Pipefy Solution Terms of Services

These Terms of Use of the Pipefy Solution (the "Terms" or "Agreement"), along with any other terms and policies incorporated by reference, constitute a legal contract governing the use of the Pipefy Solution owned by Pipefy, Inc., a Delaware corporation, with commercial address at San Francisco, CA, at 548 Market St, PMB 96462, USA ("Pipefy"). The Customer accepts and agrees to the terms of these Terms by (i) clicking on a box indicating acceptance, (ii) executing a Purchase Order referencing these Terms, or (iii) using the Pipefy Solution, even if on a free or trial basis.

BY ACCEPTING THESE TERMS, THE CUSTOMER REPRESENTS THAT THEY HAVE FULL POWER TO CONTRACT AND TO BIND THE LEGAL ENTITY OR ENTITY THEY REPRESENT, OBLIGING IT TO COMPLY WITH THESE TERMS. IF YOU DO NOT AGREE OR DO NOT HAVE AUTHORITY TO BIND THE COMPANY OR ENTITY, DO NOT ACCEPT THESE TERMS OR ACCESS/USE THE PIPEFY SOLUTION OR ITS SITES.

1. PIPEFY SOLUTION

1.1. The Pipefy Platform (also referred to as the "Pipefy Solution") is a cloud-based tool that enables the registered Legal Entity on the Pipefy website ("Customer") to automate and manage different types of processes through the use of existing templates or configurations of the Pipefy Solution. Users can utilize the Pipefy Solution or hire additional services, governed by specific terms. These Terms govern access to and use of the Pipefy Solution by Users and their authorized representatives.

1.2. Subject to Customer's compliance with these Terms and payment of the fees prescribed herein, Pipefy hereby grants Customer a non-exclusive and non-transferable subscription license ("License"), entitling Customer to access and use the Pipefy Solution identified and described in either the Virtual Account (defined below) or a Purchase Order. Customer acknowledges and agrees that any enhancements or upgrades to the Pipefy Solution, which may be made available to Customer throughout the Agreement Term shall be a part of the Pipefy Solution and shall be subject to these Terms and/or specific terms.

1.3. Customers may utilize the Pipefy Solution by acquiring a License for each authorized user ("User"), according to the different plans available on the Pipefy pricing page, at https://www.pipefy.com/pricing/. Customers and/or Users can utilize the Pipefy Solution upon registering and creating an account (the "Virtual Account") on the Pipefy Website and/or formalizing a Purchase Order, whichever occurs first. The right to access the Pipefy Solution shall remain effective throughout the Agreement Term.

1.3.1. Specific Functionalities per Plan. Pipefy reserves the right to offer different or specific functionalities and features for each plan. The essential features of each plan will be as described on the pricing page (https://www.pipefy.com/pricing/) in effect at the time the Customer contracts or renews the service. Additional features not listed on the pricing page may be modified, added, or removed at Pipefy's discretion.

1.3.2. Usage Limits and Additional Charges. Use of the Pipefy solution will be subject, depending on the plan chosen, to limits on the number of processes, users, cards, guests, interfaces, database records, storage, automation tasks, API calls, customizable integrations, connections between processes, among others provided for in the link above. In the event of exceeding these limits, the Customer will be subject to charges for excess usage, additional packages and/or migration to a higher plan, as regulated by the other conditions of these Terms.

1.3.2.1. Additional Packages. Depending on availability, the Customer may purchase, by signing a Purchase Order, additional packages to extend the limits of the Pipefy Solution Plan, as well as certain Add-Ons, if purchased. For detailed information on package prices and conditions, the Customer should contact their Account Manager or Pipefy Support. The deductible for these packages is not cumulative and is renewed monthly according to the Agreement Term and payment cycle.

1.4. Administrator User ("Admin") and Account Administrator ("Super Admin"). The Customer bears sole responsibility for identifying each added User, and may, when necessary, transfer or modify these identifications and usage permissions. The Virtual Account shall be managed by at least one User with privileges designated as "Admin" or "Super Admin," as authorized by the Customer.

1.4.1. Admin. It holds, among other things, the capability to add new Licenses and Functionalities under conditions equivalent to those existing, as well as to create, monitor, or modify permissions of other Users, manage access, control, remove, or alter the Customer's data in whole or in part.

1.4.2. Super Admin. It holds all the privileges of the Admin, as well as the exclusive ability to create custom functions, manage service accounts and even edit the functions and permissions of the Customer's users within the Virtual Account dashboard.

1.4.3. Upon creating a User identification, the Customer shall be responsible for: (a) maintaining the security and confidentiality of passwords and accesses of its Users, such passwords being non-transferable and non-sharable; (b) any and all action performed using the accounts of its Users, in particular those of the Admin and Super Admin; (c) ensuring that all Users are over sixteen (16) years old and are properly instructed to use the Pipefy Solution; and (d) immediately notifying Pipefy upon becoming aware of any unauthorized use or access to its Virtual Account and/or any violation of these Terms.

1.5. Additional Services and Features. The Customer may choose to acquire Additional Services and Features, such as: (i) Professional Services, subject to the Professional Services Terms available at <https://www.pipefy.com/pt-br/termos-e-condicoes-servicos-profissionais/>;

(ii) Individual Instance for hosting its data, subject to the conditions established in Annex III hereto, if contracted; and/or

(iii) Add-ons to the limits of the contracted plan, as well as additional users, or functionalities beyond the standard Pipefy Solution (the "Add-Ons"), such as the use of artificial intelligence ("Pipefy AI"), subject to the additional conditions available in Annex IV. By accessing or purchasing such Additional Features, the Customer agrees to the following additional conditions.

1.6. Minimum Franchise and Excess Usage. In all cases, the initial number of Licenses, Services, Add-Ons, and Functionalities contracted, specified in the Virtual Account and/or in the Purchase Order, must be maintained constant during the agreed term and will serve as the baseline amount that the Customer will be billed regardless of the actual usage (the "Minimum Franchise"). Pipefy is authorized to charge any excess over the License, Service, Add-Ons, and Functionality Franchises, and adjust the level of usage and for future charges, according to the new level used, regardless of approval, by sending prior notice at least 30 days before the start of the charge. Continued excess usage will constitute acceptance of the new charging conditions.

1.6.1. Accounting and Billing for Automation. Automation jobs shall be charged monthly based on triggers, regardless of whether the action has been carried out. In other words, each time a trigger is activated, even if the action is not executed due to conditionals, the trigger will be counted. Detailed information on accounting for automation is available in the Pipefy Community ("Manual"), accessible via: https://community.pipefy.com/. The Customer agrees that the use of the Pipefy Solution implies acceptance of these accounting conditions and usage limits.

1.6.2. Accounting for API Calls. API Calls shall be counted monthly based on the number of requests made by the Customer to APIs external to the Pipefy UI. Each HTTP request, including but not limited to data creation, read, update and delete operations, will be considered an API call. The accounting will include successful calls, in whole or in part, as well as the conditionals applied in the calls that directly influence the API's processing, and response. Detailed information on accounting for API calls is available in the Manual. The Customer agrees that the use of the Pipefy Solution implies acceptance of these accounting conditions and usage limits.

2. RESPONSIBILITIES

2.1. Pipefy Responsibilities. Pipefy agrees to:

(a) make the Pipefy Solution available to the Customer uninterrupted, 24 hours a day, 7 days a week, in accordance with these Terms and the respective Purchase Order, when applicable;

(b) provide support for the Pipefy Solution as provided in Annex II (Service-Level Agreement, "SLA"), with the possibility of such terms being updated by Pipefy from time to time; and

(c) Make commercially reasonable efforts to ensure 99.90% uptime for the Pipefy Solution, as set out in Annex II.

2.2. Customer Responsibilities. On its side, the Customer:

(a) shall be responsible for the proper use of the Pipefy Solution and faithful compliance with these Terms, both by themselves and their Users. They commit not to decompile, reverse engineer, or disassemble the Pipefy Solution or any technology encompassed therein ("Pipefy Technology"). Furthermore, they shall not attempt in any way to extract the source code of Pipefy Technology or misuse Pipefy's Intellectual Property, whether registered or not;

(b) shall be responsible for the accuracy, quality, and legality of the information, data, files, texts, images, personal information, or any other content, whether owned by themselves or by third parties ("Customer Data") provided to Pipefy for registration and billing purposes, and/or inserted into the Pipefy Solution for usage purposes; as well as for the means through which such data was acquired. The use of the Pipefy Solution to process defamatory, illegal, or unlawful content, and/or in violation of the privacy or intellectual property rights of third parties, is strictly prohibited;

(c) shall use reasonable efforts to maintain the confidentiality of their access credentials, prevent direct or indirect access, or unauthorized use of the Pipefy Solution, and shall promptly notify Pipefy of any unauthorized access or use; 

(d) shall use the Pipefy Solution in accordance with these Terms, applicable laws, and regulations, refraining from financing, funding, sponsoring, or in any way using the Pipefy Solution for the commission of any illegal activities, including but not limited to storing or transmitting Malicious Code, engaging in social engineering (phishing, baiting, etc.), sending unsolicited bulk email (spam), or disseminating appealing content or content that negatively affects the reputation of the Pipefy Solution or third parties. The Customer shall limit the use of the Solution to sending transactional electronic communications strictly related to the process managed in the Pipefy Solution;

(e) shall comply with the terms of service of Non-Pipefy Applications they use and access along with the Pipefy Solution. 

