Terms and Conditions

Master Subscription Agreement (MSA)

This Agreement (this “Agreement”) is made by and between Pipefy, Inc., a Delaware corporation, with commercial address at San Francisco, CA, at 548 Market St, PMB 96462, USA, (“PIPEFY”) and You ("CUSTOMER").

*          Please read this Agreement and its Annexes carefully!

*          It will govern your access and license of use of PIPEFY Technology and the terms and use of services available at Pipefy’s online platform.

*          By creating a virtual account at Pipefy’s online platform, accessing and/or using Pipefy’s Services, you also agree to this Agreement.

*          If you do not agree to this Agreement and its Annexes, you may not create a virtual account on, access or use, the Service.

*          If  you are accepting this Agreement and its Annexes on your behalf or on behalf of a Company or other legal entity that you represent, so you warrant that: (i) you a majority age under the law; (ii) you have full legal authority to bind your employer or such entity to this Terms of Service; (iii) you have read and understand this Terms or Service; and (iii) you agree to this Terms of Service on your behalf or on behalf of the party you may represent.

SECTION 1

Subscription e Use of Pipefy Services

1.1       Subscriptions.  Unless otherwise provided in this Agreement or Order Form (Annex IV):

(a)       the rights of use and access to the Purchased Services are acquired as subscriptions, as long as the Virtual Account is active, or for the time period determined in the Order Form;

(b)       new subscriptions may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added; and

(c)        any added subscriptions will terminate on the same date as the underlying subscriptions.

1.2       Add-Ons. Use and Purchase. PIPEFY may develop Add-Ons and as they become available, they will be eligible for purchase in any package and may be contracted at any time. In this context, the CUSTOMER may choose to use the available Add-Ons, and declares that it may be charged in additional amounts if the acquisition of such Add-ons is supervenient to the signing of the Order Form or acquisition through the Online Platform, as applicable.

1.2.1    Notwithstanding the foregoing, PIPEFY may allow CUSTOMER to use Add-Ons on a test basis, without paying any additional fees, for up to thirty days (as per the “Beta Services” section), or as expressly agreed between the parties.

1.3       Usage Compliance. CUSTOMER declares and compromises to not:

(a)       make any access available or use any Service for the benefit of, anyone other than the CUSTOMER or your Users;

(b)       sell, resell, license, sublicense, distribute, rent or lease any Service, as well as offer any Service within the sphere of a service bureau or outsourcing offering;

(c)        use the Services to store or transmit slanderous content, illegal or unlawful or to store or transmit material in violation of third-party privacy or intellectual property rights;

(d)       will not finance, fund, sponsor, or in any way use the Purchased Solutions to subsidize the practice of any illegality;

(e)       use the Services to store or transmit Malicious Code;

(f)        interfere with or disrupt the integrity or performance of any tool or third-party data contained therein;

(g)       attempt to gain unauthorized access to any tool or its related systems or networks;

(h)       permit direct or indirect access to or use of any tool in a way that circumvents a contractual usage limit;

(i)         copy the Services or any part, feature, function or user interface thereof, as well as not reproduce, modify, create or prepare works deriving from any Documentation or Pipefy Technology;

(j)         copy the Services except as expressly permitted by PIPEFY;

(k)        frame or mirror any part of any of the Services, other than framing on Your own intranets or otherwise for Your own internal business purposes or as permitted in the Documentation;

(l)         access any Tool in order to build a competitive product or service;

(m)      carry out reverse engineering, reverse assembly or decomplication of any Services, including the Pipefy Technology; or

(n)       will not attempt in any way to extract the source code of any Pipefy Technology or to misuse Pipefy's Intellectual Property, whether registered or not.

SECTION 2

RESPONSIBILITIES

2.1.       Availability of Purchased Services. Upon the acceptance of our terms in this Agreement or Order Form (prevailing what happens earlier), PIPEFY will:

  1. a) make the Purchased Services available to the CUSTOMER pursuant to this Agreement and the respective Order Form
  2. b) provide the CUSTOMER with standard support or if otherwise agreed with the support provided for in Annex II (SLA), in relation to the Purchased Solutions, at no additional cost;
  3. c) use commercially reasonable efforts to make the online Purchased Services available on-line 24 hours a day, 7 days a week, except for (i) planned downtime, and (ii) any unavailability caused by circumstances beyond reasonable control, including, for example, an act of God, Internet service provider failure or delay, internet connection or Non-Pipefy Applications.

2.1.1 PIPEFY will be responsible for the performance of our employees and contractors and their compliance with our obligations in accordance with this Agreement, except as otherwise specified herein.

2.2       Customer Responsibilities. By your side, CUSTOMER will:

  1. a) be responsible for compliance with this Agreement by the Users,
  2. b) be responsible for the accuracy, quality and legality of your Data and the means by which acquired your Data,
  3. c) use commercially reasonable efforts to prevent unauthorized access to or use of Services, and notify PIPEFY promptly of any such unauthorized access or use,
  4. d) use the Services in accordance with this Agreement and applicable laws and government regulations, and
  5. e) comply with terms of service of Non- Pipefy Applications You use in connection with the Services.

SECTION 3

FEES AND PAYMENT

3.1       Fees. CUSTOMER will pay for all amounts specified in the Order Form and/or Virtual Account, relating to the subscription of the Purchased Solution and any Add-on as applicable.

