Q: Does UiPath conform to any information security standards and regulations?
ISO/IEC 27001 - UiPath has achieved ISO/IEC 27001: 2013 Certification for all of our Core Platform and Cloud Platform products.
Veracode - UiPath has achieved Veracode Continuous Certification for our products.
SOC 2 - (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service. SOC 2 is on our Compliance roadmap and we are expecting to have our first report in Q3 2020.
For information on our regulatory compliance program, please check our Compliance page.
Q: Does UiPath share the data used with our products with third parties?
UiPath does not share nor has access to your data when you use UiPath products installed on premise.
UiPath shares customer data with its sub-processors, when you are using UiPath cloud products.
For more information about how UiPath processes personal data used with UiPath products please check our Privacy section.
Q: Is data used with UiPath cloud products encrypted?
UiPath encrypts customer data in transit and at rest.
All customer data stored within UiPath cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ to protect it from unauthorized disclosure or modification.
Customer data stored in UiPath cloud products and services is AES encrypted at rest.
Q: Is Transport Layer Security (TLS) always used for communications to UiPath cloud products?
Yes, all UiPath Cloud systems only use TLS for communication. In line with Industry standards, we have disabled TLS 1.0, TLS 1.1, and all versions of SSL.
Q: How are passwords for UiPath products stored?
User passwords are cryptographically hashed within all UiPAth products. Robot passwords are encrypted with AES 256 bit encryption.
Q: I found a vulnerability in one of your products, how do I report it?
If you are a member of our Bug Bounty program, please report it there.
If you are not a member of the program, please let us know immediately by contacting us directly at firstname.lastname@example.org.