(f) shall not sell, resell, license, sublicense, distribute, rent, lease, or offer, in whole or in part, on their own behalf or on behalf of third parties, the Pipefy Solution; nor copy, reproduce, modify, create or develop derivatives of any part of the Pipefy Solution, its features, functions, online user guides, documentation, periodically updated help and training materials provided by Pipefy ("Documentation"), and/or User Interface; and

(g) shall not interfere with or disrupt the integrity or performance of any third-party tools or data contained therein.

3. BILLING AND PAYMENT

3.1. Pricing. Except for free plans or trials, the Customer shall pay for all amounts specified in the Purchase Order and/or Virtual Account, related to the Pipefy Solution, Professional Services, Add-Ons, and others, as applicable, regardless of actual usage, for the contracted term, which may be monthly, annually, or multi-year, as also specified in the Purchase Order and/or Virtual Account. The amounts are non-cancellable and non-refundable, and the Customer shall maintain the Minimum Franchise acquired during the Agreement Term. For all purposes, the volume accounted in the Virtual Account shall be considered for calculating excess usage in the contracted franchises.

3.2. Taxes and Fees. The amounts specified in the Purchase Order and/or Virtual Account are net and will be processed in US dollars (“Solution Fees”). Any types of credit card fees, banking fees, exchange fees, taxes, levies, charges, assessments, obligations, fees, and/or government charges of any kind whatsoever, are not included in the Solution Fees shall be paid solely by the Customer in addition to the Solution Fees. The Customer shall be responsible for collecting any taxes and/or fees of any kind, if applicable, regardless of their jurisdiction. Therefore, any such taxes/fees shall be considered as added to the subscription fees due from the Customer.

3.3. Payment. Pipefy will issue invoices either directly or through contracted third-party payment processors, based on the payment method and terms selected by the Customer at the time of purchase or contracting. If the selected payment method is a credit card, the Customer agrees that Pipefy may charge the card for payments due at the initial purchase, during renewals, for additional Users, or for any excess usage, as applicable. These charges may be processed in advance, annually, or according to the frequency specified in the Purchase Order or Virtual Account.

3.3.1. If a purchase order number is required for payment, the Customer must provide the number to Pipefy within 72 hours of receiving either the Purchase Order or the invoice, whichever occurs first. The purchase order number should be sent via email to [email protected].

3.3.2. The customer may revoke the authorization for recurring credit card billing at any time. In that case, they must opt for an alternative payment method provided by Pipefy, under penalty of suspension or cancellation of services after prior notification.

3.4. Late Payment. If any amount invoiced by Pipefy is not received by the due date, Pipefy, without waiving any other rights or remedies available to it at law or in equity, may (a) charge 1% late payment interest per month and a 2% penalty on the overdue amount; (b) require shorter payment terms for future renewals and Purchase Orders; (c) reassess any discounts or bonuses previously granted ("Special Condition"); and/or (d) pursue administrative or judicial collection efforts, either directly or through third parties. The Customer will bear the responsibility and agree to cover all reasonable expenses related to the collection of the overdue amount, including procedural costs and attorney fees, where applicable.

3.4.1. Suspension. In the event of any overdue payment by the Customer, with 15 days for credit card payments, and 30 days or more for other forms of payment, Pipefy, in addition to its other rights, may accelerate future obligations, making them immediately due, and suspend the Pipefy Solution until full payment of these amounts is made. Except for Customers with payment declined by credit card or direct debit, Pipefy shall notify the Customer at least 5 days before suspending the Customer's access to the Pipefy Solution. 

3.4.2. Suspension of the Services does not release the Customer from the obligation to pay the amounts due, including the period of suspension if the Services are subsequently reactivated.

4. DATA PROTECTION

4.1. Pipefy shall maintain appropriate administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of Customer Data processed by the Pipefy Solution. Such safeguards include but are not limited to, measures aimed at preventing unauthorized access or disclosure of Customer Data (except when authorized by the Customer or its Users to third parties) added into Pipefy Solution, as regulated in this Agreement, its Annex I - Data Processing Agreement ("DPA"), and Pipefy Privacy Policy, available at https://www.pipefy.com/privacy-policy/, which are integral and indispensable parts of this Agreement.

4.2. If Customer inputs or uploads to the Pipefy Solution any Customer Data containing personal information subject to the California Consumer Privacy Act of 2018 (“CCPA”), as amended, and any regulations promulgated thereunder, the CCPA Data Processing Addendum (“CCPA DPA”) as regulated in the Appendix I, shall apply to both Customer and Pipefy with respect only to such processing of Customer Data.

5. CONFIDENTIALITY

5.1. Except as expressly stated otherwise in this Agreement, each Party agrees that all information disclosed by one Party ("Disclosing Party") to the other Party ("Receiving Party"), orally or in writing, that is designated as confidential or should reasonably be understood to be confidential, given the nature of the information and the circumstances of the disclosure. For purposes of this Agreement, any of the following information exchanged between the Parties shall be deemed “Confidential Information” including, but not limited to: (a) Customer Data, (b) the Pipefy Solution, Services, and Content (c) the terms of this Agreement and all Purchase Orders (including prices), (d) business and marketing plans, (e) technical and technological information, (f) product plans and business processes. 

5.2. Except as expressly authorized herein, the Receiving Party shall (i) keep confidential and not disclose any Confidential Information to third parties, and (ii) not use Confidential Information for any purpose other than the performance of its obligations and the exercise of its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors, and other representatives who have a legitimate need to know, provided that they are bound by confidentiality obligations no less protective of the Disclosing Party as contained in this Section 5, and the Receiving Party remains responsible for their compliance with these terms.

5.3. The Receiving Party's confidentiality obligations shall not apply to information that the Receiving Party can prove: (i) it legitimately possessed or knew before receiving the Confidential Information; (ii) became public through no fault of the Receiving Party; (iii) was lawfully received from a third party without breaking any confidentiality agreement; or (iv) was independently developed by the Receiving Party's employees who had no access to the Confidential Information. The Receiving Party may also disclose Confidential Information if required by law, regulation, or court order (but only as much as necessary to comply with such law, regulation, or court order, and with prior notice to the Disclosing Party).

6. LICENSES AND OWNERSHIP RIGHTS

6.1. Intellectual Property Ownership. The Customer acknowledges and agrees that:

6.1.1. The Pipefy Solution and any related contents are licensed, not sold, to the Customer by Pipefy, and the Customer does not have under or in connection with these Terms any ownership interest in the Pipefy Solution or any related Intellectual Property Rights. For purposes of these Terms, “Intellectual Property Rights” shall mean any registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

6.1.2. Pipefy exclusively owns all rights, titles, and interests in the Pipefy Solution, including Add-Ons, Services, and Functionalities, as well as all related Intellectual Property Rights. The Customer's use of the Pipefy Solution is subject to the limited license granted under these Terms.

6.1.3. The Customer hereby unconditionally and irrevocably assigns to Pipefy or its designee all rights, titles, and interests in any Intellectual Property Rights that the Customer may hold or acquire in the future, relating to the Pipefy Solution (including any rights in derivative works or patent improvements connected to the Pipefy Solution), whether obtained through legal processes, contracts, assignment, or otherwise. Pipefy will retain sole ownership of all Intellectual Property Rights relating to any suggestions, ideas, enhancement requests, feedback, recommendations, or other information provided by the Customer or any other person relating to the Pipefy Solution, which is hereby assigned to Pipefy. The Customer undertakes not to copy, distribute, reproduce, or use any of the foregoing except as expressly permitted under this Agreement.

6.2. No Implied Rights. Except for the limited rights and licenses expressly granted under these Terms, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to the Customer or any third party any Intellectual Property Rights or other right, title, or interest in or to the Pipefy Solution or any other services, software, or content provided under these Terms.

6.3. Customer Cooperation and Notice of Infringement. During the Agreement Term, the Customer shall:

(a) take reasonable measures to safeguard the Pipefy Solution (including all copies thereof) from infringement, misappropriation, theft, misuse, or unauthorized access;

(b) at Pipefy’s expense, take all such steps as Pipefy may reasonably require assisting Pipefy in maintaining the validity, enforceability, and Pipefy’s ownership of the Intellectual Property Rights in the Pipefy Solution;

(c) promptly notify Pipefy in writing if the Customer becomes aware of: (i) any actual or suspected infringement, misappropriation, or other violation of Pipefy’s Intellectual Property Rights in or relating to the Pipefy Solution; or (ii) any claim that Pipefy Solution, including any production, use, marketing, sale or other disposition of the Pipefy Solution, in whole or in part, infringes, misappropriates or otherwise violates the Intellectual Property Rights or other rights of any person; and

(d) fully cooperate with and assist Pipefy in all reasonable ways in the conduct of any action by Pipefy to prevent or abate any actual or threatened infringement, misappropriation or violation of Pipefy’s rights in, and to attempt to resolve any actions relating to Pipefy Solution.

