketing purposes.
Pipefy Blog & Community
Our Service offers publicly accessible community services including blogs, and forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account.
We offer the service in several geographic regions. We define a geographical region as the location where a user is located.
Users Within the United States
For users within the United States, we process data in data centers located in the United States. We have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession. We comply with state and federal laws governing the protection of personal information.
Users Within the European Union
For users within the European Union, we transfer data from the European Union to data centers located in the United States for processing. Such processing is performed in accordance with Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, known as the General Data Protection Regulation (“GDPR”). This includes the imposition of required safeguards with respect to accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of data. Transfers of European Union user data to processors in the United States are made in accordance with the Standard Contractual Clauses applicable pursuant to the GDPR.
Users in Other Regions
For users not within the United States or the European Union, we transfer data from such regions to the United States for processing. For such users, we have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession that substantially mirror protections available to users located within the United States.
Grounds for using your personal information
We rely on the following legal grounds to process your personal information, namely:
Retention and Deletion
We will only retain your personal information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case it is no longer personal data.
It is our policy to retain personal information for up to 6 months once such personal information is no longer necessary to deliver the Service and to delete such personal information thereafter. This means that, if you close your account with us, we will delete personal information associated with your account after no more than 6 months.
Regarding other types of information we collect as described in this policy (Cookies, Log Files, Geo-Location Information, Device Identifiers), it is our policy to retain such personal information for up to 6 months and to delete such personal information thereafter.
Links to Other Web Sites
Pipefy is based in the United States at 717 Market St Suite 400 – San Francisco, CA 94103.
Users in the United States and regions other than the EU can contact us at the above address.
The Company has appointed as its representative pursuant to article 27 of the GDPR the French law firm Foley Hoag AARPI, Avocats au Barreau de Paris, 153 rue du Faubourg Saint Honoré, 75008 Paris, France.
The Company has appointed as its representative pursuant to LGPD Lei Geral de Proteção de dados Lei: 13709 from August 14th 2018 the Brazilian law firm Opice Blum, Bruno, and Abrusio Vainzof Lawyers, Alameda Joaquim Eugênio de Lima, 680 – 1º andar – Jardim Paulista, São Paulo – SP, 01403-001.
Last updated: May 19, 2020.