3.1.1    The amounts charged are based on the quantity of User and Purchased Features, according to the plan and negotiations reflected in the Order Form and / or Virtual Account, regardless of the actual use.

3.1.2    The amounts specified in the Order Form and / or Virtual Account will be paid in US dollars. Credit card, bank or exchange rates, taxes, duties, charges, contributions, launches, obligations or fees and / or government charges of any nature are not included in the charges.

3.1.3    Any request for exclusion of User or reduction of the Features initially Purchased, carried out during the period of the subscription, will give rise to the granting of credit to the CUSTOMER, who may use it in the expansion of new Users or the acquisition of new features.

3.2       Billing and Payment. Billing to the CUSTOMER will occur through Invoice, issued by PIPEFY, or third parties hired to process payments, in the amounts corresponding to the Purchased Solutions to be paid according to the payment method selected by the CUSTOMER in the Order Form or Virtual Account.

3.2.1    The billing and their respective amounts correspond to the information defined in the Order Form or Virtual Account, under the terms of this Agreement.

3.2.2    In order for the respective billing of subscriptions to be processed, the CUSTOMER must provide valid and updated information to PIPEFY.

3.3       Late payment. In case of non-payment on the agreed due date, without prejudice to the applicable legal and judicial measures in view of the CUSTOMER's default, PIPEFY reserves the right to adopt the following administrative measures:

  1. a) Condition future subscription renewals to shorter payment terms than those specified on the website or in the Order Form (as applicable), and/or
  2. b) Disregard the application of any business conditions granted at the time of the subscription;
  3. c) Suspending the access to the CUSTOMER's Purschase Solutions and Virtual Account may be considered disabled, until the defaulted obligation is settled.

3.3.1    Before suspending the access to the Purchased Solutions or deactivating the Virtual Account, PIPEFY will notify the CUSTOMER, at least 5 (five) days in advance, for those who opted for payment by credit card; and 10 (ten) days in advance for those who opted for other payment methods specified in the Order Form or Virtual Account, stating that their account is overdue.

3.3.2    After 30 calendar days of expiration, it is expressly agreed that PIPEFY may use the service of outsourced companies to collect the amount due.

SECTION 4

DATA PROTECTION

4.1       CUSTOMER DATA PROTECTION. The CUSTOMER understands that PIPEFY will collect its data during its use of the Solutions and maintain administrative, physical and technical protections for the security, confidentiality and integrity of CUSTOMER Data, as described in this Agreement, in the Data Protection Annex (Annex II) and Pipefy’s Privacy Policy available at <(https://www.pipefy.com/privacy-policy/)> which may be updated by PIPEFY from time to time and is incorporated herein by reference.

4.2       CUSTOMER data will be used as indicated in the documentation above, aiming the following:

  1. a) to provide the Services;
  2. b) to prevent or address problems of a technical character,
  3. c) improve and upgrade the Services,
  4. d) compliance with the law in accordance with Section 5.2 (Compelled Disclosure) below, or
  5. e) as CUSTOMER expressly permits, including in cases whereby Data will be shared with Non-Pipefy Applications.

4.3       Retention and Deletion of Personal Data. CUSTOMER data will be stored in the PIPEFY’s database even if they were deleted through the application or API, as long as the contract between the parties is valid.  In cases of contractual termination, regardless of the cause, PIPEFY reserves the right to delete the CUSTOMER's Personal Data in up to 180 (one hundred) and eighty days after the termination of the Agreement, or in accordance with the CUSTOMER's instructions.

4.4       Treatment of Personal Data. PIPEFY and CUSTOMER undertake to treat information classified legally as personal data, due to the present  relationship, in compliance with the applicable legislation as provided in Annex II, under penalty of liability for non-compliance with the Agreement, without prejudice to losses and damages, which they have contributed, to the extent of their responsibilities. The processing of personal data will only take place in compliance with the purpose established in this Agreement and according to the terms under Annex III.

4.5       Transfer of Data. The Parties undertake not to transfer and / or share with third parties the personal data processed as a result of this relationship, unless it is an essential requirement for the fulfillment of this Agreement, pursuant to Annex III - Data Protection and PIPEFY's Privacy Policy and Section 4 (four) below, declaring the CUSTOMER that is aware that PIPEFY stores its data on servers located in the United States.

SECTION 5

CONFIDENTIALITY

5.1       Protection of Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind in a manner to:

  1. a) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and
  2. b) limit access to Confidential Information of the Disclosing Party to its employees and employees of its Affiliates and service providers, who are in connection to the performance of this Agreement and who have signed a confidentiality agreement with the Receiving Party.

5.1.1    Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure will remain responsible in compliance to the terms of this Agreement, unless other herein provided by Parties.

5.2       Compelled Disclosure.  The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law, regulation or judicial or administrative order to do so, provided that the Receiving Party promptly notifies the Disclosing Party prior to make such disclosure (unless prohibited by law or disclosure order) in order to facilitate the efforts of the Disclosing Party to protect its Confidential Information. The Receiving Party shall provide reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If in the absence of a protection order or any other remedy, or the receipt of consent by the Disclosing Party, the Receiving Party is compelled by any court, regulatory entity, agency or similar entity to disclose the Disclosing Party’s Confidential Information the Receiving Party can disclose, without any responsibility herein foreseen, the portion of the Confidential Information legally bound to be disclosed and the Receiving Party will endeavor its best efforts to preserve the confidentiality of the remaining Confidential Information.