6.4. Reservation of Rights. Pipefy reserves all the rights, title, and interest relative to the services, including intellectual property rights, related to the Pipefy Solution, Professional Services, and/or related contents, as well as any updates, upgrades, extensions, components, and derivative products, even if such cases originate from comments or feedback from the Customer, without any payment of royalties and/or obligations from Pipefy to the Customer being due. Pipefy reserves the right to seek injunctive relief in any court of competent jurisdiction to prevent violations of its Intellectual Property.

6.5. Commercial References. Pipefy may use the Customer’s name and logo exclusively for commercial reference purposes on its website or restricted marketing materials, provided, however, that any other use of the Customer’s name or logo by Pipefy shall require Customer’s prior written consent.  The Customer may revoke this right at any time per section 15.6 (Notices).

7. NON-PIPEFY APPLICATIONS AND INTEGRATIONS

7.1. The Customer may choose to acquire products or services from third parties in connection with the Pipefy Solution, including but not limited to any type of third-party software application with integrated use (“Non-Pipefy Applications” or “Apps”). Any acquisition by the Customer of such products or services, and any exchange of Data with Non-Pipefy Applications, shall occur solely at the Customer's and the applicable third party's risk and responsibility. Pipefy does not guarantee or provide support for Non-Pipefy Applications, whether designated as "certified" or otherwise, as well as those billed in conjunction with the Pipefy Solution. Pipefy is not responsible for any disclosure, modification, or deletion of Customer Data resulting from access by such Non-Pipefy Application or its provider, and the Customer is subject to the terms and conditions and privacy policy of the applicable third party.

8. WARRANTIES OF PIPEFY SOLUTION

8.1. Except for the warranties expressly outlined in these Terms, the Pipefy Solution, as well as any Professional Services, Features, and Add-Ons are provided on an “AS IS” and “AS AVAILABLE basis, with no express or implied warranties, including but not limited to warranties of fitness for a particular purpose, merchantability, or performance. Pipefy does not warrant or represent that the Pipefy Solution or any Services will be delivered free of any faults or errors, or that all Faults will be corrected. Pipefy shall not be liable for any losses resulting from any such faults. The Customer assumes sole responsibility for the use of the Pipefy Solution, including concerning the accuracy and review of any documents and data generated. In no event shall Pipefy or its third-party providers be liable for any penalties, interest, or taxes arising from breach of expectations, or results caused by the use of their solution.

8.2. The Customer agrees that its License and acquisition of the Pipefy Solution are not subject to any expectations related to:

(a) access to the Pipefy Solution beyond the Agreement Term;

(b) delivery of any future features that are additional to those already existing in the Pipefy Solution; or

(c) any public comment, oral or written, made by Pipefy about possible functionality or features to be developed.

8.3. Beta Solutions. Occasionally, Pipefy may offer the Customer the opportunity to try new services and/or products designated as beta, limited edition, pilot, or other "Beta Solutions" at no charge. These Beta Solutions may not be available to all Customers or included in the standard Pipefy Solution. The Customer may accept or refuse, at its sole discretion, to participate in such tests. Beta Solutions may be incomplete and subject to additional terms. Pipefy reserves the right to discontinue Beta Solutions at any time or, after the trial period, to offer them as full products under different commercial conditions. Pipefy shall have no liability for any damage or injury arising out of or in connection with a Beta Solution.

9. CHANGES AND MANAGEMENT OF FEATURES

9.1. Substantial Reduction in Features: Pipefy shall provide the Customer with no less than thirty (30) days’ prior written notice of any substantial changes to the core functionalities of the Pipefy Solution.  Such notifications shall be delivered via email to the address designated by the Customer’s Virtual Account Admin or through in-product notifications.

9.1.1. “Substantial reduction of functionality” means the removal or significant reduction of one or more essential functionalities and features listed on Pipefy's pricing page (https://www.pipefy.com/pricing/) for the Customer's contracted plan, which materially affects the Customer's ability to use the service as originally contemplated under these Terms.

9.1.2. In the event of a substantial change affecting essential functionalities, Pipefy shall, where technically feasible, provide a transition period of no less than thirty (30) days from the date of notification, during which the prior feature shall remain operational. Additionally, Pipefy shall offer reasonable support and guidance to the Customer for adapting to the new functionality or migrating to an appropriate alternative.

9.2. Security Discontinuance: Notwithstanding the foregoing, Pipefy reserves the right to immediately discontinue, suspend, or modify any feature, whether essential or not if significant security risks are identified. Security risks may include but are not limited to (i) vulnerabilities that compromise the integrity, confidentiality, or availability of the Customer's data or the Pipefy Solution; (ii) imminent or ongoing cyber threats; (iii) malicious exploitation of features by third parties; iv) discovery of critical flaws that could lead to data breaches; or (v) conflicts with regulatory or legal security requirements.

9.2.1. In the event of a Security Discontinuance, Pipefy shall:

(a) notify the Customer of the cessation, suspension or modification of the affected feature as promptly as circumstances permit, taking into account the urgency of the security threat;

(b) provide, whenever feasible, a general descriptionof the nature of the security risk, without disclosing sensitive information that could further compromise security;

(c) work diligently to resolve the security issue and, where possible and appropriate, restore the affected feature;

9.2.2. The Customer agrees to cooperate with Pipefy in any investigations related to security incidents and to adhere to any security guidelines provided by Pipefy.

9.3. The Customer acknowledges and agrees that the cessation, suspension, or modification of features due to proven security reasons shall not constitute a breach of these Terms or a Substantial Reduction in Features, and Pipefy shall not be liable for any damages, losses, or inconveniences resulting from such security actions.

9.3.1. Pipefy reserves the right to withhold specific technical details regarding security vulnerabilities to protect the integrity of the Pipefy Solution and its users.

9.4. This Section does not limit any other rights or remedies available to Pipefy under these Terms or applicable law concerning security matters.

10. TERM AND RENEWAL

10.1. Agreement Term and Renewal. These Terms shall govern as long as the Customer accesses the Pipefy Solution, commencing upon the earlier of (i) registration on the Pipefy Site or (ii) the formalization of a Purchase Order ("Agreement Term"). Unless otherwise specified in a Purchase Order, this Agreement shall automatically renew for successive terms equal in duration to the initial Agreement Term, unless the Customer expresses, within thirty (30) days of the expiration of the then-current term, its intention not to renew by filling out the form: <https://app.pipefy.com/public/form/XqTumhKO>.

10.1.1. Unless expressly stated otherwise, if the Customer has received a special commercial condition, the Customer acknowledges that the current list prices shall apply upon renewal and Pipefy shall not be bound by any discounts or bonuses granted during the term of the previous agreement.

10.2. Adjustment for Inflation. Pipefy may revise its pricing for the Pipefy Solution on an annual basis. Any increases due to annual adjustments for inflation, based on the Consumer Price Index (ICP) and limited to 7% (seven percent), will be communicated to the Customer at least 30 (thirty) days in advance. These adjustments will only take effect at the subscription renewal date. Increases greater than the adjustment for inflation are possible when negotiated and agreed between both Parties.

10.3. Changes to Plans and Price Lists. In the exercise of its self-management and with due regard for free enterprise and competition, Pipefy may, with thirty (30) days' notice, revise its Plans and Price lists available at: www.pipefy.com/pricing/. Any changes will only come into force on the date of renewal of the Agreement. The price changes shall be deemed to have been accepted if the Customer continues to use the Pipefy Solution under the new terms and conditions.

10.4. Changes to Features: Any significant changes to the features of the Pipefy Solution will be communicated and implemented per the process described in section 9 of these Terms.

11. TERMINATION AND REFUND

11.1. Either Party may terminate this Agreement early, with immediate effect (such termination constituting termination for “Cause”), exclusively in the following circumstances: (a) if a material breach of obligations under these Terms is not remedied within ten (10) business days after written notice by the Non-breaching Party to the Breaching Party, or another mutually agreed-upon period for remedy;  (b) if either Party ceases its commercial operations or enters into bankruptcy or any other insolvency proceedings, such as judicial liquidation; (c) in the event of a criminal conviction issued by a competent court against either Party; or (d) in the event of unforeseeable circumstances or force majeure lasting more than thirty (30) consecutive days, making it impossible to continue performing the agreement.

11.1.1. If the Customer requests termination of this Agreement for Cause, Pipefy shall refund the Customer proportionally for any prepaid fees covering the unused portion of the Agreement period. On the other hand, if Pipefy seeks to terminate this Agreement for Cause, the Customer will not be entitled to any refund and shall be responsible for paying the remaining amounts due under the Agreement Term.

11.1.2. Terminating these Terms does not exempt the Parties from fully fulfilling their obligations that were due up to the termination date, nor does it prejudice the right of the Non-breaching Party to claim compensation for any losses and damages.

