Compliance and security are our number one priorities
As a company focused on your data security, Pipefy complies with Information Security best practices to make sure all of our environments are secure. We ensure a safe and secure solution by having a dedicated security team, constant security training, and regular internal and external audits. Contact our compliance team to learn more about Pipefy's certifications and compliance atestations; and our security team for technical consultations.
Security and Legal Content
SSO & 2FA
Use Auth0 Single Sign-on (SSO) to authenticate users without requiring additional login credentials. If you are using password-based authentication, Pipefy also allows you to turn on 2-factor authentication (2FA).
Password Complexity and MFA
Pipefy requires password complexity, following market standards. We also protect credentials using a high cryptographic solution.
Set permission levels to high or low privileges, managing what each user can see, edit or change inside your organization’s environment using flexible role profiles. Use your Identity and Access Management or Active Directory tool to manage all company users from a centralized application.
Network & Application Security
Storage and Data Hosting
Pipefy hosts services and data in Amazon Web Services (AWS) facilities (us-east-1) in the USA.
Disaster Recovery (DR) and Fail Over
Pipefy has a disaster recovery plan for high availability. All infrastructure and data are spread across 3 AWS availability zones and will continue to work without issue if any one of those data centers fails.
Back-Ups and Monitoring
Pipefy produces audit logs for all activity on the platform, using DataDog for analysis and S3 for archival purposes. We have active monitoring and backups in place to recover the information if anything happens within our environment.
All data within Pipefy is encrypted in transit and at rest using 256-bit encryption, which provides a better and more secure service.
Permissions and Authentication
Access to customer data is limited to authorized employees only. We ensure Pipefy’s environment is protected by having Single Sign-on (SSO), Multi-Factor Authentication (MFA), and strong password policies on our code repository, our email provider, and AWS. Pipefy’s platform, developers’ site, and help site are delivered 100% onto HTTPS.
Pentest and Vulnerability Scanning
Pipefy uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised on these scans, when applicable, and performs regular penetration tests on the application and infrastructure.
Pipefy has a protocol for handling security events which includes escalation procedures, rapid mitigation, and postmortem. All employees are informed of our policies.
Additional Security Features
All employees complete Security and Awareness training annually. The engineering team constantly goes through security development training.
Pipefy has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
We respect your data and information, all of our employees sign confidentiality agreements.
Bug Bounty Program
No technology is perfect.
Pipefy's security team believes that working with skilled researchers worldwide is crucial in identifying weaknesses in any technology. If you think you've found a security issue in our product or service, we encourage you to notify us.
We welcome working with you to resolve the issue promptly.Submit Vulnerability Report Talk to Security Team
Pipefy has a strict anti-abuse policy. We don’t allow spam and don’t want you to feel harmed by someone using our system.
If you have been spammed or abused in any way as a result of using Pipefy, please contact our team through our anti-abuse form. Pipefy’s Security team will be pleased to investigate and solve the issue. Our mission is to keep you and your data secure.