Compliance

Compliance at UiPath

At UiPath, compliance is treated seriously. We make efforts every day to to make sure compliance is integrated into our processes and behaviours.

We strongly encourage our employees and our partners (customers, resellers, agents, suppliers, etc.) to act in compliance with the applicable legislation and with the UiPath Code of Conduct.

 

UiPath Internal Code of Conduct

The Internal Code of Conduct is applicable to all employees, freelancers, those employed by carriers or other contingent workers acting on behalf of UiPath or having access to UiPath systems including its subsidiaries and affiliates to ensure they act in good faith, with integrity and consistent with the Company’s values in order to maintain effective trust and credibility with our employees, customers, business partners and communities in which we operate.

The UiPath Internal Code of Conduct is available here.

Report Ethics & Compliance Concerns

Any breach of the UiPath Code of Conduct, UiPath policies or the law is taken seriously. Any such concerns should be reported at legal.compliance@uipath.com.
If you wish to report anonymously you can use the following means:
Web app: uipath.ethicspoint.com
Mobile app: uipathmobile.ethicspoint.com 
Hotline: There are dedicated lines for each country where UiPath has an entity. Access uipath.ethicspoint.com and select the country you are located in. This action will display you the hotline number for your country.

 

Global Partner Code of Conduct

This Global Partner Code of Conduct (the “Code”) sets out our expectations and defines the minimum standards of business conduct and business practices applicable to all UiPath clients, resellers, consulting partners, vendors, OEMs, suppliers, agents, entities and/or individuals who do business with or on behalf of UiPath (the “Partners”).

 

All Partners are expected to comply with this Code of Conduct.

The Global Partner Code of Conduct is available here.

 

Privacy & Security Compliance

ISO 27001: UiPath maintains an ISO/IEC 27001:2013 certification that covers our core product lines and main development locations. This attests to our commitment to maintaining and improving an information security management system (ISMS) that protects confidential information collected, processed, or otherwise impacted during the product development and maintenance lifecycle, covering the analysis, design, development and global delivery by UiPath on customer premise (on-prem), by using cloud service and/or acting as a cloud service provider. The scope of the ISMS includes the following UiPath product lines and we are working on adding new products to the list every year:

 

UiPath Core Platform
Studio Studio X Robot
Agent Desktop Orchestrator Activity Packs
  Insights  
UiPath Cloud Platform
Cloud Portal Cloud Services (Document Understanding, Computer Vision, Licensing, Orchestrator) Automation Hub

 

AICPA SOC

 

SOC 2 Type 1: UiPath, Automation Cloud has received its System and Organization Controls 2 (SOC 2) Type 1 certification. This certification, developed by the American Institute of Certified Public Accountants (AICPA), validates that UiPath securely manages customer data and demonstrates its commitment to enterprise-grade security for the Automation Cloud. To help organizations around the world use automation to become faster and more agile in the face of increased demand and rapidly changing environments, the UiPath Automation Cloud enables customers to start their RPA deployments instantly and scale up over time without compromising security or requiring high upfront costs.

Receiving SOC 2 certification meant UiPath demonstrated the achievement of service commitments and system requirements based on the security, confidentiality, and availability trust services criteria. UiPath partnered with CPA firm Schellman & Company, LLC to undertake this certification.

GDPR: UiPath has one of its main headquarters in the European Union, which makes UiPath subject to the GDPR, one of the strictest data protection laws around the world. Since UiPath is committed to respecting your privacy, we implement the GDPR principles in all UiPath entities. Please check here our global Privacy Policy.

 

Privacy Shield: UiPath is an active participant of the Privacy Shield Framework. The purpose of Privacy Shield is to ensure that when personal data is transferred from the European Union or Switzerland to the United States, the data protection legislation is observed and implemented. Please find here the details of UiPath’s participation to the Privacy Shield Framework.

When GDPR became effective, UiPath has signed Standard Contractual Clauses with its affiliates and has imposed GDPR policies and standards, globally, among its entities. Privacy Shield was used by UiPath as an additional transfer mechanism and not as the primary transfer mechanism, which is why the recent ruling of the European Court of Justice does not affect the protection or transfer of personal data of European customers. With its sub-processors, UiPath has concluded data processing agreements in accordance with GDPR, ensuring that any transfer mechanism used will be in compliance with the European legislation.

CCPA: UiPath complies with the California Consumer Privacy Act of 2018 (CCPA) by applying the common privacy principles of CCPA and GDPR to the more rigorous standard of the latter. UiPath does not sell customer data and only shares it with third parties acting as its service providers, who consequently process data solely on our behalf, in order to meet their contractual obligations. Otherwise, UiPath only shares data as directed by you or with your consent. As your service provider, UiPath only processes personal data used with UiPath cloud products for the purpose of providing you the service and product functionalities, as directed by you.