SECTION 6

PROPRIETARY RIGHTS AND LICENSES

6.1       Reservation of Rights. PIPEFY reserves all the rights, title, and interest relative to the Services, including all Our related intellectual property rights.

6.2       License to Use Pipefy Technology. PIPEFY grants to CUSTOMER a worldwide, non-exclusive license for a determined time, on rights relative to the Pipefy Technology, strictly to use the Purchased Services, subject to the terms of this Agreement and its Annexes.

6.2.1    The Service is made available on a limited access basis, and no ownership right is conveyed to CUSTOMER. PIPEFY has and retains all rights, title and interest, including all intellectual property rights, related to the Services, including all modifications, updates, upgrades, extensions, components and all derivative works to the Service.  All our rights not expressly granted under these Terms of Service are hereby retained to PIPEFY.

6.3       License by CUSTOMER to Host Data and Applications. CUSTOMER authorizes PIPEFY and its Affiliates a license of use, with a limited term for the duration of the contracted subscriptions, to host, copy, transmit and display CUSTOMER Data, including with program codes when created by or for CUSTOMER, as well as for Non-Pipefy Applications, when applicable, as necessary PIPEFY provide access to the Solutions in accordance with this Agreement.

 6.3.1   PIPEFY and its Affiliates may use the Data collected for the purpose of gathering information and anonymous metrics to improve the Services and for other purposes of development, diagnosis and correction in connection with the Services, provided that it is anonymized, without direct link with You.

6.4       License to Use Feedback. CUSTOMER grants PIPEFY and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Services any suggestion, enhancement request, recommendation, correction, or other feedback provided by You or Users relating to the operation of the Services.

6.5       Commercial References.  CUSTOMER authorizes PIPEFY to mention it and, where relevant, use a reproduction of CUSTOMER’s brand or logo as a commercial reference, press releases, case studies, at shows or events, in PIPEFY sales documentation, and on Our Online Platform. If You have any reservations to this concession, just contact PIPEFY through the electronic address available in the section regarding Notices.

SECTION 7

NON-PIPEFY APPLICATIONS AND INTEGRATIONS

7.1       Acquisition of Non-Pipefy Products and Services. Purchased Solutions may contain tools designed to interoperate with Non-Pipefy Applications. In order to use these tools, the CUSTOMER may be required to gain access to the Non-Pipefy Application and may be asked to give PIPEFY access from their Non-Pipefy Application account(s) to ensure the smooth functioning of the integration. Any purchase by the CUSTOMER of Non-Pipefy products, Solutions or services and any exchange of data between the CUSTOMER and any Non-Pipefy Applications is the sole responsibility of the CUSTOMER and PIPEFY will have no participation or interference in the relationship between the CUSTOMER and the Non-Pipefy application in question.

7.1.1    PIPEFY does not warrant or provide support in relation to Non-Pipefy Applications, or other Non-Pipefy products or services, whether or not designated by the CUSTOMER as "certified" or otherwise, unless otherwise expressly specified in the documentation that formalizes the acquisition of the Acquired Solutions.

7.1.2    If the CUSTOMER installs or enables a Non-Pipefy Application for use in conjunction with the Services, the CUSTOMER undertakes to recognize, accept and comply with the applicable terms and conditions and the privacy policy of the Non-Pipefy Application in the exact extent of your use of such Non-Pipefy Application.

7.2       Non-Pipefy Applications and Customer Data. In accordance with and under the terms in the Privacy Policy, if CUSTOMER installs or enables a Non-Pipefy Application for use together with the Services, CUSTOMER is aware and agree that the provider of that Non-Pipefy Application may access its Data as required for the interoperation of that Non-Pipefy Application with the Services. Within this context, PIPEFY is not responsible for any incident, disclosure, modification or deletion of Data resulting from access by a Non-Pipefy Application.

SECTION 8

WARRANTIES OF PURCHASED SOLUTIONS, FUTURE FEATURES AND BETA SOLUTIONS

8.1       Warranties. PIPEFY warrants that:

  1. a) this Agreement accurately describes the applicable administrative, physical and technical safeguards for the protection of the security, confidentiality and integrity of the CUSTOMER's Data;
  2. b) will not materially decrease the overall security of the Purchased Services during the subscription term;
  3. c) the Purchased Services will perform materially in compliance with the applicable law and this Agreement;
  4. d) will not materially decrease the functionality of the Purchased Services during the subscription term, and (e) the Purchased Services will not introduce Malicious Code into CUSTOMER’s systems.

8.2       Future Features.  Except as otherwise set forth in this Agreement, the CUSTOMER understands and agrees that the service is provided “AS IS” and “AS AVAILABLE”, without express or implied warranty or condition of any kind. CUSTOMER agrees that its subscription and acquisition of the Purchased Solutions are not subject to any expectations related to:

  1. a) delivery of any future Features that are related to the Purchased Solutions, or
  2. b) to any public comment, oral or written, made by PIPEFY about possible functionality or characteristics to be developed.