11.2. Termination during the Processing Period. The Customer may terminate the initial subscription of the Pipefy Solution without cause within 7 (seven) days from the date of the first Purchase Order or the creation of the Virtual Account (the “Processing Period”), by submitting a termination notice through the following form: <https://app.pipefy.com/public/form/XqTumhKO>. If termination occurs within the Processing Period, Pipefy will fully refund the amount paid. This right applies exclusively to the Customer's first License for the Pipefy Solution and does not extend to renewals, Add-Ons, or Professional Services.

11.3. Effects of Termination. In any case of expiration or termination of these Terms, the Parties shall cease using and destroy all Confidential Information any Party has received under this Agreement, confirming such destruction to the Disclosing Party as requested by the other Party. The Customer's access to their Data in the Pipefy Solution will be terminated immediately upon termination and purged as regulated in Annex I. The Customer shall ensure that its Data is properly exported during the applicable Agreement Term.

11.4. Survival. The rights and obligations contained in the Sections of this Agreement titled “Fees and Payment — Section 3”, “Indemnification — Section 13”, “Non-Pipefy Applications — Section 7”, “Licenses and Ownership Rights — Section 6”, “Confidentiality — Section 5”, “Limitation of Liability — Section 12”, and “General Provisions — Section 15” shall survive any termination or expiration of these Terms.

12.  LIMITATION OF LIABILITY

12.1. TO THE FULLEST EXTENT ALLOWED BY LAW, NEITHER PARTY NOR THEIR SUPPLIERS WILL BE LIABLE FOR any consequential, incidental, special, indirect, or exemplary damages related to or resulting from the use or inability to use the Pipefy Solution, products, services, or information, or from the provision or failure to provide support services. This includes, but is not limited to, lost profits, loss of data, business interruption, personal injury, failure to fulfill any duty, or any other financial or non-financial loss. These limitations shall apply notwithstanding any failure of the essential purpose of any limited remedy. IN ALL CASES, INCLUDING THOSE INVOLVING DIRECT OR GENERAL DAMAGES, THE LIABILITY OF THE PARTIES AND THEIR SUPPLIERS WILL BE LIMITED TO THE AMOUNT EFFECTIVELY PAID BY THE CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. THE CUSTOMER ACKNOWLEDGES AND AGREES THAT THE CONTRACTED PRICES REFLECT THIS ALLOCATION OF RISK AND THE LIMITATION OF LIABILITY REGULATED HEREIN.

12.2. Except as otherwise provided below, neither Party shall be liable to the other for any indirect, incidental, consequential, special, or punitive damages, including, but not limited to, loss of profits, revenue, data, or use, whether in an action in contract, tort or otherwise, even if the other Party has been advised of the possibility of such damages. Notwithstanding the foregoing, the limitations set forth in this Section shall not apply to damages arising from (a) intentional misconduct or gross negligence; (b) willful misconduct; (c) infringement of third-party intellectual property rights by either Party; or (d) any payment obligations specified in Section 3. Furthermore, Pipefy shall not be liable for any interruptions, delays, or failures in performance arising from circumstances beyond its reasonable control, or other events constituting force majeure as defined in these Terms.

13. INDEMNIFICATION

13.1. Subject to the provisions of Section 11.1, each Party agrees to indemnify the Non-breaching Party and its Affiliates, officers, directors, employees, and agents from any claims, damages, liabilities, losses, expenses, or reasonable costs (collectively, 'Losses') arising from third-party claims for which the Breaching Party is proven liable. Pipefy will indemnify the Customer for claims related to the infringement of third parties' intellectual property rights in the Pipefy Solution, provided that the Pipefy Solution is used under these Terms, except in cases where the Pipefy Solution is modified by the Customer, used in conjunction with non-Pipefy Applications, or involves infringements related to Customer Data and/or external events that lead to indemnification obligations for the Customer. Conversely, the Customer will indemnify Pipefy for any violations of these Terms or applicable law, infringement of third-party rights concerning Customer Data, as well as claims related solely to the operations of the Customer and its end users, independent of the Pipefy Solution. 

13.2. For indemnification obligations under this Section to be applicable, the Non-breaching Party seeking indemnification must: (i) promptly provide written notice of the claim for which indemnification is sought, (ii) allow the Breaching Party to control the defense and/or settlement of the claim, provided that the Breaching Party does not enter into any monetary obligation or admission of liability without the prior explicit consent of the Non-breaching Party, and (iii) reasonably assist in the defense or settlement at the request and expense of the Breaching Party.

14. PURCHASES THROUGH A RESELLER

14.1. This Section applies only if the Customer acquires the Pipefy Solution and/or Additional Services through a certified and duly authorized Reseller Partner to commercialize Pipefy licenses and services ("Reseller").

14.2. In case of any conflict between these Terms and the contract established between the Customer and the respective Reseller, including any purchase order ("Reseller Agreement"), these Terms shall prevail between the Customer and Pipefy. Any rights granted to the Customer and/or any other User in the Reseller Agreement that are not covered by these Terms shall apply exclusively in relation to the Reseller, and it is the Customer's responsibility to seek redress, exercise, or fulfill these rights solely with the Reseller.

14.2.1. The Reseller is not authorized to modify these Terms and/or make any promises or commitments on behalf of Pipefy. Pipefy shall not be bound by any obligations to the Customer other than those set out in these Terms.

14.3. The Customer’s and its Users' access to the Pipefy Solution is subject to the Reseller passing on the Fees applicable to Pipefy, paid by the Customer to the Reseller. Pipefy reserves the right to suspend or terminate the rights to use the Pipefy Solution if it does not receive the corresponding payment from the Reseller.

14.3.1. In the event of refunds, Pipefy will refund any applicable fees to the Reseller, who in turn will be solely responsible for refunding any amounts to the Customer.

14.3.2. The amount passed on by the Reseller to Pipefy for the use of the Pipefy Solution shall be deemed to be the amount effectively paid by the Customer for the purposes of calculating the limitation of liability.

14.3.3. Pipefy reserves the right, upon thirty (30) days prior notice, to start charging the Fees directly from the Customer.

14.3.4. The details of the Purchase Order (plan, number of users, agreement term, among others) will, as indicated in the Purchase Order, be carried out by the Reseller with Pipefy, on behalf of the Client, and the Reseller will be solely responsible for the accuracy of any Purchase Order communicated to Pipefy, as well as for the payment of any taxes levied.

14.4. Reseller as Administrator User. The Customer shall be solely responsible for determining whether the Reseller may act as an Administrator User and for any rights or obligations related thereto in its applicable contract with the Reseller. In addition, the Customer shall be solely responsible for any access by the Reseller to its accounts and its User accounts, as well as to its Data.

15. GENERAL PROVISIONS

15.1. Entire Agreement. These Terms, along with their annexes and Purchase Order, are deemed to constitute the entire understanding between the Customer and Pipefy and supersede all prior agreements, proposals, terms, or statements, whether written or oral, concerning their subject matter.

15.2. Interpretation and Order of Precedence. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be as follows: (1) the applicable Purchase Order, (2) these Terms and their Annexes, and (3) the Documentation referenced herein.

15.3. Amicable Dispute Resolution. The Parties agree to seek prior extrajudicial resolution of any dispute, doubt, or litigation arising from this Agreement, including its interpretation or execution. The aggrieved Party shall notify the other Party of the conflict, making every effort to resolve the matter jointly.

15.4. Jurisdiction and Applicable Law. If the Customer is domiciled outside of Brazil, the terms of these Terms shall be governed and interpreted by the laws of the State of California, USA. In the event that the Parties are unable to resolve any disputes that may arise out of court, pursuant to Section 15.3, the Parties irrevocably and unconditionally elect the exclusive jurisdiction of the Courts of San Francisco, California, USA. If the Customer is domiciled in Brazil, the 'Foro Central da Comarca de Curitiba' (Central Court of the Judicial District of Curitiba), PR, Brazil, shall be elected for the resolution of any disputes, doubts of interpretation, or claims arising from or related to these Terms, regardless of any other jurisdiction, however advantageous it may be.

15.5. Force Majeure. Neither Party shall be liable for any failure or delay in the performance of its obligations on account of events beyond the reasonable control of a Party, including, but not limited to, cyber-attacks on the Pipefy Solution, or technical failures or interruptions significantly affecting the infrastructure or systems used for the provision of the services subject to this Agreement, interruption or failure of any other essential service, failures in third-party hosting services, natural disasters, strikes, riots, fires, acts of God, war, terrorism, and acts of government.

15.6. Notices.  Except as otherwise provided in these Terms, all notices, permissions, and approvals shall be in writing and shall be deemed delivered on the first business day following the sending of an email to the email address registered by the Customer as the Virtual Account administrator. Billing-related communications shall be sent to the Customer through the billing contact designated by the Customer. All notices and/or communications to Pipefy, whether provided for in these Terms or not, shall be sent to the following email addresses:

(i) Financial Matters: [email protected];
(ii) Privacy and Information Security Matters and Reports: [email protected];
(iii) Support Matters: chat made available during business hours to Users logged into the Pipefy Solution or via: https://help.pipefy.com;
(iv) Legal Matters: [email protected]. 