 

HIPAA: If you are a Covered Entity or a Business Associate under the Health Insurance Portability and Accountability Act, a US healthcare regulation, please use our products installed on premise. When using our on premise product, no customer data will be received, stored or processed by UiPath. This is important since UiPath does not wish to fall under HIPAA and thus, Protected Health Information cannot be used with UiPath cloud products.

 

Paris Call for Trust and Security in Cyber Space: UiPath joined a global call for Nation States, Companies and Civil Society to come together and face the increasing threats endangering citizens and infrastructure in cyberspace. It is based around nine common principles to secure cyberspace and the commitment to adopt responsible behavior. Discover the 9 principles here.

 

Contact us at privacy@uipath.com for questions about our privacy and security compliance program.

 

Vendor Risk Management

We have a Vendor Risk Management Program in place to ensure we assess the security posture of critical providers and that all that all vendors and contractors that have access to UiPath data and/or systems attest to confidentiality and security requirements. All such providers are required contractually to implement a level of security as described in our Security standard, available here. Moreover, they are contractually required to comply with our internal security policies and procedures, as applicable to the nature of the service provided.

 

We retain the right to perform audits on our vendors and to request audit reports. Any findings that might pose a risk to UiPath’s data or systems will be subject of a remediation plan that the vendor is required to implement.

 

Anti-Bribery and Anti-Corruption Statement

UiPath adheres to a Zero Tolerance approach towards corruption and bribery. We do not bribe and cannot be bribed, and we do not engage in situations that might leave the impression of corrupt practices.

 

To make sure that these standards reach all our personnel, we created an Anti-Bribery program which consists of an Anti-Bribery Policy that is published and disseminated internally; an annual training for all personnel, making sure that Anti-Bribery provisions are always included in the agreements we undertake.

 

Our policy specifically references that all Gifts and Hospitalities must be modest, transparent, of low value and in accordance with the laws. UiPath prohibits the offering of anything, regardless of the value, with the corrupt intention to obtain an unfair advantage for UiPath.

 

Anti-Slavery and Anti-Human Trafficking Statement

UiPath recognises the seriousness and importance of combatting modern slavery and human trafficking. With respect to its employees and the operations of its business, UiPath is committed to ensuring the highest standards of welfare, safety and business practice, in accordance with all relevant legislation.

 

The Anti-Slavery and Anti-Human Trafficking Statement is available here.

Export Control

UiPath is keen on complying with export control regulations and therefore we expect every 3rd party we do business with to abide by all export control regulations as set forth by (i) the U.S. Department of Commerce Export Administration Regulations (EAR), U.S. Department of State International Traffic in Arms Regulations (ITAR) or other requirements of the U.S. Government; (ii) European Commission regulations; (iii) United Nations Security Council resolutions (the “Export Control Regulations”) regulating the export and reexport of the UiPath RPA Platform. We also expect our business partners not to be named on any Export Control Regulations list of restricted parties and not to be involved in dealings with entities and individuals that are sanctioned or that are located in countries subject to trade embargoes or economic sanctions.

Equal Opportunity Employer

UiPath is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed and expect our Partners (i) to offer equal employment opportunity for all job applicants and employees, (ii) to provide all employees a work environment free of discrimination and harassment of any kind and (iii) to take all employment related decisions without regard to race, color, religion or belief, national, social or ethnic origin, sex, pregnancy, age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by any and all similar laws.

Exclusion of AntiSocial Forces

We maintain an adequate policy for exclusion of anti-social forces in Japan. The latest version is available here.

Safe Harbor Statement

Some UiPath materials may contain forward-looking statements. Forward-looking statements include all statements that are not historical facts, and in some cases, can be identified by terms such as “anticipate,” “believe,” “estimate,” “expect,” “intend,” “may,” “might,” “plan,” “project,” “will,” “would,” “should,” “could,” “can,” “predict,” “potential,” “continue,” or the negative of these terms, and similar expressions that concern our expectations, strategy, plans or intentions. By their nature, these statements are subject to numerous risks and uncertainties, including factors beyond our control, that could cause actual results, performance or achievement to differ materially and adversely from those anticipated or implied in the statements. Although our management believes that the expectations reflected in our statements are reasonable, we cannot guarantee that the future results, levels of activity, performance or events and circumstances described in the forward-looking statements will be achieved or occur. Recipients are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date such statements are made and should not be construed as statements of fact.

This information is subject to change at any time without prior notice. Actual results and future plans may differ significantly as a result of, among other things, changes in product strategy. This presentation is not a commitment to deliver any material, or functionality. Any purchase of software by customers should neither be contingent on the delivery of any future functionality or features, nor dependent on any oral or written public comments made by UiPath regarding future functionality or features.