SECTION 9

TERM AND RENEWAL

9.1       Term of Agreement. This Agreement shall commence on the date the CUSTOMER accepts the terms of this Agreement or sends PIPEFY a copy of the signed Order Form, prevailing what happens earlier and will remain in force until all the subscriptions under this Agreement have expired or are terminated.

9.2       Subscription renewal. The term of each subscription shall be as specified in the Virtual Account and/or in the Order FORM, as applicable. Except as otherwise specified, the subscriptions will automatically renew for additional periods equal to the expiring subscription term or for one year (whichever is shorter), unless the CUSTOMER gives the other notice of non-renewal at least 30 days before the end of the relevant subscription term.

9.2.1    PIPEFY may, at any time, exercise its self-management and in view of free initiative and competition, review its Purchased Solutions pricing.

9.2.2    Any price change will be previously communicated to CUSTOMER, in writing, at least 30 (thirty) days in advance, taking effect at the beginning of the next subscription period. You accept the changes by continuing to use the Purchased Solutions. Price changes are accepted if the CUSTOMER continues to use the Purchased Solutions, under the new terms and conditions.

9.2.3    CUSTOMER is entitled to reject the change by canceling the subscription before the end of the referred term, under the terms set out in clause 10.1 (termination).

9.2.4    Upon renewal, the price charged will be consistent with the current reality of the price list published on the PIPEFY website, unless expressly agreed by the Parties differently under special conditions.

9.2.5    Any renewal that results in a decrease in functionality, number of users, or duration of subscription to Purchased Solutions in relation to the previous period, will result in a re-evaluation of the price.

SECTION 10

TERMINATION AND REIMBURSEMENT

10.1     Termination by CUSTOMER. The CUSTOMER may terminate this Agreement, without cause, upon prior written notice of at least 30 (thirty) days to PIPEFY, under the terms of section 12.9.

10.1.1  In case of termination without cause under the above terms, the COSTUMER will not be entitled to reimbursement of any prepaid fees and will remain obliged to comply with the outstanding payment obligations, under the terms provided in the Virtual Account or in the Order Form.

10.2     Termination by both Parties. Any Either Party may terminate this Agreement, by operation of law, without previous notice, in the following cases:

(i)         if a material breach of this Agreement is not remedied, within the period granted to remedy it, when subject to remediation; 

(ii)        if one of the Parties becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation; and

(iii)       in case of criminal conviction by a competent court.

10.2.1  In case of termination by the CUSTOMER in accordance with item 10.2 above, PIPEFY will refund any prepaid fees, referring to the period between the effective termination and the Order Forms.

10.2.2  If the termination is given by PIPEFY, pursuant to item 10.2 above, the CUSTOMER will not be entitled to a refund, and will still be responsible for the payment of any fees for the remainder of the term of all Order Forms.

10.2.3  In the case of item 10.2, (i), PIPEFY shall, without prejudice to other measures that may be taken, choose to suspend the use of the Services or disable any Virtual Account or User access, and may also remove any content that it considers inappropriate or infringes the rights of third parties.

10.2.3.1           In this case, PIPEFY will notify the CUSTOMER prior to such suspension or deactivation in accordance with item 12.9 (Notice), unless it is prohibited to notify under applicable law or due to legal process, such as orders, warrants or any similar action brought by a court or governmental administrative agency.

10.3     In no event of termination provided herein, CUSTOMER will be relieved of your obligation to pay any fees to PIPEFY related to the period prior to the effective date of termination.

SECTION 11

LIABILITIES

11.1     Responsibility for the use of the Solutions. CUSTOMER assumes full responsibility for defining access levels for your employees who will appear as Users of the Purchased Solutions, whether they are employees, agents or any third parties whose access to the Purchased Solutions is provided by CUSTOMER. PIPEFY joint or sole liability won't be argued for any losses and damages (personal, material and/or moral) that may be suffered by third parties, due to the breach of CUSTOMER responsibilities in the faithful use of the Solutions or for any illegalities committed by the Users in the use of the Purchased Solutions.

11.1.1  PIPEFY shall not be held liable for damages caused by the COSTUMER to third parties due to failure to comply with any obligations provided for in this Agreement, in particular those provided in this clause 11.2 and in clause 1.4 (Usage Compliance), as well the Annex II.

11.2     Limitation of Liability. The Parties agree that the liability for direct damages, damages arising out or related to this Agreement may not exceed the amount paid by the COSTUMER in the last 12 months prior to the harmful event, except in cases of serious neglect or intentional misconduct.

11.2.1  The above limitations will apply whether an action is in Contract or tort and regardless of the theory of liability.  However, the above limitations do not apply to obligations of:

(i)         CUSTOMER’S payment under Section 3 e/ou

(ii)        to any violation or misappropriation by the CUSTOMER or User to any of PIPEFY’S Intellectual Property Rights.

11.3     Exclusion of Consequential and Related Damages.  In no event shall either Party have any liability to the Other Party for any indirect, special, incidental, collateral, consequential, punitive or coverage damages, including, but not limited to loss of profits or revenue arising from non compliance with obligations under this Agreement or torts regardless of the theory of liability, even if one of the Parties has advised the other of the possibility of such damages.

