Pipefy is committed to ensuring that the use of Artificial Intelligence (AI) within the Pipefy Solution is carried out in a secure and transparent manner, in compliance with global data protection laws such as the LGPD (Brazil’s General Data Protection Law) and the GDPR (European Union General Data Protection Regulation).
🧩 Our Promise on the Use of AI
Pipefy AI is designed to help you automate tasks, generate insights, and improve workflows — without compromising privacy, security, or control over your data. When you use Pipefy AI, your information is processed securely and in isolation within your Pipefy environment. We do not use your data, nor the content of your processes, to train public or shared AI models.
🔐 Security and Governance
Protecting your data is at the core of everything we do.
We adopt international information security standards, including ISO/IEC 27001 and ISO/IEC 27701, along with robust measures such as:
Encryption in transit (TLS) and at rest (AES-256);
Data Loss Prevention (DLP) mechanisms and automatic content moderation;
Tenant-level auditing and logging for traceability and security;
Periodic internal and external reviews conducted by our AI Governance Committee (Legal, DPO, Security, and Product).
⚖️ Transparency and Ethics
We know that trust is built through transparency.
For this reason, we maintain a public page (“AI Trust Page”) where you can find information and guidance about Pipefy AI, including responsible use policies and best practices, as well as technical details such as available administrative controls, among others.
👁️🗨️ Human Review and Accountability
AI-generated outputs may contain inaccuracies or biases. Therefore, whenever possible, they should be reviewed and validated by a human user before practical application.
In regulated industries (such as insurance, financial services, or the public sector), documented human review is even more strongly recommended, especially for decisions with legal or contractual impact.
This practice ensures transparency, auditability, and compliance with regulatory standards.
📊 Technical Data and Telemetry
To ensure platform stability and continuous improvement, Pipefy collects anonymized technical data such as response time, token volume, and performance metrics.
This information does not include the content of your processes and does not allow the identification of any user.
🧾 Your Control, Our Responsibility
You retain full ownership of your inputs and outputs.
Pipefy does not share, sell, or reuse your data outside of your Pipefy environment.
Pipefy’s subprocessors are configured not to use your data for model training and to fully respect confidentiality.
🌍 Commitment to Privacy and Global Compliance
Our commitment is to ensure that AI functionalities comply with data protection laws and principles of digital ethics. To that end, we follow the LGPD, GDPR, the EU AI Act, and other relevant regulations, ensuring that the use of artificial intelligence is always transparent, responsible, and secure.
“Pipefy AI is an ally of productivity, not a threat to privacy.”
⚖️ Ethics Channel: Integrity in AI
We value ethics and transparency across all our innovations. To ensure our systems operate at the highest standards, Pipefy provides an ethics channel for reporting ethical concerns related to Artificial Intelligence. If you identify any practice or behavior that is inconsistent with our principles and/or applicable legislation, please submit a report:
Where to access: Go to https://www.pipefy.com/pt-br/etica-e-compliance/ and select the option “Contact our Compliance team”. When submitting the report, select the report type: “Artificial Intelligence (AI) Misconduct.”
📬 Questions or Requests?
You may contact our Data Protection Officer (DPO) at dpo@pipefy.com with questions about:
Use of AI and privacy;
Deletion rights (“right to be forgotten”);
AI subprocessors and data regions.