15.6.1. Pipefy may notify the Customer of general information about the use of the Pipefy Solution via the email address registered by the Customer in the Virtual Account. It is the Customer's responsibility to keep their contact details up to date in the Virtual Account.

15.7. Assignment.  Except to a direct competitor, either Party may assign its rights or obligations under this Agreement due to a merger, acquisition, corporate reorganization, or substantial sale of all its assets, provided that prior written notice is given to the other Party, and the assignee fully assumes the obligations outlined in these Terms. The assignor shall remain liable for compliance with the obligations until the assignment is effectively completed.

15.8. Compliance. The Parties expressly declare that they are fully aware of and commit to the faithful observance of the applicable legal provisions, including, but not limited to, those related to the prevention and fight against corruption, activities related to the crimes of money laundering or concealment of assets and any acts that are linked to actions of personal favoritism, practice of acts that promote discrimination or violation of rights established by the applicable law. The Parties also undertake to adopt the best corporate governance and business ethics practices in all their operations. The Parties agree that if any illegal practice or breach of this clause or its sub-clauses is suspected, the Non-Breaching Party, at its sole discretion, shall have the right to unilaterally terminate the contractual relationship per Clause 10.1.

15.8.1. Compliance Reporting Channel. If the Customer becomes aware of any ethical or legal deviations involving Pipefy, they shall report them immediately through the Ethics Channel available at: https://ethicschannel.pipefy.com/, with a view to evaluation, investigation, and application of any necessary measures.

15.8.2. Social and Environmental Responsibility.  The Parties shall adopt appropriate measures to prevent, combat, and reduce significant environmental impacts that may result from activities carried out under these Terms. Liability for damages to the environment resulting from any violation by one of the Parties (the Breaching Party) of federal, state, and/or municipal environmental laws shall rest solely and fully with the Breaching Party, even if such damages arise from unforeseeable events or force majeure.

15.8.3. Human Rights. The Parties respect human rights and provide an inclusive work environment, acting without discrimination based on gender, race, or religion, considering the safety and health conditions required by law. The Parties undertake not to exploit, either directly or through the hiring of third parties, any form of child labor, forced labor, or labor analogous to slavery.

15.9. Export Regulations. The Pipefy Solution may be subject to US export control laws, including the US Export Control Reform Act and its associated regulations. The Customer will not directly or indirectly, export, re-export, or release the Pipefy Solution to, or make the Pipefy Solution accessible from, any country, jurisdiction, or person to which export, re-export, or release is prohibited by applicable law. The Customer shall comply with all applicable laws and complete all required undertakings (including obtaining any necessary export license or other governmental approval) prior to exporting, re-exporting, releasing, or otherwise making the Pipefy Solution available outside the US. Without limiting the foregoing, the Customer acknowledges and agrees that the Pipefy Solution will not be used, transferred, or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the US Department of the Treasury’s Specially Designated Nationals List or the US Department of Commerce’s Denied Persons List (collectively “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Pipefy Solution is representation and warranty that the user is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Pipefy Solution may use or include encryption technology that is subject to licensing requirements under the US Export Administration Regulations.

15.10. Severability. These Terms shall be applied to the fullest extent permitted by the applicable law. If any provision of these Terms or its Annexes is held to be invalid or unenforceable, that part shall be enforced to the maximum extent permitted and shall not affect the enforceability of the other terms, the other provisions remaining in force.

15.11. Independent Contractors. The Parties are independent contractors. These Terms shall not be construed as any kind of partnership between the Parties or any form of association that would give either Party the right, power, or authority, express or implied, to create any duty or obligation to the other Party.

15.12. Changes to the Terms of Use. These Terms may be updated from time to time by Pipefy to reflect the development of new functions or features of the Pipefy Solution, for technical or legal reasons that Pipefy deems necessary, notifying the Customer in advance, which will take effect thirty (30) days after their publication, unless otherwise provided in Section 9. Continued use of the Pipefy Solution shall constitute full acceptance by the Customer of the changes.

15.13. No Waiver. Pipefy's failure to enforce any provision of these Terms and/or any of its Annexes shall not constitute a waiver of the right to do so at a later time.

15.14. Signatures. The Parties declare and agree that this Agreement may be signed electronically, through a proven reliable digital certificate and/or virtual acceptance. In the occurrence of any of these circumstances, the Parties acknowledge that the agreement will remain valid, effective, and constitute an enforceable extrajudicial title for all legal purposes.

IN WITNESS WHEREOF, the Parties have caused these Terms and Conditions for the use of the Pipefy Solution to be accepted by their legal representatives or duly authorized agents.

Updated on August 28, 2024.

ANNEX I - DATA PROTECTION AGREEMENT

Purpose

This Data Protection Agreement (“DPA”) establishes the obligations and responsibilities of the parties involved regarding the privacy and security of processed information, as well as detailing the security practices and measures adopted by Pipefy to ensure the integrity, confidentiality, and availability of data, in accordance with applicable laws and regulations. The provisions of this Annex complement the Terms of Use and apply to all Customers when personal and sensitive data is processed within the Pipefy Solution.

As part of their contractual relations, the parties shall undertake to comply with the applicable regulations on personal data processing and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter "the General Data Protection Regulation").

1. As the Controller of Personal Data, it is the Customer's responsibility to handle requests for the exercise of rights by Data Subjects, and it is Pipefy's responsibility, as Processor, to assist in the fulfillment of requests made by Data Subjects whenever necessary and requested by the Customer, such as requests for access to Personal Data, correction of incomplete, inaccurate, or outdated Personal Data, blocking or deletion of unnecessary or excessive Personal Data, portability of Personal Data, among other rights provided by law, the granting or denial of which shall be at the sole discretion of the Customer.

1.1. Pipefy is solely responsible for all costs incurred in fulfilling requests made by Data Subjects in which Pipefy is considered the Controller, with the Customer being solely responsible for fulfilling requests made by Data Subjects in which the Customer is considered the Controller, as well as the costs incurred for such purposes.

2. Pipefy and Customer agree and acknowledge as follows:  

(a) Both Parties shall comply with all applicable laws, rules, and regulations concerning the Personal Data processed in connection with the performance of their obligations, including but not limited to Law No. 13.709/18 (General Data Protection Law - LGPD) when processing data subjects residing in Brazil and/or the GDPR when processing data subjects residing in Europe;

(b) Pipefy uses the personal data received under this legal relationship only for the purpose agreed upon between the Parties, and under no circumstances shall Pipefy use this Personal Data for a different purpose, under penalty of immediate termination and full assumption of any damages caused to the other Party and/or third parties.

(c) Pipefy does not store or share personal data with third parties, except with the prior express authorization of the other Party or as a requirement for the fulfillment of the Agreement, under the terms of this Annex.

(d) Both Pipefy and Customer shall treat all non-public Personal Data as confidential, even if this legal relationship is terminated regardless of the reasons for its termination or resolution.

(e) The duration of the Processing shall respect the contractual object, as well as the provisions of applicable law.

(f) Pipefy adopts appropriate mechanisms for processing Personal Data in accordance with legal provisions, in order to prevent loss, destruction, theft, damage, alteration, manipulation, or accidental interception and/or disclosure.

(g) Both Pipefy and Customer shall limit access to Personal Data originating from this Agreement only to employees, agents, and/or representatives who need it to complete the task/activity to be carried out, with each party being responsible for the actions of its employees, agents, and/or representative.

2.1. The Parties acknowledge that the Pipefy Solution is not designed to handle Sensitive Data and that the Customer shall not use the Pipefy Solution for such data without prior written consent. Sensitive Data includes special categories as defined by privacy legislation, such as, but not limited to, medical information regulated by HIPAA, financial data, government identification numbers, and other information regulated by specific laws. The Customer understands that the Pipefy Solution does not meet legal requirements such as HIPAA, GLBA, and others, and Pipefy is not liable for any Sensitive Data processed.

3. Vulnerability Management. The Parties undertake to manage vulnerabilities in their tools used in the processing of personal data, conducting periodic tests to identify and promptly correct any vulnerabilities that may be identified.

4. Purpose of Storage. Pipefy undertakes to store Personal Data only for the periods necessary to: (a) achieve the purpose of processing the Personal Data under this Agreement; (b) process payments; (c) prevent or address technical problems; (d) whenever feasible, in anonymized form, to improve and enhance the Pipefy Solution; (e) as expressly authorized by the Customer, including cases of sharing Customer Data with Non-Pipefy Applications; and (f) compliance with legal and/or regulatory requirements.

5. Log Keeping. Pipefy will record the "logs" of changes and processing of the personal data for which it is the controller, keeping in these records the minimum elements that allow assessing the activity and who carried it out and when, as regulated by law, with the management of changes in data where Pipefy is only the processor being the responsibility of the Customer.