11.3.1  The disclaimer provided for in the foregoing clause will not apply to the extent prohibited by law.

SECTION 12

INDEMNIFICATION

12.1.       Indemnification by PIPEFY. PIPEFY agrees to defend the CUSTOMER for all third-party claims arising from an allegation that the use of the CUSTOMER Purchased Solutions infringes the intellectual property rights of a third-party. In this case, as and if carried out as permitted in this Agreement, PIPEFY will indemnify the CUSTOMER for damages, reasonable attorneys' fees and duly substantiated costs incurred by CUSTOMER as a result of a claim filed by a third-party against CUSTOMER.

12.2       Indemnification by CUSTOMER. CUSTOMER agrees to defend PIPEFY for all third-party claims arising from CUSTOMER violation from the Clauses 2.2, 6.2 and 6.2.1, as well as the Data Protection Annex (Annex II) of this Agreement, and indemnify PIPEFY from any damages, reasonable attorneys' fees and duly substantiated costs incurred by PIPEFY as a result of a claim filed by third-party against PIPEFY.

12.3       Requirements for Indemnification. In order to validaty the indemnification obligations hereunder apply, the Party seeking indemnification must: (1) promptly tender a claim for indemnification, (2) allow the indemnifying party sole control of the defense or settlement of the underlying claim, and (3) reasonably assist with any defense or settlement of the underlying claim at the indemnifying party’s request and expense.

SECTION 13

GENERAL PROVISIONS

13.1       Surviving Provisions. The Sections titled “Fees and Payment” “Proprietary Rights and Licenses,” “Confidentiality” and “Liability” will survive any termination or expiration of this Agreement.

13.2       Fighting Corruption and Money Laundering. Within the limits of the objective of the present relationship, both Parties, including on behalf of Our employees, members, representatives, directors and third parties, as well as Our partners who will act on Our behalf, to conduct Our business practices, during the performance of this contract, ethically and in accordance with the applicable legal precepts, not giving, offering, paying, promising to pay, or authorizing the payment of, directly or indirectly, any money or anything of value to any governmental authority, consultants , representatives, partners, or any third party, for the purpose of influencing any act or decision by the agent or the government, or to secure any undue advantage.

13.3       Compliance. Both Parties expressly declare to have full knowledge and commit to faithful observance of the legal provisions related to preventing and combating activities related to crimes of money laundering or concealment of assets.

13.4       Entire Agreement. This Agreement and its Order Form constitute the entire agreement between CUSTOMER and PIPEFY and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. The parties may modify this Agreement by means of a written instrument signed by both parties, reserved to Us the right to modify this Agreement under the terms of clause 12.9, when updating it and publishing it on Our website.

13.5       Interpretation and Order of Precedence. The Parties agree that any term or condition stated in any document other than this Agreement or in the corresponding Order Form is a provision null or ineffective.  In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form, (2) this Agreement, and (3) the Documentation.

13.6       Conflict resolution. The Parties agree to seek out-of-court settlement of any dispute originating from this Contract, including regarding its interpretation or execution, and the Party that feels prejudiced will notify the counterparty of the conflict, under the terms informed by clause 13.9 ("Notices"), requesting the fulfillment of the obligation not fulfilled or fulfilled in an irregular or incomplete manner. If the indicated conflict is not resolved within 30 (thirty) days, counted from the date of receipt of the notification, the Party evidently harmed may only then seek the judicialization of the controversy by notifying the counterparty about this decision. 

13.7       Arbitration. All disputes arising out of or relating to this Agreement shall be resolved exclusively by binding arbitration before a single arbitrator (the “Arbitrator”) in accordance with the Commercial Arbitration Rules of the American Arbitration Association (the “AAA”) then in effect and the further procedures set forth herein. For information on the AAA and its rules, see www.adr.org. The arbitration shall be governed by the Federal Arbitration Act, 9 U.S.C. §§ 2 et seq., and the laws of the State of California without reference to principles of conflicts of laws.

13.7.1 Arbitration Procedure. The arbitration shall be conducted in the State of California, city of San Francisco. In the event that the AAA is unavailable or unwilling to administer the arbitration, and the parties are unable to agree to a substitute, a substitute shall be appointed by the arbitration court. The Arbitrator shall have the authority to issue any and all remedies authorized by law. Each Party shall bear its own expenses and an equal share of the expenses of the mediator or arbitrator and the fees of the AAA. The Parties, their representatives, other participants and the arbitrator shall hold the existence, content and result of the dispute resolution process in confidence. All defenses based on passage of time shall be tolled pending the termination of arbitration. Nothing in this paragraph will be construed to preclude either Party from seeking injunctive relief in order to protect its rights pending an outcome in arbitration. A request by a party to a court for such injunctive relief shall not be deemed a waiver of the obligation to arbitrate.

Notwithstanding any rules of the AAA to the contrary, any claims shall be adjudicated on an individual basis only, and YOU HEREBY WAIVE TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR ANY OTHER LOAN DOCUMENT OR THE TRANSACTIONS CONTEMPLATED HEREBY OR THEREBY (WHETHER BASED ON CONTRACT, TORT OR ANY OTHER THEORY). YOU ALSO WAIVE ANY RIGHT TO BRING ANY CLAIM AS A REPRESENTATIVE OF A PROPOSED CLASS, ON AN AGGREGATED OR MASS BASIS, OR AS A PRIVATE ATTORNEY GENERAL, OR TO CONSOLIDATE ARBITRATION PROCEEDINGS WITHOUT THE CONSENT OF ALL PARTIES THERETO.

13.8       Choice of Law and Jurisdiction. This Agreement shall be governed by and enforced in accordance with the Laws of the State of California, United States of America, without regard the choice or conflicts of law rules. To the extent Arbitration is not enforceable under the applicable law of the Customer's region, each party agrees to submit to the exclusive jurisdiction of the Courts sitting in San Francisco, California, for the purpose of enforcing any claim arising under this agreement. Notwithstanding this, Pipefy may bring proceedings in any other court having jurisdiction where Customer is resident or does business from time to time in order to protect Pipefy’s Intellectual Property Rights.

13.9       Notices.  PIPEFY may notify CUSTOMER of general information about the use of the Services through the email registered by the CUSTOMER in the Virtual Account. It is the CUSTOMER's responsibility to keep his/her contact details updated in the Virtual Account. Unless otherwise provided for in this Agreement, all notices, permissions and approvals in this Agreement must be in writing and will be deemed to have been delivered on the first business day after sending an email to the email address registered by the CUSTOMER as an administrator of the Virtual Account, or in the case of PIPEFY, to the email address [email protected]

13.8.1 Billing related notices shall be addressed to the relevant billing contact designated by CUSTOMER.

13.10       Assignment.  Except for the provision made on clause 3.3.2, neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent; provided, however, either party may assign this Agreement in its entirety (including all Order Forms/ Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.

13.11       Relationship of the Parties. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

13.12       Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.

13.13       Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

13.14       Changes to the Terms of Use. The terms and conditions of use of the Purchased Solutions may be amended from time to time by PIPEFY to reflect the development of the Purchased Solutions, as upgrades and enhancements, which will become effective immediately upon their publication. The CUSTOMER will be notified 30 (thirty) days in advance of the changes that will affect its rights and obligations previously agreed hereunder, given that such modifications will only apply to the CUSTOMER from the next subscription renewal.

13.15       Signatures. The parties state and agree that this instrument can be signed by digital and/or electronic means proven to be suitable. Therefore, they recognize that the contracting will also constitute an extrajudicial enforcement order for all legal purposes.

IN WITNESS WHEREOF, the parties have caused this Agreement to be executed by their duly authorized officers or agents.

PIPEFY INC.

DEFINITIONS

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

 

“Non-Pipefy Applications” means a Web-based or other hosted software application, or offline software application, that is not Pipefy Technology.

 

“Add-Ons” means add-ons, features or additional features related to the Service (“Add-Ons”), which PIPEFY may offer to the CUSTOMER for additional fees, as described on the Site, at which point they will become part of the “Purchased Solutions”

 

“API” is a set of programming routines and patterns for accessing a software application or web-based platform. The acronym API refers to the term in English “Application Programming Interface” which means in Portuguese translation “Programming Interface Applications”.

 

“Beta Services” means Our services that are not generally available to  CUSTOMER.

 

“Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information includes Your Data; Our Confidential Information includes the Services and Confidential Information of each party includes the terms and conditions of this Agreement, the Virtual Account and all the Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party.

 

Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

 

“Documentation” means Our online user guides, documentation, and help and training materials, as updated from time to time.

 

“Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses.

 

“Agreement” means this Master Subscription Agreement and its annexes.

 

“Features” means the functions of the Pipefy technology software, which determine what the system can do.

 

“Invoice” means the document issued by PIPEFY, which may be in electronic form, through which the Services are charged to the CUSTOMER

 

“Order Form” means an ordering document specifying the Services to be provided hereunder that is entered into between CUSTOMER and PIPEFY or any of Our Affiliates, including any addenda and supplements thereto. It is the proper document to specify information regarding the number of licenses acquired, the pricing obligation, hired plan, discounts if applicable). By entering into an Order Form hereunder, the CUSTOMER or CUSTOMER’S Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.

 

“Online Platform” means the virtual environment made available at the website app.pipefy.com through which the User, after creating the Virtual Account, can acquire the Solutions and later access the Purchased Solutions.

 

“Privacy Policy” means the policy which regulates Our privacy practices and rules,  while using data on our Online Platform and providing our Purchased Solutions, made available at the following link: https://www.pipefy.com/privacy-policy/.

 

We respect and protect the privacy of visitors on our website and our customers who use our tools, mobile applications and related services (the “Service”). This Privacy Policy has legally binding content for both parties as of the acceptance of the current. Privacy Police is the proper place to obtain information on how we collect, use, disclose and protect visitors’ and customers’ information as part of the Services. Any discussion of theCUSTOMER’S use of the Service in this Policy is meant to include your visits and other interactions with the Services and Purchased Solutions.

 

“Intellectual Property” means all the trade secrets, patents and patent applications, trademarks (either registered or not registered and including any goodwill acquired in these trademarks), service trademarks, commercial names, copyrights, moral rights, rights on inventions and all the other intellectual property rights and property rights (either registered or not registered, any prior application and all the rights to enforce the precedent one), and all the other equivalent rights which can exist in any part of the world.

 

“CUSTOMER’s Data” means electronic data and information submitted by or for the CUSTOMER to the Purchased Services or collected and processed by or for the CUSTOMER’S use of the Purchased Services, excluding Content and Non-Pipefy Applications.