6. Retention and Deletion of Personal Data. Provided that the contract between the parties is valid, Customer data will be stored in Pipefy's database on servers located in the United States, even if they have been deleted through the application or a set of routines and programming standards for accessing a web-based software application or platform ("API"). In cases of contractual termination, regardless of the cause, Pipefy reserves the right to delete the Customer's Personal Data in accordance with written instructions from the Customer, or within a maximum of one hundred and eighty (180) days after termination of the Agreement.

7. Sub-Processing. Pipefy may use specialized third parties to perform the processing of Personal Data, as available at https://www.pipefy.com/sub-processors/ ("Sub-Processors"). It is Pipefy's obligation to ensure that the Sub-Processors undertake to ensure a security level equal to or greater than that described in this Section before transferring any Personal Data or authorizing any sub-processing, as well as to conduct periodic audits to verify compliance with privacy rules and legal obligations. Pipefy shall be fully and severally liable for any breach, violation, irregularity, or illegality committed by its Sub-Processors.

8. Disclosure Scenarios. Pipefy will not disclose Personal Data to third parties at any time except in the following scenarios: (a) with prior written authorization from the Customer; (b) in accordance with the sub-processing rules described above; or (c) under applicable data protection legislation, provided that Pipefy makes reasonable efforts to share only the minimum amount of Personal Data necessary for a specific purpose, and the Customer is notified in advance, in accordance with and as provided for in this Agreement.

8.1 Requests from Authorities. If Pipefy receives any judicial order and/or official communication that determines the provision or disclosure of personal information, unless expressly prohibited by legal force, regulation, judicial or administrative order, Pipefy must notify the Customer within a maximum of thirty-six (36) hours of becoming aware, providing an opportunity for timely adoption of legal measures to prevent or mitigate the effects resulting from the disclosure of Personal Data related to this request or its objects.

9. Third-Party Applications. If the Customer installs, activates, and/or otherwise uses a Non-Pipefy Application in conjunction with the Pipefy Solution, the Customer acknowledges and agrees that the provider of this Non-Pipefy Application may access Customer Data, including Personal Data, as necessary, for the integration of this Non-Pipefy Application with the Pipefy Solution and/or in accordance with the activities of this Non-Pipefy Application. In this context, Pipefy is not responsible for any incident, disclosure, modification, or deletion of any Customer Data and Personal Data resulting from access by a Non-Pipefy Application.

10. Obligations of Pipefy. Pipefy ensures and guarantees:

(a) Confidentiality and integrity of the information shared by the Customer;

(b) Non-violation of the privacy of Personal Data in its relationship with clients, suppliers, researchers, patients, consumers, and employees;

(c) Adopt technical and administrative measures of information security to prevent misuse and unauthorized use of Personal Data;

(d) Immediately and adequately respond to all requests from the Customer regarding Personal Data Processing, as well as consider the guidance of the National Data Protection Authority regarding the Processing of Personal Data transferred;

(e) Be responsible for maintaining a written record of activities related to compliance with applicable data privacy legislation;

(f) Restrict access to Personal Data by defining qualified individuals responsible for Processing, as well as ensuring and being responsible for the reliability of its employees, agents, and representatives who will have access to Personal Data, considering the nature of such Personal Data;

(g) Maintain a detailed inventory of access to Personal Data and access logs to applications, containing the time, duration, identity of the employee or person responsible for access, and the accessed file, including when such access is made to comply with legal obligations or determinations defined by a competent authority;

(h) The processing of Personal Data, i.e., any operation or set of operations performed on the Personal Data of its clients, suppliers, and employees; including, but not limited to obtaining, recording, storing, altering, analyzing, using, transmitting, combining, blocking, deleting, or destroying, are in absolute accordance with the rights of the data subject and will be carried out in accordance with the established purpose;

(i) Protect Personal Data of its clients, suppliers, and employees, ensuring to them, within legal limits, the right to be informed about any processing of their data; as well as to have access to their own data, among other rights provided by applicable law;

(j) Record activities involving international transfer of Personal Data, indicating the country/organization of destination and adopting the necessary safeguards to ensure that the transfer is carried out in accordance with applicable legislation and guidelines defined by a competent authority;

(k) Meet requests for information made by the Customer within thirty-six (36) hours, justifying any delays; and

(l) Cooperate with the fulfillment of requests from data subjects of the Customer (clients of the Customer), using appropriate technical and organizational measures, in accordance with Customer instructions.

11. Contingency Plan. Pipefy undertakes to create contingency mechanisms to prevent data leaks, and must test and keep it up to date, committing to present its contingency plan to the Customer upon request for compliance with requests from the authority or in case of any eventual judicial demands.

12. Incident Notification. If, at any time, there is an actual breach, suspicion, or potential threat to the security of Personal Data, or if there is suspicion of loss, destruction, deletion, damage, corruption, or unauthorized disclosure to a third party, the Party that becomes aware of the incident shall notify the other Party within a maximum of 3 (three) business days from the moment it becomes aware of it, and the notification shall contain the full and complete details regarding the breach, including:

(a) date and time of the incident;

(b) date and time of acknowledgment by the Party that had its data leaked;

(c) list of types of data affected by the incident;

(d) list of data subjects affected by the incident;

(e) the nature and facts of such breach, including the data subject, if possible;

(f) contact details of the data protection officer or appointed and named representative to deal with data leaks in the company, responsible for additional information regarding the incident;

(g) the likely consequences and/or potential consequences of such incident; and

(h) the measures adopted or proposed by Pipefy or by the data protection officer to remedy such breach and mitigate any possible adverse effects and the dates of implementation of these measures (action plan).

13. Incident Handling. In the event of an incident, Pipefy must promptly comply with the instructions provided by the Customer, aiming to remedy or mitigate adverse consequences, as well as practice all necessary acts and resources to contain the breach and recover and/or restore Personal Data (where possible) and meet any requests, notifications, or investigations by Authorities.

14. Contact information. Pipefy's support regarding privacy and personal data matters can be accessed at the following email address: [email protected].

APPENDIX 1 - COMPLIANCE WITH CALIFORNIA CONSUMER PRIVACY ACT OF 2018

1. The purpose of this CCPA Data Protection Agreement (“CCPA DPA”) is to define the conditions in which Pipefy, Inc. (“Pipefy” or the “Processor”) undertakes to carry out, on Customer’s (“Customer” or the “Controller”) behalf, the personal data processing operations defined below.

2. As part of their contractual relations, the parties shall undertake to comply with the applicable regulations on personal data processing and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “the General Data Protection Regulation”, or “GDPR”), and the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), and any related regulations or guidance provided by the California Attorney General (hereinafter “the CCPA”).

3. Terms defined in the CCPA, including ‘consumer’, ‘personal information’, ‘service provider’, ‘commercial purposes’, ‘third-party’, and ‘business purposes’, carry the same meaning in this DPA.

4. “Contracted Business Purposes” means the database management, hosting and related services performed on behalf of the Customer pursuant to the Service Agreement for which Pipefy receives or accesses Customer Personal Information.

5. “Customer Personal Information” means Customer Data (as defined in the Service Agreement and Privacy Policy) that constitutes personal information of a consumer subject to the CCPA. For the avoidance of doubt, Customer Personal Information does not include User Personal Information (as defined in the Privacy Policy), with respect to which Pipefy is not a service provider, and this DPA does not apply to such User Personal Information.

(a) Pipefy shall use the Customer Personal Information received under this relationship solely for the purposes agreed upon between the Parties. Under no circumstances shall Pipefy use this Personal Data for any other purpose than performing the Contracted Business Purposes or as otherwise permitted by the CCPA (as a service provider or “exempt” third party) or required by law. Any violation of this provision shall result in the immediate termination of this Agreement and full liability for any damages caused to the other Party and/or third parties.

(b) Pipefy shall not retain, use, disclose, store or share Customer Personal Information outside of this direct business relationship between Pipefy and Customer unless otherwise permitted by the CCPA (as a service provider or “exempt” third party) or as required by law, or, upon the prior express authorization of the Customer, in accordance with the terms of this DPA.

(c) Pipefy shall adopt appropriate mechanisms for processing Customer Personal Information in accordance with legal provisions, to prevent loss, destruction, theft, damage, alteration, sale, manipulation, or accidental interception and/or disclosure.

(d) Pipefy may use aggregated, de-identified, or anonymized data for its own purposes. Pipefy shall not attempt to, nor will it actually, re-identify any data that has been aggregated, de-identified, or anonymized. For the avoidance of doubt, and to the extent permitted by the CCPA, Pipefy may use Customer Personal Information to detect data security incidents, prevent fraudulent or illegal activity, or enhance its services.

(e) both parties shall comply with all applicable requirements of the CCPA regarding the collection, use, retention, or disclosure of Customer Personal Information. In the event that any request is made by end users of the Customer, the Customer will be responsible for providing customer service. Pipefy does not control or manage the Customer Personal Information.

6. Sub-Processing. Pipefy may engage specialized third parties to provide the Contracted Business Services, as listed at www.pipefy.com/sub-processors/ (“Sub-Processors”). Pipefy is responsible for ensuring that its Sub-Processors agree to maintain a level of security that is equal to or exceeds the standards described in this DPA before any Personal Data is transferred or sub-processing is authorized. Any sub-processor must qualify as a service provider under the CCPA, and Pipefy shall ensure that no disclosures to the sub-processor are made that would be considered a sale under the CCPA. Pipefy shall also conduct periodic audits to verify that its Sub-Processors comply with applicable privacy rules and legal obligations. Pipefy shall be fully and jointly liable for any breach, violation, irregularity, or non-compliance committed by its Sub-Processors.

7. If the Customer is unable to delete Customer Personal Information held within Pipefy’s records in response to a verified Consumer request for deletion pursuant to the CCPA. Pipefy shall promptly effectuate such deletion upon receipt of the Customer’s written instruction to do so, provided that no exception to deletion under the CCPA is applicable and/or Pipefy is not legally restricted from doing so. Pipefy may charge its then-current standard fees for this service. Requests for deletion should be submitted to: https://app.pipefy.com/public/form/CxbZakYy.

8. Changes to this CCPA DPA. Pipefy may amend this CCPA DPA under the following conditions:

(a) To reflect a change in the name or form of a legal entity;

(b) To comply with the applicable law, regulation, court order, or guidance issued by a governmental regulator or agency; or

(c) If the change does not expand the scope of Pipefy’s processing of Customer Personal Data, or otherwise materially adversely affect Customer’s rights under this DPA.

(d) Pursuant to Section 6(a)(ii) or (iii), notify the Customer at least 30 days prior to the effective date of the change (or such shorter period as may be required to comply with the applicable law), provided that, if the Customer object to any such changes, the Customer may terminate the Agreement with Pipefy by providing a written notice to Pipefy within 90 days of receiving notification of the change.

ANNEX II - SERVICE LEVEL AGREEMENT

This Annex II regulates Pipefy Solution's Service Level Agreement (SLA), establishing the performance metrics, responsibilities, and service expectations between Pipefy and its Customers. This document aims to ensure that the quality and efficiency of the services provided meet the agreed standards, promoting transparency and alignment between the Parties. The provisions described herein complement the Terms of Use and apply to all Pipefy Customers, depending on the applicable Plan.

1. General Availability: Pipefy guarantees 99.90% ("Guaranteed Percentage") uptime of the Pipefy Solution per month. For the purposes of calculating unavailability that can be credited under the clause below, only unavailability classified as "Major Outage" on the Status Page: https://status.pipefy.com/uptime will be counted, i.e. when a significant part or all of the Pipefy Solution is inaccessible and/or inoperative, affecting most or all of the Customers.

2. If the Monthly Availability Percentage is lower than the Guaranteed Percentage, the Customer may claim a non-cumulative credit or discount, which will be applied to the next invoice or the renewal of its Plan, without the possibility of converting it into cash. In order to do so, Pipefy must be notified within thirty (30) days of the event via the Support chat, including evidence of the unavailability and other information requested by Pipefy. Pipefy will calculate the amount of the applicable credit or discount, according to the percentage shown in the table below and, in all cases, limited to 10% of the total value of the current Agreement Term:

2.1. The aforementioned Status Page will, for all purposes, be the official reference for calculating the monthly percentage of activity time and calculating any credits or discounts due.

2.2. The following shall not be considered unavailable: (i) periods of suspension or inactivity scheduled for hardware replacement, maintenance, or updates of the Pipefy Solution, as described in the Terms of Use; (ii) periods of inactivity and/or instability resulting from circumstances beyond Pipefy's reasonable control, such as fortuitous events or force majeure, as defined by law, actions of third parties and/or the Customer itself, among others. The planned unavailability provided for in these Terms shall not be counted.

3. Support Activities: The Pipefy support team will make every effort to assist the Customer according to the response times outlined in the table below. The countdown of the deadline shall commence from the moment the event is communicated through the channel specified in item 10 below. 

4. As specified in the table in Section 3, support will be available from Monday to Friday, during business hours from 8 AM to 8 PM Brasília time (UTC -3), via chat in the logged-in area of the Pipefy Solution. The response time will depend on the Plan and the complexity of the case. Please note that Free Plans are not included in the above table. They offer only basic support without a defined response time and provide access to the Help Center and Pipefy Community resources.

4.1. Business hours converted to time zones of other locations:

UTC 0: 11 AM to 11 PM

UTC -3 (Brasilia Time): 8 AM to 8 PM

UTC -5 (Eastern Standard Time): 6 AM to 6 PM 

UTC -8 (Pacific Standard Time): 3 AM to 3 PM 

UTC +10 (Australian Eastern Standard Time): 9 PM to 9AM

5.1. Dedicated Support: In situations where the Customer requires dedicated analysts for their operation and/or support outside of business hours, Pipefy may offer Dedicated Support upon request. The availability of Dedicated Support will be subject to a feasibility analysis and may involve additional charges. For detailed information on the costs associated with Dedicated Support, the Customer should contact their Account Manager or Pipefy Support.

6. Items included in the Support scope:

(a) Provision of 1 (one) executive report on information security and data privacy during the last quarter of the current financial year, upon request. This report will be provided free of charge if requested at least 45 days in advance, as specified in Clause 15.6 of the Terms of Use.

(b) API assistance for plans higher than Business;

(c) Identification and resolution of issues within the Pipefy Solution;

(d) Root cause analysis (available 2 business days after the service outage is resolved);

(e) Investigation of usage or system issues;

(f) Assistance with tool-related questions;

(g) Identification and reporting of bugs; and

(h) Support for service outages and instability issues reported at https://status.pipefy.com/.

7. Items outside the Support scope:

(a) Preparation of more than one annual report on information security or data privacy, or on a different schedule than specified in the previous Clause, will be subject to feasibility analysis and additional associated costs;

(b) Events caused by factors beyond Pipefy's reasonable control, such as power outages at the Customer's site, malfunctioning servers and/or hardware at the Customer's site, and issues with the Customer's Internet connectivity;

(c) Questions about user code development or debugging. Support is limited to the Pipefy API and some API usage examples; 

(d) Bug fixing (coding);

(e) Support for third-party plugins, integrations, and Non-Pipefy Applications;

(f) Support in languages other than English and Portuguese;

(g) Communication via tools such as LinkedIn, WhatsApp, or any other social media; 

(h) Process modeling or providing process modeling consulting; and

(i) Changes to Customer settings and data, under data protection laws in various countries.

8. Support Contact: The primary contact with support is with the chat made available to the logged users on the Pipefy system at https://help.pipefy.com during our business hours. The Customer can monitor any interruptions and the operational availability of the Pipefy solution via the status page: https://status.pipefy.com/. Pipefy also offers and encourages the use of our Community Center, available at https://community.pipefy.com, which contains technical information relevant to the use of the Pipefy Solution.

ANNEX III - SINGLE TENANT

This Annex III regulates the access and use of Single Tenant ("ST") for data processing in the Pipefy Solution and is applicable only when such service is contracted. "Single Tenant" consists of isolating the Customer's database in a private instance, i.e. different from the Cloud shared with other Customers. 

1. ST Plans:

1.1. If the Customer exceeds the limits of the Plans as described in the table above, Pipefy is authorized to migrate the Customer’s contracted Plan to a higher level to accommodate the usage, with 48-hour notice. In any case, any additional costs resulting from such excessive usage shall be paid by the Customer.

2. Preparation Environment 

(a) All plans include an intermediate organization where API call volumes and automation job counts will be excluded from billing calculations.

(b) Automation Subprocessor does not include a staging environment and usage for testing cannot be excluded from billing calculations as there is no efficient way to separate it.

3. Resilience

(a) The Pipefy architecture is highly available and leverages fault-tolerant architecture across up to 3 availability zones in a region.

(b) Pipefy can be configured in any region where Pipefy's Cloud Subprocessor is available, according to the Customer's choice.

(c) Backups are stored in the same defined region.

(d) Full backups ("Code") of the database are performed once every twenty-four (24) hours.

(e) Each backup is retained for up to seven (7) days in the same defined region.

(f) Code (full backup): Every 6 hours; retention of up to 12 snapshots.

(g) Logs: Retained for 5 years. These logs cannot be restored. The Customer can open a ticket with Pipefy to request audit log details for these backups.

(h) Any changes made on the Web (such as deleting fields) can be safely restored via a support ticket within one hundred and eighty (180) days.

(i) Pipefy maintains backups using Amazon Aurora across at least 3 Availability Zones (AZs), which helps Pipefy revert to a previous state if needed.

4. Price and Availability. The ST plans may be contracted on a monthly, annual, or multi-year basis, as specified in the Purchase Order. They may also be available in a "pay-as-you-go" format at Pipefy's discretion, where the plan type is adjusted monthly based on the Customer's usage, and the amount due is determined by Pipefy according to the Customer's actual usage.

5. General Provisions.

5.1. Updates. Pipefy may update this Appendix or the FTS Services from time to time due to, but not limited to, changes in legislation or regulatory requirements, safety or security reasons, circumstances beyond Pipefy's reasonable control, ongoing development of the Services, and/or to adapt to new technologies. The Customer will be notified at least 30 days in advance of any changes to these Terms that have a negative impact, either by email or by in-product notification. All other changes will take effect as soon as they are posted on our website.