 

“Services” means the functionalities made available within the sphere of the Online Platform in consideration to the contracting of subscription of the “Purchased Services”. This concept contemplates both the Services offered as free of charge tests and the ones paid, including off-line associated components we might make available, as described in the Documentation. The “Services” do not include Non-Pipefy Applications.

 

“Purchased Services” means the Services offered by PIPEFY to the CUSTOMER or its Affiliates pursuant to this Agreement, including by means of a Order Form or other means creating a binding obligation. The solutions offered by PIPEFY and offered to the   CUSTOMER as native solutions used by PIPEFY to optimize the experience in the use of the “Solutions”, will be Our  responsibility, as an integral part of the “Acquired Solutions”.

 

“Pipefy Technology” means the technology and Intellectual Property licensed by PIPEFY, strictly to enable Users’ access to the Purchased Services, including computer programs (software), websites, networks and equipment.

 

“User” means an individual who is authorized by CUSTOMER to use a Service, for whom have ordered the Service, and to whom the CUSTOMER (or PIPEFY at CUSTOMER request) have supplied a user identification and password. Users may include, for example, Your employees, consultants, contractors and agents, and third parties with which the CUSTOMER transacts business.

 

“Virtual Account” means the account created by the CUSTOMER for use of the Online Platform and access to the functionalities of the Purchased Services offered in this environment.

 

“Non-Pipefy Solutions” means a Web-based or other hosted software application, or offline software application, that is provided by PIPEFY or a third party and interoperates with a Service and is not Pipefy Technology.

DATA PROTECTION ADDENDUM

 

1. Purpose

 

The purpose of this DPA (Annex II) is to define the conditions in which Pipefy, Inc (also referred in this Annex II as “the Processor”) undertakes to carry out, on Customer’s behalf also being referred in this Annex II as “the Controller”), the personal data processing operations defined below.

 

As part of their contractual relations, the parties shall undertake to comply with the applicable regulations on personal data processing and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “the General Data Protection Regulation”).

 

2. Description of the processing

 

The Processor is authorized to process, on behalf of the Controller, the necessary personal data to provide the following service(s): business process management. The nature of operations to be carried out on the data is Service Providing. The purpose(s) of the processing is to deliver the Solutions to our CUSTOMER. The personal data processed are CUSTOMER’s name, e-mail, telephone, payment information and eventually other data voluntarily submitted by the CUSTOMER. The categories of data subjects are CUSTOMER data. The duration of the processing is for the term of the Master Agreement.

 

3. Processor’s obligations with respect to the Controller

 

3.1 General obligations of the Processor: The Processor shall undertake to:

 

  • process the data solely for the purpose[s] subject to the Master Agreement;
  • process the data in accordance with the documented instructions from the Controller appended hereto. Where the processor considers that an instruction infringes the General Data Protection Regulation or of any other legal provision of the Union or of Member States bearing on data protection, it shall immediately inform the controller thereof. Moreover, where the processor is obliged to transfer personal data to a third country or an international organization, under Union law or Member State law to which the Processor is subject, the Processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
  • guarantee the confidentiality of personal data processed hereunder;
  • ensure that the persons authorized to process the personal data hereunder:
  • have committed themselves to confidentiality or are under an appropriate
  • statutory obligation of confidentiality,
  • Receive the appropriate personal data protection training
  • take into consideration, in terms of its tools, products, applications or services, the principles of data protection by design and by default.

 

3.2 Sub-processing

 

The Processor shall inform the Controller in advance of any intended changes concerning the addition or replacement of other Processors. With the written authorization of the Controller, the Processor may engage another Processor (hereinafter “the Sub-Processor”) to conduct specific processing activities.  The Processor must clearly indicate to the Controller which processing activities are being subcontracted out, the name and contact details of the Sub-Processor and the dates governed by the subcontract. The Controller has a minimum timeframe of two weeks from the date on which it receives said information to object thereto. Such sub-processing is only possible where the Controller has not objected thereto within the agreed timeframe.

 

The Sub-Processor is obliged to comply with the obligations hereunder on behalf of and on instructions from the Controller. It is the initial Processor’s responsibility to ensure that the Sub-Processor provides the same sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing meets the requirements of the General Data Protection Regulation. Where the Sub-Processor fails to fulfil its data protection obligations, the initial Processor remains fully liable with regard to the Controller for the Sub-Processor’s performance of its obligations.

 

3.3 Data subjects’ right to information

 

It is the Controller’s responsibility to inform the data subjects concerned by the processing operations at the time data are being collected.

 

3.4 Exercise of data subjects’ rights

 

The Processor shall assist the Controller, insofar as this is possible, for the fulfilment of its obligation to respond to requests for exercising the data subject’s rights: right of access, to rectification, erasure and to object, right to restriction of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).

 

Where the data subjects submit requests to the Processor to exercise their rights, the Processor must forward these requests as soon as they are received by secure form to https://app.pipefy.com/public/form/ONITydQF

 

3.5 Notification of personal data breaches

 

The Processor shall notify the Controller of any personal data breach immediately, and in any event no later than 24 hours after having become aware of it and via the following means: email. Said notification shall be sent along with any necessary documentation to enable the Controller, where necessary, to notify this breach to the competent supervisory authority.