ANNEX IV - PIPEFY AI TERMS OF USE

This Annex IV regulates the access and use of Artificial Intelligence (AI) resources within the Pipefy Solution (Pipefy AI), effective from the date of first use of such resources by the Customer. If any of the Pipefy AI features are offered as a beta service, the Customer acknowledges that the use of these features is subject to limitations and potential instabilities typical of new technology. This Annex is part of the Purchase Order along with the Terms and Conditions of the Pipefy Solution (collectively, the “Terms”) and governs the rights and obligations of the Customer in using certain optional features of the Pipefy Solution involving the use of artificial intelligence, machine learning, or similar technologies provided by Pipefy and/or its licensors (“Pipefy AI”). Capitalized terms not defined herein will have the meanings set forth in the Terms.  This Annex IV is an integral and inseparable part of the Terms and Conditions of the Pipefy Solution (the “Terms” or “Agreement”). All provisions of the Agreement not expressly modified by this Annex IV shall remain in full force and effect. In the event of any conflict between the provisions of this Annex IV and the Agreement, the provisions of this Annex IV will prevail solely for the use of Pipefy AI. For all other matters, the Agreement will continue to govern the relationship between the Parties. The Parties agree on the following:

1. Pipefy AI Features. Pipefy may provide features and capabilities of the Pipefy Solution that use artificial intelligence, machine learning, or similar technologies (“Pipefy AI”). These features may be developed by Pipefy and/or by Pipefy’s third-party providers, per Pipefy’s Privacy Policy. The Customer acknowledges and agrees that Pipefy may use subprocessors to provide Pipefy AI features. Pipefy and its subprocessors exclusively own all rights, titles, and interests in Pipefy AI, including all associated intellectual property rights. Pipefy and its subprocessors exclusively own all rights, titles, and interests in Pipefy AI, including all associated intellectual property rights. The Customer is granted only a limited, non-exclusive, and non-transferable license to use Pipefy AI under these terms. The Customer acknowledges that, due to the nature of machine learning, other customers may generate identical or similar Outputs. The use of these outputs is the Customer’s sole responsibility.

2. Personal Data (as defined in Annex I). By inputting personal data and other Customer Data into Pipefy AI, the Customer authorizes Pipefy and its third-party providers to process this Personal Data to provide the Pipefy AI features and generate “Outputs.” The Customer retains ownership of the data entered (“Input”) and the results generated (“Output”), collectively referred to as “Content.” By using Pipefy AI, the Customer grants Pipefy and its third-party providers the necessary rights to process data, including personal data, for the purpose of delivering Pipefy AI features.

3. Data Security, Monitoring, and Processing. Customer data is shared and processed in real-time only for the specific request and is not retained after processing. This approach aims to prevent any permanent learning mechanisms, ensuring that Customer data is not stored or distributed while maintaining confidentiality and security. Only information under Customer control can be used for a request in Pipefy AI. The Customer is responsible for determining which data will be made available in Pipefy AI, ensuring that Pipefy AI cannot access confidential data outside this context, thus ensuring the security and privacy of information. Pipefy also undertakes not to use Customer data for training its AI models, unless otherwise agreed upon by the Parties. Additionally, Pipefy reserves the right to monitor the use of Pipefy AI to prevent, detect, and correct abusive, illegal, or unauthorized usage, as well as to address technical issues.

4. AI Results. The Customer may choose to provide information, data, and other content for processing by Pipefy AI (“Input”) and receive results based on the Input (“Output”), collectively referred to as “AI Results.” By using Pipefy AI, and to the extent permitted by applicable law, the Customer retains ownership of AI Results generated with its specific data and is solely responsible for them, including compliance with relevant laws and Agreement terms, except for Outputs related to suggestions that may be identical or similar to those provided to other Customers and will not be owned by the Customer. Inputs and Outputs are collectively referred to as “Content.”

5. Customer Use and Responsibilities. The Customer is responsible for ensuring that any use of Pipefy AI, including providing or making available an Input and using the Output, complies with applicable law and does not infringe third-party rights, including intellectual property and privacy rights. The Customer is solely responsible for the content generated through Pipefy AI and for any decisions based on these Outputs.

6. Content Use and AI Improvements. Pipefy (i) does not claim any ownership of Customer Content; (ii) will use Content as necessary to provide, improve, and maintain AI Features and the Pipefy Solution, including transmitting Input and receiving Suggestions from its service providers, if applicable, complying with the law, and enforcing its security policies; and (iii) will not be responsible for the accuracy, quality, and legality of the Suggestions. AI and machine learning models may improve over time to better serve specific use cases. Pipefy may compile statistical, technical, and usability data from Pipefy AI, as well as use Feedback voluntarily provided by the Customer to enhance the Solution, as regulated by the Agreement.

7. Warranties. Although Pipefy uses advanced techniques to ensure that AI responses are as accurate as possible, it is important to recognize that AI is constantly evolving and may present errors or inconsistencies. As such, Pipefy does not guarantee the accuracy, reliability, completeness, or fitness for a particular purpose of the results generated by AI functionalities. Pipefy AI is provided “as is” and “as available,” and the use of Outputs is at the Customer’s own risk. Pipefy does not warrant that Pipefy AI will be error-free, uninterrupted, or suitable for any specific purpose. The Customer bears full responsibility for the information entered and obtained through Pipefy AI, and such information should not be considered as the sole source of truth or supersede review by a qualified professional. The Customer should not rely on statements, output designs, workflow/processes, or output codes without independently verifying their accuracy and suitability for specific needs. No information, suggestion, or Result generated by AI will constitute any warranty not explicitly stated in this Annex. 

8. Restrictions. The Customer may not use the Pipefy AI functionalities or Output information to: (a) develop base models or other large-scale models that compete with Pipefy AI; (b) deceive third parties into believing that the Output was generated exclusively by humans; (c) violate any technical documentation, usage guidelines, or established parameters; (d) make automated decisions that may negatively impact individual rights without appropriate human oversight; and/or (e) infringe, violate, or misappropriate any rights of Pipefy or third parties; (f) generate offensive, discriminatory, or illegal content; and (g) engage in illegal or fraudulent activities. 

Additionally, the Customer: (h) will not use Pipefy AI and Content in violation of the Agreement and this Annex IV, third-party rights, any applicable laws, or other requirements provided by Pipefy; (i) is solely responsible for the development, operation, maintenance, and use of the Content; (j) agrees to defend, indemnify, and hold Pipefy harmless from all third-party claims arising from the Customer’s use of Pipefy AI in violation of the Agreement, this Annex IV, or where any Input, Output, or Result generated by the Customer using Pipefy AI infringes or misappropriates third-party intellectual property rights, proprietary rights, or any applicable laws; (k) instructs Pipefy to process Content in accordance with this Annex IV, including processing Content with its Subprocessors or Pipefy providers related to Pipefy AI; (l) acknowledges and agrees that if using any non-Pipefy Application to process Content, it is solely responsible for complying with the applicable terms and conditions and privacy policy of such non-Pipefy Applications and for its use of such Non-Pipefy Applications; and (m) acknowledges and agrees that Pipefy AI is not operated by a human and the Output is not generated by humans. 

9. Pricing and Availability. Access to Pipefy AI is managed through a credit system (“AI Credits”). Each Plan in the Pipefy Solution will include an initial allocation of AI Credits, and additional credits may be purchased separately, as needed and/or as agreed between the Parties in the Purchase Order, through contracting with Pipefy. The number of credits available will vary according to the Plan purchased and as detailed on the Pipefy pricing page, as indicated in Section 1 of the Agreement.

9.1. AI Credits will be renewed monthly, according to the term of the contracted Plan, and are non-cumulative. Unused credits until the end of each month will not be refunded. The Super Admin(s) may monitor credit usage through the Pipefy Solution’s Admin Dashboard.

10. Updates and Modifications. Pipefy may update this Annex or the Pipefy AI services periodically due to, among other reasons, changes in legislation or regulatory requirements, security or protection reasons, circumstances beyond Pipefy’s reasonable control, changes resulting from the ongoing development of the Services, and/or to adapt to new technologies. The Customer will be informed of any changes to these Terms that may negatively impact the use of the services with at least 30 days’ notice, via email or product notification. All other changes will take effect as soon as they are posted on our website. If the Customer does not agree with the changes, they must cease using Pipefy AI after their credits expire.

11. Limitation of Liability. Under no circumstances will Pipefy or its third-party providers be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, use, reputation, or other intangible losses resulting from the use or inability to use AI functionalities.

12. Term and Termination. The Customer may access and use Pipefy AI while complying with the terms of this Annex. Pipefy may modify, discontinue, or cancel access to Pipefy AI, in whole or in part, under the provisions of the Agreement. In the event of termination, for any reason, the Customer must immediately cease using Pipefy AI and will no longer have access to Pipefy AI features.

Updated on August 28, 2024.