 

Once the Controller has agreed, the Processor shall notify the competent supervisory authority, in the name and on behalf of the Controller, of the personal data breaches immediately and in any event no later than 72 hours after having become aware of them, unless the breach in question is unlikely to result in a risk to the rights and freedoms of natural persons.

 

The notification shall at least:

 

  • describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

 

Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

 

Once the Controller has agreed, the Processor shall communicate, in the name and on behalf of the Controller, the personal data breach to the data subject without undue delay where said breach is likely to result in a high risk to the rights and freedoms of natural persons.

 

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and at least:

 

  • describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

 

3.6 Processor’s assistance to the Controller regarding compliance with its obligations

 

The Processor assists the Controller in carrying out data protection impact assessments.

 

The Processor assists the Controller with regard to prior consultation of the supervisory authority.

 

3.7 Security measures

 

The Processor undertakes to implement the following security measures:

 

  • the pseudonymisation and/or encryption of personal data
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

 

3.8 Data exit

 

At the end of the service bearing on the processing of such data, within 6 months the Processor undertakes to:

 

–           destroy all personal data

 

Together with said return, all existing copies in the Processor’s information systems must be destroyed. Once destroyed, the Processor must demonstrate, in writing, that this destruction has taken place.

 

3.9       The Data Protection Officer

 

The Processor communicates to the Controller the name and contact details of its data protection officer, if it has designated one in accordance with Article 37 of the GDPR.

 

3.10 Record of categories of processing activities

 

The Processor states that it maintains a written record of all categories of processing activities carried out on behalf of the Controller containing all the information required by the General Data Protection Regulation.

 

3.11 Documentation

 

The Processor provides the Controller with the necessary documentation for demonstrating compliance with all of its obligations and for allowing the Controller or any other auditor it has authorized to conduct audits, including inspections, and for contributing to such audits.

 

4. Controller’s obligations with respect to the Processor

 

The Controller undertakes to:

 

  • provide the Processor with the data mentioned in 2 hereof;
  • document, in writing, any instruction bearing on the processing of data by the Processor;
  • ensure, before and throughout the processing, compliance with the obligations set out in the General Data Protection Regulation on the Processor’s part;
  • supervise the processing, including by conducting audits and inspections with the Processor.

 

5. Transfer of personal data

 

As the Processor is located in the United States, the Parties are entering into the Standard Contractual Clauses pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC as set out in PIPEFY’S Privacy Policy.

STANDARD SLA

 

 

¹ Standard Support: Basic business hours support and support for critical issues outside of business hours only.

² Levels: Full descriptions of severity levels are written below:

  • Critical: Total or partial platform outage. Security issue that causes sensitive data exposure.
  • High: Severe impact on performance, important services/components are not functioning, a single connection is down, or a subset of users cannot sign-in in the Pipefy production environment.
  • Medium: Low impact on a small number of users in a production environment.
  • Low: Customer is letting Pipefy know about a minor problem or enhancement request for which feedback is not required.

³ Hours of Service: Our coverage includes 8:00 am – 7:00 pm on business days*, considering the Brasília Time Zone (UTC-3). * If you need dedicated support, please contact your account’s customer support manager.

⁴ Resolve time: The time resolution for bugs is divided into four parts: Critical, High, Medium and Low. They will follow the same deadlines of the Support SLA.

 

Standard Support includes: 

 

  • Support in understanding the use of external API; Identifying and solving system problems; Root cause analysis and investigation of problems that generate instability; Correction of errors (“bugs”) considered critical for the platform; Help with questions about the tool Identifying and reporting bugs; Platform security questions. Incident Support – solving the problem**
  •  

** Incidents and instabilities will be notified on https://status.pipefy.com/

 

Standard Support does NOT include:

 

  • It does not cover events caused by factors beyond our reasonable control, such as: customer power failures, customer server or hardware malfunction, and customer Internet connectivity issues; User code development or debugging questions; Support provides help with the Pipefy API and some examples; Bug fix (encoding); Third-party plug-ins or third-party application integrations; Support in languages other than English, Spanish and Portuguese; Communication through other tools like LinkedIn, WhatsApp or any other social media.

 

Support team contact

 

The Support Team is divided into 2: N1 and N2.

 

Team N1 is responsible for the first response and inquiry process; Team N2 is technical support. Teams N1 and general support are available through the internal chat of the Pipefy platform, for users logged into the tool, and can also be contacted by email <[email protected]> while team N2 can be reached by email <support-team @pipefy.com>.

 

We also offer and encourage the use of our Community Center <https://community.pipefy.com> and helpful resources available on our web page.

 

*Disclaimer: PIPEFY undertakes to make the Software available to the CUSTOMER as stipulated in this document.

 

The availability of the Software is defined as the ability of a user to use their account to access and use the Software, being calculated based on each account, provided that it is active in a regular and enabled state. Outages caused by facts beyond PIPEFY’s reasonable control, or caused by force majeure, acts of third parties, must be excluded from the calculation of software availability. Scheduled suspensions, including due to hardware replacement, or due to scheduled or emergency maintenance, or related to acts of God or acts of the CUSTOMER or third parties, should also not be considered for the software availability clause, without prejudice to other hypotheses provided for by law or in this Agreement.

Update at: July 21th, 2021.